Re: Migrate computer from NT domain to Win2K AD
From: Rebecca Chen [MSFT] (v-rebc_at_online.microsoft.com)
Date: 10/15/04
- Next message: Rebecca Chen [MSFT]: "Re: Single server enviornment migration to 2003"
- Previous message: Rebecca Chen [MSFT]: "RE: nt4 in place upgrade to windows 2003 ad"
- In reply to: Bruce Cao: "Re: Migrate computer from NT domain to Win2K AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 15 Oct 2004 10:48:03 GMT
Hi Bruce,
I believe you have encountered the same issue as a thread in this newsgroup
with the subject " Problem using ADMT to migrate computer accounts".
I would like to forward Michael's point below, DOMAIN 1 is the source
domain and DOMAIN 2 is the destination:
===========================================
Sounds like your situation is the one I describe below:
DOMAIN1 (Source)
----------
DOMAIN1\Administrators contains DOMAIN1\Domain Admins (by default) and
DOMAIN2\Administrators.
Workstations in DOMAIN1
----------
By default, WORK1\Administrators (the local administrators group on
workstations) will only contain global group DOMAIN1\Domain Admins, and NOT
the local group DOMAIN1\Administrators since it is impossible in NT 4.0 for
a local group to contain another local group.
Therefore:
----------
Simply by adding DOMAIN2\Domain Admins to DOMAIN1\Administrators does not
give access to the workstations. (DOMAIN1\Domain Admins does not contain
DOMAIN1\Administrators, it is the other way around). You can't give an
account from another domain administrative access to workstations at the
domain level, you have to add them to the local Administrators group to
each workstation.
If you run the ADMT console under the credencials of someone in
DOMAIN1\Domain Admins, you have access to all the workstations (unless
someone removed the Domain Admins group from Administrators in a
workstation).
====================================================
I believe Michael has addressed this question. Any update, let us get in
touch!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Rebecca Chen [MSFT]: "Re: Single server enviornment migration to 2003"
- Previous message: Rebecca Chen [MSFT]: "RE: nt4 in place upgrade to windows 2003 ad"
- In reply to: Bruce Cao: "Re: Migrate computer from NT domain to Win2K AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
