Re: Problem using ADMT to migrate computer accounts
From: Michael (nospam_at_nospam.no)
Date: 09/14/04
- Next message: Michael: "Re: Win NT to Win 2003 Migration"
- Previous message: Ed Luhrs: "Win NT to Win 2003 Migration"
- In reply to: anonymous_at_discussions.microsoft.com: "Problem using ADMT to migrate computer accounts"
- Next in thread: Draco: "Re: Problem using ADMT to migrate computer accounts"
- Reply: Draco: "Re: Problem using ADMT to migrate computer accounts"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 14 Sep 2004 18:10:35 +0200
Draco,
Sounds like your situation is the one I describe below:
DOMAIN1 (Source)
----------
DOMAIN1\Administrators contains DOMAIN1\Domain Admins (by default) and
DOMAIN2\Administrators (you put it there).
Workstations in DOMAIN1
----------
By default, WORK1\Administrators (the local administrators group on
workstations) will only contain global group DOMAIN1\Domain Admins, and NOT
the local group DOMAIN1\Administrators since it is impossible in NT 4.0 for
a local group to contain another local group.
Therefore:
----------
Simply by adding DOMAIN2\Domain Admins to DOMAIN1\Administrators does not
give access to the workstations. (DOMAIN1\Domain Admins does not contain
DOMAIN1\Administrators, it is the other way around). You can't give an
account from another domain administrative access to workstations at the
domain level, you have to add them to the local Administrators group to each
workstation.
If you run the ADMT console under the credencials of someone in
DOMAIN1\Domain Admins, you have access to all the workstations (unless
someone removed the Domain Admins group from Administrators in a
workstation).
Good luck, post if you need a better explanation.
Michael S.
<anonymous@discussions.microsoft.com> escribió en el mensaje
news:215901c49a69$9ead2f10$a401280a@phx.gbl...
> Below is a copy of the agent log. I do not know why it
> says that it can not find the computer, the client can
> see and access files on both the source PDC and the
> Target DC.
>
> 2004-09-14 10:22:41 Created account input file for remote
> agents: DCTCache.003
> 2004-09-14 10:22:41 Installing agent on 1 servers
> 2004-09-14 10:22:41 The Active Directory Migration Tool
> Agent will be installed on \\VLAD
> 2004-09-14 10:22:41 WRN1:7290 Processor architecture for
> machine \\VLAD is unknown, Error accessing registry key
> SYSTEM\CurrentControlSet\Control\Session
> Manager\Environment rc=5 Access is denied.
> 2004-09-14 10:22:41 ERR2:7006 Failed to install agent on
> \\VLAD, rc=5 Access is denied.
> 2004-09-14 10:22:41 ERR2:7005 Failed to launch agent on
> \\VLAD, hr=80070005 Access is denied.
> 2004-09-14 10:22:42 All agents are installed. The
> dispatcher is finished.
> >-----Original Message-----
> >Hello all,
> >
> >I have a problem using ADMT to migrate computer
> accounts.
> >I'm able to move groups, users, and the computer
> accounts
> >themselves but the client agents will not install. All I
> >get in the logs is "Access is denied". I double check
> the
> >trust and the source domain's admin group includes the
> >target's domain admin group. Liked I said before I'm
> able
> >to move the computer account itself but without the
> agent
> >installing I still have to manually join the client
> >computer to the new domain, and create user profiles on
> >the client for the new domain, then move the users
> >previous profile to the new. All this manual labor kind
> >of defeats the purpose of using the ADMT in the first
> >place. I wonder if any of you have seen this problem
> >before and know of a solution. Any comments of
> >suggestions will be appreciated. Thanks.
> >.
> >
- Next message: Michael: "Re: Win NT to Win 2003 Migration"
- Previous message: Ed Luhrs: "Win NT to Win 2003 Migration"
- In reply to: anonymous_at_discussions.microsoft.com: "Problem using ADMT to migrate computer accounts"
- Next in thread: Draco: "Re: Problem using ADMT to migrate computer accounts"
- Reply: Draco: "Re: Problem using ADMT to migrate computer accounts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
