RE: strange access denied in ADMT v3
- From: "Joe Pass" <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Dec 2005 01:27:02 -0800
>From the beginning, the ADMT is installed on the DC of the new domain and the
account is in the administrators group of the new domain.
"Vincent Xu [MSFT]" wrote:
> Hi,
>
> As I said, Please add the account into local Administrators of the box
> which you run ADMT.
>
> Thanks.
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> --------------------
> >>Thread-Topic: strange access denied in ADMT v3
> >>thread-index: AcYEfCJRKHCG7zPZRPGLyMH10rbegg==
> >>X-WBNR-Posting-Host: 217.167.147.251
> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?=" <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>References: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
> <Gqkf9Ev9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
> <2D9E8228-F401-4555-9811-D8A724A0636A@xxxxxxxxxxxxx>
> <pmdJCJW#FHA.3440@xxxxxxxxxxxxxxxxxxxxx>
> >>Subject: RE: strange access denied in ADMT v3
> >>Date: Mon, 19 Dec 2005 01:11:02 -0800
> >>Lines: 186
> >>Message-ID: <9E6B4A9F-BA2E-4606-B651-0C67AFA3CD8F@xxxxxxxxxxxxx>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 7bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.windows.server.migration
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA02.phx.gbl
> microsoft.public.windows.server.migration:21757
> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>
> >>The account of old domain is member of admins of NT4 & dom admins of NT4
> and
> >>admins of 2K3. It cannot be part of dom admins on 2K3 because of the
> group
> >>scope.
> >>
> >>To come back on my original issue - access denied when moving user
> accounts
> >>with admin of source domain- I think I have found the source of the
> problem.
> >>The new domain is a child domain of a forest and there is a single DC
> there.
> >>It does not hold the global catalog role . If it holds the GC role, then
> all
> >>goes fine.
> >>Is it something well known ? I don't want the DC to be GC +
> infrastructure
> >>master as the infrastructure master does not work when a GC is on it.
> >>Any recommendations ?
> >>
> >>
> >>"Vincent Xu [MSFT]" wrote:
> >>
> >>> Hi,
> >>>
> >>> I was confused. The user account was unable to be a part of the domain
> >>> admins group of the new domain or the domain admins group of the old
> >>> domain? Why it also cannot be a part of local Administrators? Is there
> any
> >>> error message? Please understand, we have to add it into local
> >>> Administrators group.
> >>>
> >>>
> >>> Best regards,
> >>>
> >>> Vincent Xu
> >>> Microsoft Online Partner Support
> >>>
> >>> Get Secure! - www.microsoft.com/security
> >>>
> >>> When responding to posts, please "Reply to Group" via your newsreader
> so
> >>> that others may learn and benefit from your issue.
> >>>
> >>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >>>
> >>>
> >>> --------------------
> >>> >>Thread-Topic: strange access denied in ADMT v3
> >>> >>thread-index: AcX3KLLrH3kVimIMRqyDOn34UJ3mvg==
> >>> >>X-WBNR-Posting-Host: 217.167.147.251
> >>> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?=" <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >>References: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
> >>> <Gqkf9Ev9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
> >>> >>Subject: RE: strange access denied in ADMT v3
> >>> >>Date: Fri, 2 Dec 2005 02:11:02 -0800
> >>> >>Lines: 113
> >>> >>Message-ID: <2D9E8228-F401-4555-9811-D8A724A0636A@xxxxxxxxxxxxx>
> >>> >>MIME-Version: 1.0
> >>> >>Content-Type: text/plain;
> >>> >> charset="Utf-8"
> >>> >>Content-Transfer-Encoding: 7bit
> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>> >>Content-Class: urn:content-classes:message
> >>> >>Importance: normal
> >>> >>Priority: normal
> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >>Newsgroups: microsoft.public.windows.server.migration
> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >>Xref: TK2MSFTNGXA02.phx.gbl
> >>> microsoft.public.windows.server.migration:21552
> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>> >>
> >>> >>Thanks for your response Vincent.
> >>> >>Well I am using an account of old domain that is :
> >>> >>-member of the administrators group of old domain
> >>> >>-member of the domain admins group of old domain
> >>> >>-member of the administrators group of new domain.
> >>> >>But he cannot be part of the domain admins of the new domain( scope
> is
> >>> >>global ).
> >>> >>The only specific thing is that the domain admins group of old domain
> has
> >>> >>been renamed.
> >>> >>
> >>> >>When I am using an account of new domain, I don't have the access
> denied
> >>> on
> >>> >>admt. But I will have problems when I want to run the agent to
> migrate
> >>> the
> >>> >>PCs since this account will not be part of the local admins. ( since
> it
> >>> >>cannot be part of the domain admins group of old domain ) .
> >>> >>
> >>> >>How can I proceed ?
> >>> >>Thanks .
> >>> >>
> >>> >>
> >>> >>"Vincent Xu [MSFT]" wrote:
> >>> >>
> >>> >>> Hi,
> >>> >>>
> >>> >>> Please make sure:
> >>> >>>
> >>> >>> The user account you logged on to run ADMT is added into:
> >>> >>>
> >>> >>> 1) Local Administrators group.
> >>> >>> 2) Target Domain Admin group
> >>> >>> 3) Source Domain Admin group.
> >>> >>>
> >>> >>> Hope it helps.
> >>> >>>
> >>> >>>
> >>> >>> Best regards,
> >>> >>>
> >>> >>> Vincent Xu
> >>> >>> Microsoft Online Partner Support
> >>> >>>
> >>> >>> Get Secure! - www.microsoft.com/security
> >>> >>>
> >>> >>> When responding to posts, please "Reply to Group" via your
> newsreader
> >>> so
> >>> >>> that others may learn and benefit from your issue.
> >>> >>>
> >>> >>> This posting is provided "AS IS" with no warranties, and confers no
> >>> rights.
> >>> >>>
> >>> >>>
> >>> >>> --------------------
> >>> >>> >>Thread-Topic: strange access denied in ADMT v3
> >>> >>> >>thread-index: AcX2Z39GtKTb5NycSfKcHXW5TATKIA==
> >>> >>> >>X-WBNR-Posting-Host: 217.167.147.251
> >>> >>> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?="
> <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >>> >>Subject: strange access denied in ADMT v3
> >>> >>> >>Date: Thu, 1 Dec 2005 03:08:02 -0800
> >>> >>> >>Lines: 36
> >>> >>> >>Message-ID: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
> >>> >>> >>MIME-Version: 1.0
> >>> >>> >>Content-Type: text/plain;
> >>> >>> >> charset="Utf-8"
> >>> >>> >>Content-Transfer-Encoding: 7bit
> >>> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>> >>> >>Content-Class: urn:content-classes:message
> >>> >>> >>Importance: normal
> >>> >>> >>Priority: normal
> >>> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >>> >>Newsgroups: microsoft.public.windows.server.migration
> >>> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >>> >>Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >>> >>Xref: TK2MSFTNGXA02.phx.gbl
> >>> >>> microsoft.public.windows.server.migration:21537
> >>> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>> >>> >>
> >>> >>> >>I have been using ADMT v2 for a while with other migration
> projects.
> >>> >>> >>I have a strange access rights issue with v3:
> >>> >>> >>Running it on the DC of the new domain with an account of old
> domain
> >>> that
> >>> >>> is :
> >>> >>> >>-part of the administrators group of the new domain
> >>> >>> >>-and part of the domain admins group of the old domain
> >>> >>> >>
> >>> >>> >>I have following error:
> >>> >>> >>
> >>> >>> >>Source Domain
> >>> >>> >> Name: SOURCE
> >>> >>> >> DC: PDC
> >>> >>> >> OS: Windows NT 4.0
> >>> >>> >>Target Domain
> >>> >>> >> Name: dest.local (DEST)
> >>> >>> >> DC: dcdest.dest.local (DCDEST)
> >>> >>> >> OS: Windows Server 2003 5.2 (3790) Service Pack 1
> >>> >>> >> OU: LDAP://dest.local/OU=Migration,DC=dest,DC=local
> >>> >>> >>Intra-Forest: No
> >>> >>> >>Translate Option: Add
> >>> >>> >>Translate Files: Yes
> >>> >>> >>Translate Local Groups: Yes
> >>> >>> >>Translate Printers: Yes
> >>> >>> >>Translate Registry: Yes
> >>> >>> >>Translate Rights: Yes
> >>> >>> >>Translate Shares: Yes
> >>> >>> >>Translate User Profiles: Yes
> >>> >>> >>Conflict Option: Ignore
> >>> >>> >>Perform Pre-check Only: No
> >>> >>> >>
> >>> >>> >>[Object Migration Section]
> >>> >>> >>2005-11-25 17:50:15 Starting Account Replicator.
> >>> >>> >>2005-11-25 17:50:18 ERR3:7585 The account replicator is unable to
> >>> >>> continue.
> >>> >>> >> Access is denied.
> >>> >>> >>2005-11-25 17:50:18 Operation completed.
> >>> >>> >>
> >>> >>> >>Any ideas ? I'm stuck.
> >>> >>> >>
> >>> >>>
> >>> >>>
> >>> >>
> >>>
> >>>
> >>
>
>
.
- Follow-Ups:
- RE: strange access denied in ADMT v3
- From: Vincent Xu [MSFT]
- RE: strange access denied in ADMT v3
- References:
- RE: strange access denied in ADMT v3
- From: Vincent Xu [MSFT]
- RE: strange access denied in ADMT v3
- From: Joe Pass
- RE: strange access denied in ADMT v3
- From: Vincent Xu [MSFT]
- RE: strange access denied in ADMT v3
- From: Joe Pass
- RE: strange access denied in ADMT v3
- From: Vincent Xu [MSFT]
- RE: strange access denied in ADMT v3
- Prev by Date: RE: how to migrate printer in client-end?
- Next by Date: RE: no logon servers after in-place migration Nt4->AD
- Previous by thread: RE: strange access denied in ADMT v3
- Next by thread: RE: strange access denied in ADMT v3
- Index(es):
Relevant Pages
|
