Re: NT4->2003 Computer Account Migration Problem

---

• From: v-franhe@xxxxxxxxxxxxx (Frances [MSFT])
• Date: Fri, 06 May 2005 08:31:33 GMT

---

Hello Brian,

Thanks for the reply.

After double confirming the domain admin's rights, I understand that in
win2k3 domain, domain admin is by default the computer's local admin.

Please refer to the following article. Specially notice the snippet "Groups
in the Users container". When referring to Domain Admins Group, the
comments are as follows:

By default, this group is a member of the Administrators group on all
domain controllers, all domain workstations, and all domain member servers
at the time they are joined to the domain.

Default groups
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/1631acad-ef34-4f77-9c2e-94a62f8846cf.mspx


At this point, I would like to gather the admt logs from you.

Active Directory Migration Tool creates several log files in the Logs
folder under the Active Directory Migration Tools folder on the computer on
which the tool is installed. User and group migration progress is recorded
in Migration.log; dispatcher progress is recorded in Dispatcher.log; and
the progress of the Trust Migration Wizard is recorded in Trust.log.
Additionally, the progress of each agent is recorded in log files named for
the computer to which the agents are dispatched. These log files are
located in the Agents folder under the previously mentioned Logs folder.
Each agent also records information a Dctlog.txt file which is created in
the folder specified by the %TEMP% variable on each computer to which an
agent is dispatched.

Please send the log files to v-franhe@xxxxxxxxxxxxx for research. I will
try to find some clues from them.

I have reviewed the information you offered and understood that you are not
domain admin in the win2k3 domain. You mentioned that your account was a
member of a group which had full rights to the computer accounts within the
OU.

So I suggest that you delete the computer accounts in the win2k3 domain,
and remigrate the computers using a specific account to perform migration
task. Please use the following TEST account to run ADMT.

NOTE: The TEST account is used to perform migration task. The NT domain is
called Domain, destination is Win2k3Dom.

1. Add NT Domain Admin to Win2k3Dom Domain admins group and Win2k3Dom
built-in administrators.

2. Add Win2k3Dom Domain admins group to NT Domain admins group and built-in
administrators group.

3. Assume the account TEST is the NT domain account, add TEST to NT
built-in administrators group and NT Domain admins group. Therefore, TEST
account will have the full control permission to NT domain every clients
and the DC, it also has the permission on Win2k3Dom DC.

4. Use TEST to logon to the Win2k3Dom DC to perform ADMT migration.

What Shawn said also makes sense. Please make sure your workstation DNS is
set up correctly (i.e. pointing to W2K3 DNS server) and that workstation is
configured properly for dynamic DNS prior to migration attempt.


Hope this helps. I am looking forward to your logs. If there is any
updates, please don't hesitate to get in touch!

Best regards,

Frances He


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• References:
  • NT4->2003 Computer Account Migration Problem
    • From: Brian
  • Re: NT4->2003 Computer Account Migration Problem
    • From: Brian
  • Re: NT4->2003 Computer Account Migration Problem
    • From: Frances [MSFT]
  • Re: NT4->2003 Computer Account Migration Problem
    • From: Brian

• Prev by Date: Re: Exporting Share Permissions
• Next by Date: Re: NT4->2003 Computer Account Migration Problem
• Previous by thread: Re: NT4->2003 Computer Account Migration Problem
• Next by thread: Re: NT4->2003 Computer Account Migration Problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NT4->2003 Computer Account Migration Problem ... It seems that the migration is successful, ... How do you know the computer is not joined to the win2k3 domain? ... If I enter the domain administrator's account, ... Add NT Domain Admin to Win2k3Dom Domain admins group and Win2k3Dom ... (microsoft.public.windows.server.migration) Re: Domain user with local administrators right ... domain account to the domain admins group, this is in turn a member of the ... with this domain account (selecting the domain from the drop down box under ... If the server is a domain controller, then there is no local administrators ... group so membership of domain admins should suffice. ... (microsoft.public.windows.server.active_directory) Re: Administrators Group in Local Users and Groups ... I have verified that an Account Operator can indeed log into a DC. ... I imagine adding themselves to the domain admins group would require a trick ... add your self to the local administrators ... (microsoft.public.windows.server.active_directory) Re: Some users unable to log into domain. ... only one account login is able to currently ... If one login was able to contact the domain, ... Ive tried two logins featured under the domain admins group, ... (microsoft.public.windows.server.active_directory) Re: Newbie question re: security principles ... Add yourself to the Domain Admins group. ... placed in the local administrators group of computers when they join ... With that account you should have administrator rights on ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)