RE: ADMT local user profile migration
- From: "Dipti" <Dipti@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 5 Oct 2005 14:23:06 -0700
Sorry, it took me so long to get back to you. After a long try with ADMT 2, I
finally downloaded the ADMT V3. I have few observation which I want to share
with you and get some feed back.
here is the details.:
Question s regarding ADMT V3.
When migrating user accounts from source to target domain using “user
migration wizard” , I initially chose to keep the migrated accounts disabled
in target domain, and kept it enabled in source domain.
I also tried to “migrate password” , but kept getting the error message
“could not connect to PES server”, even though I can ping the PES server in
source domain from Target domain DC where I am running ADMT. I chose to
select “create complex password”.
I migrated the local and global groups, migrated computer, user profile etc.
using the group migration wizard, computer migration wizard
I reran user migration once again on the same users, this time asking to
enable accounts to target domain and disable after 30 days in source domain.
Here are my problems:
When I look at the AD user and computer, I see accounts are still disabled.
I manually enable the accounts. When I try to log on to the target domain
with the password generated by ADMT , I get the error message “access
denied”. I have to reset password manually. ( this is Ok in test domain but
for production domain it is a big inconvenience).
After migration, I checked the local profile (we do not use roaming
profile). I see profiles are copied but drive mapping are not there. Also
outlook profile did not transfer. I compared the username.newdomain folder
with the username.olddomain folder. Seems OK.
Now here is my test domain situation:
I have two way trusts between domains in two forests. My file server and
exchange servers are still in the source domain and preferably will be in
this state for a while until I am able to migrate all users.. Given the
situation, my question is do I need to migrate the file server and exchange
server to the target domain for everything to work ?
Thanks for any feed back you can provide me.
--
Dipti
"Vincent Xu [MSFT]" wrote:
> Hi,
>
> On the Source domain DC :
>
> 1. Make sure the DHCP server service is disabled.
> 2. In DNS make sure the only forwarder listed is the internal IP address
> of the Target Domain DC. To check this follow these steps:
>
> a. Go to Start, Programs, Administrative Tools, DNS.
> b. Right click on the servername and choose Properties.
> c. Click on the forwarders tab. The only IP listed should be the internal
> IP of the Target Domain DC.
>
> 3. Make sure the Remote Procedure Call (RPC service) is running. The
> default settings for RPC and RPC locator services are: Automatic and
> Started.
>
>
> On the Target domain DC:
>
> 1. Make sure the DHCP server service is running.
> 2. Make sure the Remote Procedure Call (RPC) service is set to Automatic
> and running. The RPC Locator service should be set to Manual and not
> running.
> 3. In DNS make sure the only IP listed in the Forwarders is the Internal
> IP address of the source domain side.
> 4. Check to see if the client machines have A (host) records in DNS. If
> not, manually create host records and check the box to create the
> associated PTR record. If the host records are there check for a PTR
> record. If it is missing create it manually.
>
> On the Clients:
>
> 1. Make sure the Remote Procedure Call (RPC) service is running.
> 2. Make sure that File and Print Sharing is checked on the properties of
> the Local Area Connection.
> 3. Make sure there is an IPC$ and Admin$ share.
> 4. At a command prompt run IPConfig /release then IPConfig /renew.
> Verify that the IP address is in the same range as the Target domain DC.
>
> Hope it helps.
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
>
> --------------------
> >>Thread-Topic: ADMT local user profile migration
> >>thread-index: AcW0uNmBxIg1Sz8dTYSB54ohTovM8A==
> >>X-WBNR-Posting-Host: 65.213.142.100
> >>From: "=?Utf-8?B?RGlwdGk=?=" <Dipti@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>References: <828D60D1-72D2-4A79-9E5D-5EF2CB1BF9FF@xxxxxxxxxxxxx>
> <Rk5Q2QIpFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> <D0377CB3-D0BE-4222-94DB-B5D0808B233F@xxxxxxxxxxxxx>
> <9aKSA6UqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
> <7A7B2B7F-849C-4961-87A9-307F4406DFE4@xxxxxxxxxxxxx>
> <CzFBg8gqFHA.2152@xxxxxxxxxxxxxxxxxxxxx>
> >>Subject: RE: ADMT local user profile migration
> >>Date: Thu, 8 Sep 2005 14:04:06 -0700
> >>Lines: 301
> >>Message-ID: <EBF5C5A2-49C3-4467-B6EF-7779649AD0AD@xxxxxxxxxxxxx>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 7bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.windows.server.migration
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA02.phx.gbl
> microsoft.public.windows.server.migration:20568
> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>
> >>I applied SP1 on 2003 server. Tried to migrate user local profile again,
> I am
> >>still getting the "RPC server unavailable" message. What is next? Account
> I
> >>am using for migration has domain admin rights.
> >>--
> >>Dipti
> >>
> >>
> >>"Vincent Xu [MSFT]" wrote:
> >>
> >>> Hi,
> >>>
> >>> I think you mean the hotfix in KB823735,am I right? This hotfix is
> >>> included in Windows 2003 SP1.
> >>>
> >>> To obtain Service Pack 1, please visit following link:
> >>>
> >>>
> <http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/defau
> >>> lt.mspx>
> >>>
> >>> Thanks.
> >>>
> >>> Best regards,
> >>>
> >>> Vincent Xu
> >>> Microsoft Online Partner Support
> >>>
> >>> Get Secure! - www.microsoft.com/security
> >>>
> >>>
> >>> --------------------
> >>> >>Thread-Topic: ADMT local user profile migration
> >>> >>thread-index: AcWpglZq+Lpjb8ojRaimsbxXkQxVxA==
> >>> >>X-WBNR-Posting-Host: 65.213.142.100
> >>> >>From: "=?Utf-8?B?RGlwdGk=?=" <Dipti@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >>References: <828D60D1-72D2-4A79-9E5D-5EF2CB1BF9FF@xxxxxxxxxxxxx>
> >>> <Rk5Q2QIpFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> >>> <D0377CB3-D0BE-4222-94DB-B5D0808B233F@xxxxxxxxxxxxx>
> >>> <9aKSA6UqFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
> >>> >>Subject: RE: ADMT local user profile migration
> >>> >>Date: Thu, 25 Aug 2005 07:36:11 -0700
> >>> >>Lines: 219
> >>> >>Message-ID: <7A7B2B7F-849C-4961-87A9-307F4406DFE4@xxxxxxxxxxxxx>
> >>> >>MIME-Version: 1.0
> >>> >>Content-Type: text/plain;
> >>> >> charset="Utf-8"
> >>> >>Content-Transfer-Encoding: 7bit
> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>> >>Content-Class: urn:content-classes:message
> >>> >>Importance: normal
> >>> >>Priority: normal
> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >>Newsgroups: microsoft.public.windows.server.migration
> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >>Xref: TK2MSFTNGXA01.phx.gbl
> >>> microsoft.public.windows.server.migration:11784
> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>> >>
> >>> >>Thanks for your reply. Now I know we do need to get that Hotfix
> described
> >>> in
> >>> >>837366.
> >>> >>--
> >>> >>Dipti
> >>> >>
> >>> >>
> >>> >>"Vincent Xu [MSFT]" wrote:
> >>> >>
> >>> >>> Hi Dipti,
> >>> >>>
> >>> >>> Regarding the error message, I'd like to provide some articles as
> below:
> >>> >>>
> >>> >>> 837366 The Active Directory Migration Tool displays a "RPC server is
> >>> >>> http://support.microsoft.com/?id=837366
> >>> >>>
> >>> >>> 823735 Active Directory Migration Tool Version 2 Uses the DNS Name
> to
> >>> >>> Resolve
> >>> >>> http://support.microsoft.com/?id=823735
> >>> >>>
> >>> >>> Regarding the problem you describe in the first post, I think it is
> a
> >>> SID
> >>> >>> related issue. Such issue may occur if the SID doesn't match after
> >>> >>> migration. You cannot use the Active Directory Migration Tool
> (ADMT)
> >>> >>> version 2.0 to migrate SID History for built-in groups such as the
> >>> >>> Administrators group, the Users group, or the Power Users group.
> This
> >>> >>> behavior occurs because the built-in account security IDs (SIDs)
> are
> >>> the
> >>> >>> same in every domain. Therefore, if you migrate these accounts to a
> >>> >>> destination domain, duplicate SIDs exist in the destination domain.
> >>> >>>
> >>> >>> However, while you cannot use ADMT version 2.0 to migrate an SID
> >>> history
> >>> >>> for built-in groups, you can migrate an SID history by using either
> of
> >>> the
> >>> >>> following
> >>> >>> methods:
> >>> >>>
> >>> >>> - Use a third-party tool such as NetIQ.
> >>> >>> - Use the Sidhist.vbs Visual Basic script that is included with
> the
> >>> >>> ClonePrincipal
> >>> >>> Windows Server 2003 Support Tool.
> >>> >>>
> >>> >>> Hope it helps
> >>> >>>
> >>> >>> Best regards,
> >>> >>>
> >>> >>> Vincent Xu
> >>> >>> Microsoft Online Partner Support
> >>> >>>
> >>> >>> Get Secure! - www.microsoft.com/security
> >>> >>>
> >>> >>>
> >>> >>> --------------------
> >>> >>> >>Thread-Topic: ADMT local user profile migration
> >>> >>> >>thread-index: AcWo8rUbD2+T9VUbRXmUFhFjRziiCA==
> >>> >>> >>X-WBNR-Posting-Host: 65.213.142.100
> >>> >>> >>From: "=?Utf-8?B?RGlwdGk=?=" <Dipti@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >>> >>References: <828D60D1-72D2-4A79-9E5D-5EF2CB1BF9FF@xxxxxxxxxxxxx>
> >>> >>> <Rk5Q2QIpFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> >>> >>> >>Subject: RE: ADMT local user profile migration
> >>> >>> >>Date: Wed, 24 Aug 2005 14:28:02 -0700
> >>> >>> >>Lines: 126
> >>> >>> >>Message-ID: <D0377CB3-D0BE-4222-94DB-B5D0808B233F@xxxxxxxxxxxxx>
> >>> >>> >>MIME-Version: 1.0
> >>> >>> >>Content-Type: text/plain;
> >>> >>> >> charset="Utf-8"
> >>> >>> >>Content-Transfer-Encoding: 7bit
> >>> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>> >>> >>Content-Class: urn:content-classes:message
> >>> >>> >>Importance: normal
> >>> >>> >>Priority: normal
> >>> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >>> >>Newsgroups: microsoft.public.windows.server.migration
> >>> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >>> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >>> >>Xref: TK2MSFTNGXA01.phx.gbl
> >>> >>> microsoft.public.windows.server.migration:11776
> >>> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>> >>> >>
> >>> >>> >>I have retried security translation wizard after migarting some
> >>> computers
> >>> >>> and
> >>> >>> >>users but I did not have any luck with this wizard. I am pasting
> the
> >>> >>> error
> >>> >>> >>message for your review.
> >>> >>> >>
> >>> >>> >>2005-08-24 15:16:52 Created account input file for remote agents:
> >>> >>> DCTCache.045
> >>> >>> >>2005-08-24 15:16:52 Installing agent on 1 servers
> >>> >>> >>2005-08-24 15:16:52 The Active Directory Migration Tool Agent
> will be
> >>> >>> >>installed on \\sbmi-xpwrkstn2.testsbmi.local
> >>> >>> >>2005-08-24 15:16:52 ERR2:7625 Unable to connect to
> >>> >>> >>\\sbmi-xpwrkstn2.testsbmi.local\ADMIN$. The machine might be down
> or
> >>> its
> >>> >>> >>Server, Netlogon service might not be started. rc=1722 The RPC
> >>> server is
> >>> >>> >>unavailable.
> >>> >>> >>2005-08-24 15:16:52 ERR2:7014 The Active Directory Migration Tool
> >>> Agent
> >>> >>> >>Service on \\sbmi-xpwrkstn2.testsbmi.local did not start. See
> the
> >>> >>> >>application log on \\sbmi-xpwrkstn2.testsbmi.local for details.
> >>> >>> >>2005-08-24 15:16:53 All agents are installed. The dispatcher is
> >>> finished.
> >>> >>> >>
> >>> >>> >>
> >>> >>> >>DCTCache :045 input file content:
> >>> >>> >>
> >>> >>> >>jray jray user 0 459 475
> >>> >>> >>nray nray user 0 45a 470
> >>> >>> >>test1 test1 group 0 45b 46e
> >>> >>> >>test5 test5 group 0 46b 46f
> >>> >>> >>cbell cbell user 0 46d 476
> >>> >>> >>jpop jpop user 0 46e 477
> >>> >>> >>
> >>> >>> >>
> >>> >>> >>
> >>> >>> >>To test the RPC connection from 2003 DC to remote workstation I
> ran
> >>> >>> psexec
> >>> >>> >>and was able to connect to that PC, so RPC connection is working.
> >>> >>> Netlogon,
> >>> >>> >>RPC services are running on workstation, 2003 DC, 2000DC. Since
> >>> these
> >>> >>> are XP
> >>> >>> >>machine, I also made sure firewall is turned off.
> >>> >>> >>
> >>> >>> >>I am out of ideas now. I hope MS will look into this issue ASAP.
> >>> >>> >>
> >>> >>> >>Thanks.
> >>> >>> >>--
> >>> >>> >>Dipti
> >>> >>> >>
> >>> >>> >>
> >>> >>> >>"Vincent Xu [MSFT]" wrote:
> >>> >>> >>
> >>> >>> >>> Hi Dipti,
> >>> >>> >>>
> >>> >>> >>> To migrate Local User Account, you need to use Computer Account
> >>> >>> Migration
> >>> >>> >>> Wizard
> >>> >>> >>>
> >>> >>> >>> The detailed steps please refer to :
> >>> >>> >>>
> >>> >>> >>>
.
- Follow-Ups:
- RE: ADMT local user profile migration
- From: Vincent Xu [MSFT]
- RE: ADMT local user profile migration
- Prev by Date: Trust creatation with NT4 and 2003AD
- Next by Date: Re: Trust creatation with NT4 and 2003AD
- Previous by thread: Trust creatation with NT4 and 2003AD
- Next by thread: RE: ADMT local user profile migration
- Index(es):
Relevant Pages
|
Loading
