Re: Migration of user accounts from NT4 to 2003 AD
From: Joe Wu [MSFT] (joewu_at_online.microsoft.com)
Date: 08/27/04
- Previous message: Dustin K: "Re: admt"
- In reply to: Shaheer: "Re: Migration of user accounts from NT4 to 2003 AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Aug 2004 18:38:04 GMT
Hello Shaheer,
Thank you for your reply.
Please check the permission settings on the
[HKLM\System\CurrentControlSet\Control\LSA\] key to ensure that the SYSTEM
account and the account that runs ADMT have access to it.
After that, please let me know if you configured WINS for the name
solutions of the two domains. If not, you can create a LMHOSTS file to
ensure that the Windows NT domain can be resolved:
180094 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=180094
I hope this helps. Thanks!
Regards,
Joe Wu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
===============================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
===============================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|From: shaheer_sham@rediffmail.com (Shaheer)
|Newsgroups: microsoft.public.windows.server.migration
|Subject: Re: Migration of user accounts from NT4 to 2003 AD
|Date: 25 Aug 2004 10:00:40 -0700
|Organization: http://groups.google.com
|Lines: 145
|Message-ID: <5ac4b5b8.0408250900.5b63563c@posting.google.com>
|References: <5ac4b5b8.0408170913.3ef90bc8@posting.google.com>
<7d5301c4848a$30ed7c40$a401280a@phx.gbl>
<dOhDfUPhEHA.3452@cpmsftngxa06.phx.gbl>
|NNTP-Posting-Host: 210.18.23.165
|Content-Type: text/plain; charset=ISO-8859-1
|Content-Transfer-Encoding: 8bit
|X-Trace: posting.google.com 1093453240 26801 127.0.0.1 (25 Aug 2004
17:00:40 GMT)
|X-Complaints-To: groups-abuse@google.com
|NNTP-Posting-Date: Wed, 25 Aug 2004 17:00:40 +0000 (UTC)
|Path:
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!p
ostnews2.google.com!not-for-mail
|Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.migration:13300
|X-Tomcat-NG: microsoft.public.windows.server.migration
|
|Hi Joe,
|
|I tried the settings which you provided in the last paragraph and
|rebooted the target DC, but still the same error.
|
|Just to give you a brief background, this NT4 domain is a Novell NDS
|for NT domain so it might be something which is linked with this. I
|also tried to remove the Registry key on the source NT DC and began
|the ADMT wizard. The wizard asked me to put the TCPIPCLientRegistry
|key and I clicked "Yes", it then asked to reboot the DC. After the
|reboot of DC I tried to again run the wizard but still the same popup
|comes with the error message.
|
|Interestingly I've another NDS for NT domain which is there in place,
|I did a migration of that domain and it went through fine. I've
|referred to all the articles on the internet and newgroups but no
|luck.
|
|Can you please suggest something more.
|
|Thanks,
|Shaheer
|
|joewu@online.microsoft.com (Joe Wu [MSFT]) wrote in message
news:<dOhDfUPhEHA.3452@cpmsftngxa06.phx.gbl>...
|> Hello Shaheer,
|>
|> Thank you for your post and also thanks to Keith for the inputs.
|>
|> I would like to suggest that you check the following KB article to
ensure
|> that the Password Export Server (PES) has been correctly established for
|> the migration:
|>
|> 832221 How to configure the Active Directory Migration Tool to migrate
user
|> http://support.microsoft.com/?id=832221
|>
|> Besides, please pay attention to the following:
|>
|> 1. Please note that the account you used to run ADMT should have
|> administrator priviliges in both domains.
|>
|> 2. Service Pack 6a (SP6a) or later must be installed on Microsoft
Windows
|> NT 4.0 domain controllers.
|>
|> 3. All domain controllers must use 128-bit encryption.
|>
|> 4. The RestrictAnonymous value on the target domain controller should be
|> set to 0 during the migration.
|>
|> Please make sure that the following registry value is set on the target
|> Winodows Server 2003 domain controller:
|>
|>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous =
|> 0
|>
|> 5. The "Everyone" and "ANONYMOUS LOGON" groups should be members of the
|> Pre-Windows 2000 Compatible Access group in the target domain during the
|> migration. Please run the following commands on your target DC:
|>
|> NET LOCALGROUP "PRE-WINDOWS 2000 COMPATIBLE ACCESS" EVERYONE /ADD
|> NET LOCALGROUP "PRE-WINDOWS 2000 COMPATIBLE ACCESS" "ANONYMOUS LOGON"
/ADD
|>
|> Please check if this helps. Thanks!
|>
|> Regards,
|> Joe Wu
|> Microsoft Online Partner Support
|>
|> Get Secure! - www.microsoft.com/security
|>
|> ===============================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ===============================================
|> This posting is provided "AS IS" with no warranties, and confers no
rights.
|>
|> --------------------
|> |Content-Class: urn:content-classes:message
|> |From: "Keith" <anonymous@discussions.microsoft.com>
|> |Sender: "Keith" <anonymous@discussions.microsoft.com>
|> |References: <5ac4b5b8.0408170913.3ef90bc8@posting.google.com>
|> |Subject: Migration of user accounts from NT4 to 2003 AD
|> |Date: Tue, 17 Aug 2004 11:44:13 -0700
|> |Lines: 47
|> |Message-ID: <7d5301c4848a$30ed7c40$a401280a@phx.gbl>
|> |MIME-Version: 1.0
|> |Content-Type: text/plain;
|> | charset="iso-8859-1"
|> |Content-Transfer-Encoding: 7bit
|> |X-Newsreader: Microsoft CDO for Windows 2000
|> |Thread-Index: AcSEijDtGTzH99WASwiSb46VHCENvw==
|> |X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
|> |Newsgroups: microsoft.public.windows.server.migration
|> |Path: cpmsftngxa06.phx.gbl
|> |Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.server.migration:13137
|> |NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
|> |X-Tomcat-NG: microsoft.public.windows.server.migration
|> |
|> |I recently went through a similar migration and did not
|> |have this problem. Have you tried rebooting your PDC?
|> |Are you sure you changed the value of the registry key to
|> |the right value? Also, are you running ADMT with the
|> |right credentials? That is, I found things worked quite
|> |well if I logged into my W2K3 DC but used Run As to
|> |launch ADMT as the administrator of my NT4 domain. Also,
|> |are you sure you've generated the password export key,
|> |etc. for password migration? Finally, when it asks for a
|> |userid and password of an account with permission to
|> |export passwords, are you giving the name and password of
|> |a domain administrator in the NT4 domain?
|> |
|> |If none of that works, wait until tomorrow, and I'm sure
|> |someone from Microsoft will respond to your post
|> |overnight. Posting your question several more times
|> |won't get a response from Microsoft any sooner.
|> |
|> |You might try knowledge base article 832221
|> |
|> |>-----Original Message-----
|> |>Hi All,
|> |>
|> |>I am migrating users from a Windows NT 4.0 Domain which
|> is a part of
|> |>NDS for NT to a Windows Server 2003 Domain. I've gone
|> though
|> |>microsoft KB=Q325851 and followed the exact steps for
|> migration.
|> |>Please note that I am migrating SID history as well from
|> NT domain.
|> |>
|> |>At the step where it asks for User credentials for the
|> source NT
|> |>domain and attempts to click next to continue, I get an
|> error: "The
|> |>PDC for the souce domain is not rebooted after setting
|> the
|> |>TcpipClientSupport Registry Key or PDC cannot be
|> contacted"
|> |>
|> |>Can someone though some light on this.
|> |>
|> |>Thanks,
|> |>Shaheer
|> |>.
|> |>
|> |
|
- Previous message: Dustin K: "Re: admt"
- In reply to: Shaheer: "Re: Migration of user accounts from NT4 to 2003 AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
