Re: Problem using ADMT to migrate computer accounts

From: Draco (anonymous_at_discussions.microsoft.com)
Date: 09/14/04

Next message: Joe: "Error in SQL Enterprise Manager after migrating a user & their WS"
Previous message: Michael: "Re: Win NT to Win 2003 Migration"
In reply to: Michael: "Re: Problem using ADMT to migrate computer accounts"
Next in thread: Rebecca Chen [MSFT]: "Re: Problem using ADMT to migrate computer accounts"
Reply: Rebecca Chen [MSFT]: "Re: Problem using ADMT to migrate computer accounts"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 14 Sep 2004 10:17:14 -0700

It worked fine execpt that it did not automatically
reboot the computer. Now, I can migrate users but it does
carry all the user rights (i did specified that on the
tool). I can not access resources in the source without
having to give my user credentials for the source domain.

Thanks for you help.
>-----Original Message-----
>
>Draco,
>
>Sounds like your situation is the one I describe below:
>
>DOMAIN1 (Source)
>----------
>DOMAIN1\Administrators contains DOMAIN1\Domain Admins
(by default) and
>DOMAIN2\Administrators (you put it there).
>
>Workstations in DOMAIN1
>----------
>By default, WORK1\Administrators (the local
administrators group on
>workstations) will only contain global group DOMAIN1
\Domain Admins, and NOT
>the local group DOMAIN1\Administrators since it is
impossible in NT 4.0 for
>a local group to contain another local group.
>
>Therefore:
>----------
>Simply by adding DOMAIN2\Domain Admins to DOMAIN1
\Administrators does not
>give access to the workstations. (DOMAIN1\Domain Admins
does not contain
>DOMAIN1\Administrators, it is the other way around). You
can't give an
>account from another domain administrative access to
workstations at the
>domain level, you have to add them to the local
Administrators group to each
>workstation.
>
>If you run the ADMT console under the credencials of
someone in
>DOMAIN1\Domain Admins, you have access to all the
workstations (unless
>someone removed the Domain Admins group from
Administrators in a
>workstation).
>
>Good luck, post if you need a better explanation.
>
>Michael S.
>
><anonymous@discussions.microsoft.com> escribió en el
mensaje
>news:215901c49a69$9ead2f10$a401280a@phx.gbl...
>> Below is a copy of the agent log. I do not know why it
>> says that it can not find the computer, the client can
>> see and access files on both the source PDC and the
>> Target DC.
>>
>> 2004-09-14 10:22:41 Created account input file for
remote
>> agents: DCTCache.003
>> 2004-09-14 10:22:41 Installing agent on 1 servers
>> 2004-09-14 10:22:41 The Active Directory Migration Tool
>> Agent will be installed on \\VLAD
>> 2004-09-14 10:22:41 WRN1:7290 Processor architecture
for
>> machine \\VLAD is unknown, Error accessing registry key
>> SYSTEM\CurrentControlSet\Control\Session
>> Manager\Environment rc=5 Access is denied.
>> 2004-09-14 10:22:41 ERR2:7006 Failed to install agent
on
>> \\VLAD, rc=5 Access is denied.
>> 2004-09-14 10:22:41 ERR2:7005 Failed to launch agent on
>> \\VLAD, hr=80070005 Access is denied.
>> 2004-09-14 10:22:42 All agents are installed. The
>> dispatcher is finished.
>> >-----Original Message-----
>> >Hello all,
>> >
>> >I have a problem using ADMT to migrate computer
>> accounts.
>> >I'm able to move groups, users, and the computer
>> accounts
>> >themselves but the client agents will not install.
All I
>> >get in the logs is "Access is denied". I double check
>> the
>> >trust and the source domain's admin group includes the
>> >target's domain admin group. Liked I said before I'm
>> able
>> >to move the computer account itself but without the
>> agent
>> >installing I still have to manually join the client
>> >computer to the new domain, and create user profiles
on
>> >the client for the new domain, then move the users
>> >previous profile to the new. All this manual labor
kind
>> >of defeats the purpose of using the ADMT in the first
>> >place. I wonder if any of you have seen this problem
>> >before and know of a solution. Any comments of
>> >suggestions will be appreciated. Thanks.
>> >.
>> >
>
>
>.
>

Next message: Joe: "Error in SQL Enterprise Manager after migrating a user & their WS"
Previous message: Michael: "Re: Win NT to Win 2003 Migration"
In reply to: Michael: "Re: Problem using ADMT to migrate computer accounts"
Next in thread: Rebecca Chen [MSFT]: "Re: Problem using ADMT to migrate computer accounts"
Reply: Rebecca Chen [MSFT]: "Re: Problem using ADMT to migrate computer accounts"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Migrate computer from NT domain to Win2K AD
... Workstations in DOMAIN1 ... workstations) will only contain global group DOMAIN1\Domain Admins, ... a local group to contain another local group. ... you have to add them to the local Administrators group to ...
(microsoft.public.windows.server.migration)
Re: Problem using ADMT to migrate computer accounts
... Workstations in DOMAIN1 ... workstations) will only contain global group DOMAIN1\Domain Admins, ... a local group to contain another local group. ... > Below is a copy of the agent log. ...
(microsoft.public.windows.server.migration)
Re: 2003 Domain Admins in NT4 Domain
... You are right that if you only add 2003\Domain Admins group to ... > to control NT4 workstations, the account must to be the NT4\Domain Admins. ... and thus it won't be added into local administrators group in NT ...
(microsoft.public.windows.server.migration)
Re: Rid AD of Circular Group Membership
... and have use on members if it is used there. ... Administrators group is still intact), nor do they have empowerments over ... Admins is being used for by the 30+ can be delegated I(ex. ... The quess is each has an account and uses it, ...
(microsoft.public.windows.group_policy)
Domain Global Groups in Workstation Local Admin Groups
... I want to create Global security groups, and populate the workstations local ... My problem is that I only want our functional software admins to have admin ...
(microsoft.public.windowsxp.security_admin)