Re: NT4 to 2003 with Dell2650
From: Jason Tan (v-jasont_at_online.microsoft.com)
Date: 03/17/05
- Next message: Jason Tan: "Re: Migrate users/passwords"
- Previous message: mhorosky: "Re: NT Server to 2003 migration"
- In reply to: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Next in thread: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Reply: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Mar 2005 11:11:52 GMT
Hi Gary,
Thanks for your response!
I am glad to provide you the following information for your reference:
----How do the XP clients know where to logon to as they are currently
assigned IP's from the NT4 DHCP server? Can ADMT export settings to XP
clients so the next time they logon they create a new profile for 2003,
using the old domain profiles (C:\Documents and
Settings\MyUser.domain1\).That step is quite important as I would get hung
if I lost their desktop settings!
Generally, after the complement of the migration from Windows NT 4.0 domain
to Windows 2003 Domain, Windows XP client may choose to login to the new
domain in logon interactive interface. The client machines computer and
user profiles has been migrated to the new domain. That is to say, the
client machine should be a member of the new domain. If users login to the
new domain, their old user profiles should not be changed, by default they
are located in C:\Documents and Settings\MyUser.newdomain (the folder name
depends on the mode of translating of user profile).
----- I created a *.pex on server2003 & moved it onto the NT4 server, then
installed the Pwmig.exe on the NT4 server and pointed it to the *.pex file
locally -Is that correct and which part of the ADMT process above uses that?
It is a process to configure the domains to support password migration. For
detailed information, please refer to the following steps:
Password Export Server (PES)
You can turn on interforest password migration by installing a DLL that
runs in the context of LSA. By running in this protected context, passwords
are shielded from being accessed by client applications. A Shared Secret
Key is created by ADMT 2.0 and stored on the PES server to encrypt the
password as it migrates. The DLL must be installed by an administrator.
To install the password migration DLL:
Note: We recommend that the source domain's password export server be a
backup domain controller (BDC) dedicated for this purpose.
1. Install 128-bit encryption on any password export server (PES).
Note: On Windows NT 4.0 domain controllers, there is no international
128-Bit Service Pack (U.S. only). Therefore, the only way to get 128-bit
encryption on a Windows NT 4.0 computer is to install the Microsoft
Internet Explorer 5.01 or later High Encryption Pack, which installs
128-bit encryption.
2. Install 128-bit encryption on the computer running ADMT.
3. Log on as an administrator or equivalent to the computer on which ADMT
2.0 is installed.
4. At a command prompt, run the command to create the password export key
(.pes) file:
ADMT KEY <sourcedomain> <path> [* | password]
Where <sourcedomain> is the NetBIOS or DNS name of the source domain and
<path> is the file path where the key will be created. The path must be
local, but can point to a removable media drive, such as a floppy disk
drive, ZIP drive, or CD-RW drive. If you type the optional password at the
end of the command, ADMT protects the .pes file with the password. If you
type the asterisk (*), ADMT prompts for a password, and the system will not
show it as it is typed.
5. Move the .pes file you created to the designated password export server
in the source domain. This can be any domain controller, but make sure it
has a fast, reliable link to the computer running ADMT.
6. Install the Password Migration DLL on the password export server by
running the Pwmig.exe tool, located in the I386\Admt folder on the Windows
Server 2003 installation media, or in the folder in which you downloaded
ADMT 2.0 from the Internet.
7. When prompted, specify the path to the .pes file that you created. This
must be a local file path.
8. When the installation is complete, restart the server.
9. If you are ready to migrate passwords, modify the following registry key
to have a DWORD value of 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AllowPasswordExport
Note: For maximum security, do not complete this step until you are ready
to migrate.
I hope my information helps. If there is anything that is unclear, please
feel free to let me know.
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Jason Tan: "Re: Migrate users/passwords"
- Previous message: mhorosky: "Re: NT Server to 2003 migration"
- In reply to: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Next in thread: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Reply: Gary Brett: "Re: NT4 to 2003 with Dell2650"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
