RE: strange access denied in ADMT v3

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi,

Please note: Administrators group of the machine. Not Administrators group
of the domain.

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>>Thread-Topic: strange access denied in ADMT v3
>>thread-index: AcYFR4jmzdgF8gQDR8eGtTymKg/LVg==
>>X-WBNR-Posting-Host: 217.167.147.251
>>From: "=?Utf-8?B?Sm9lIFBhc3M=?=" <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>References: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
<Gqkf9Ev9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
<2D9E8228-F401-4555-9811-D8A724A0636A@xxxxxxxxxxxxx>
<pmdJCJW#FHA.3440@xxxxxxxxxxxxxxxxxxxxx>
<9E6B4A9F-BA2E-4606-B651-0C67AFA3CD8F@xxxxxxxxxxxxx>
<Y9zY0vSBGHA.832@xxxxxxxxxxxxxxxxxxxxx>
>>Subject: RE: strange access denied in ADMT v3
>>Date: Tue, 20 Dec 2005 01:27:02 -0800
>>Lines: 264
>>Message-ID: <3D179DEE-3ED9-4E5C-99CB-FCBC221908DD@xxxxxxxxxxxxx>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="Utf-8"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Content-Class: urn:content-classes:message
>>Importance: normal
>>Priority: normal
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.windows.server.migration:21775
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>>From the beginning, the ADMT is installed on the DC of the new domain and
the
>>account is in the administrators group of the new domain.
>>
>>
>>"Vincent Xu [MSFT]" wrote:
>>
>>> Hi,
>>>
>>> As I said, Please add the account into local Administrators of the box
>>> which you run ADMT.
>>>
>>> Thanks.
>>>
>>> Best regards,
>>>
>>> Vincent Xu
>>> Microsoft Online Partner Support
>>>
>>> Get Secure! - www.microsoft.com/security
>>>
>>> When responding to posts, please "Reply to Group" via your newsreader
so
>>> that others may learn and benefit from your issue.
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>>
>>>
>>> --------------------
>>> >>Thread-Topic: strange access denied in ADMT v3
>>> >>thread-index: AcYEfCJRKHCG7zPZRPGLyMH10rbegg==
>>> >>X-WBNR-Posting-Host: 217.167.147.251
>>> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?=" <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>> >>References: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
>>> <Gqkf9Ev9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
>>> <2D9E8228-F401-4555-9811-D8A724A0636A@xxxxxxxxxxxxx>
>>> <pmdJCJW#FHA.3440@xxxxxxxxxxxxxxxxxxxxx>
>>> >>Subject: RE: strange access denied in ADMT v3
>>> >>Date: Mon, 19 Dec 2005 01:11:02 -0800
>>> >>Lines: 186
>>> >>Message-ID: <9E6B4A9F-BA2E-4606-B651-0C67AFA3CD8F@xxxxxxxxxxxxx>
>>> >>MIME-Version: 1.0
>>> >>Content-Type: text/plain;
>>> >> charset="Utf-8"
>>> >>Content-Transfer-Encoding: 7bit
>>> >>X-Newsreader: Microsoft CDO for Windows 2000
>>> >>Content-Class: urn:content-classes:message
>>> >>Importance: normal
>>> >>Priority: normal
>>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>> >>Newsgroups: microsoft.public.windows.server.migration
>>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>> >>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>> >>Xref: TK2MSFTNGXA02.phx.gbl
>>> microsoft.public.windows.server.migration:21757
>>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
>>> >>
>>> >>The account of old domain is member of admins of NT4 & dom admins of
NT4
>>> and
>>> >>admins of 2K3. It cannot be part of dom admins on 2K3 because of the
>>> group
>>> >>scope.
>>> >>
>>> >>To come back on my original issue - access denied when moving user
>>> accounts
>>> >>with admin of source domain- I think I have found the source of the
>>> problem.
>>> >>The new domain is a child domain of a forest and there is a single DC
>>> there.
>>> >>It does not hold the global catalog role . If it holds the GC role,
then
>>> all
>>> >>goes fine.
>>> >>Is it something well known ? I don't want the DC to be GC +
>>> infrastructure
>>> >>master as the infrastructure master does not work when a GC is on it.
>>> >>Any recommendations ?
>>> >>
>>> >>
>>> >>"Vincent Xu [MSFT]" wrote:
>>> >>
>>> >>> Hi,
>>> >>>
>>> >>> I was confused. The user account was unable to be a part of the
domain
>>> >>> admins group of the new domain or the domain admins group of the
old
>>> >>> domain? Why it also cannot be a part of local Administrators? Is
there
>>> any
>>> >>> error message? Please understand, we have to add it into local
>>> >>> Administrators group.
>>> >>>
>>> >>>
>>> >>> Best regards,
>>> >>>
>>> >>> Vincent Xu
>>> >>> Microsoft Online Partner Support
>>> >>>
>>> >>> Get Secure! - www.microsoft.com/security
>>> >>>
>>> >>> When responding to posts, please "Reply to Group" via your
newsreader
>>> so
>>> >>> that others may learn and benefit from your issue.
>>> >>>
>>> >>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>> >>>
>>> >>>
>>> >>> --------------------
>>> >>> >>Thread-Topic: strange access denied in ADMT v3
>>> >>> >>thread-index: AcX3KLLrH3kVimIMRqyDOn34UJ3mvg==
>>> >>> >>X-WBNR-Posting-Host: 217.167.147.251
>>> >>> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?="
<JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>> >>> >>References: <79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
>>> >>> <Gqkf9Ev9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
>>> >>> >>Subject: RE: strange access denied in ADMT v3
>>> >>> >>Date: Fri, 2 Dec 2005 02:11:02 -0800
>>> >>> >>Lines: 113
>>> >>> >>Message-ID: <2D9E8228-F401-4555-9811-D8A724A0636A@xxxxxxxxxxxxx>
>>> >>> >>MIME-Version: 1.0
>>> >>> >>Content-Type: text/plain;
>>> >>> >> charset="Utf-8"
>>> >>> >>Content-Transfer-Encoding: 7bit
>>> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
>>> >>> >>Content-Class: urn:content-classes:message
>>> >>> >>Importance: normal
>>> >>> >>Priority: normal
>>> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>> >>> >>Newsgroups: microsoft.public.windows.server.migration
>>> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>> >>> >>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>> >>> >>Xref: TK2MSFTNGXA02.phx.gbl
>>> >>> microsoft.public.windows.server.migration:21552
>>> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
>>> >>> >>
>>> >>> >>Thanks for your response Vincent.
>>> >>> >>Well I am using an account of old domain that is :
>>> >>> >>-member of the administrators group of old domain
>>> >>> >>-member of the domain admins group of old domain
>>> >>> >>-member of the administrators group of new domain.
>>> >>> >>But he cannot be part of the domain admins of the new domain(
scope
>>> is
>>> >>> >>global ).
>>> >>> >>The only specific thing is that the domain admins group of old
domain
>>> has
>>> >>> >>been renamed.
>>> >>> >>
>>> >>> >>When I am using an account of new domain, I don't have the access
>>> denied
>>> >>> on
>>> >>> >>admt. But I will have problems when I want to run the agent to
>>> migrate
>>> >>> the
>>> >>> >>PCs since this account will not be part of the local admins. (
since
>>> it
>>> >>> >>cannot be part of the domain admins group of old domain ) .
>>> >>> >>
>>> >>> >>How can I proceed ?
>>> >>> >>Thanks .
>>> >>> >>
>>> >>> >>
>>> >>> >>"Vincent Xu [MSFT]" wrote:
>>> >>> >>
>>> >>> >>> Hi,
>>> >>> >>>
>>> >>> >>> Please make sure:
>>> >>> >>>
>>> >>> >>> The user account you logged on to run ADMT is added into:
>>> >>> >>>
>>> >>> >>> 1) Local Administrators group.
>>> >>> >>> 2) Target Domain Admin group
>>> >>> >>> 3) Source Domain Admin group.
>>> >>> >>>
>>> >>> >>> Hope it helps.
>>> >>> >>>
>>> >>> >>>
>>> >>> >>> Best regards,
>>> >>> >>>
>>> >>> >>> Vincent Xu
>>> >>> >>> Microsoft Online Partner Support
>>> >>> >>>
>>> >>> >>> Get Secure! - www.microsoft.com/security
>>> >>> >>>
>>> >>> >>> When responding to posts, please "Reply to Group" via your
>>> newsreader
>>> >>> so
>>> >>> >>> that others may learn and benefit from your issue.
>>> >>> >>>
>>> >>> >>> This posting is provided "AS IS" with no warranties, and
confers no
>>> >>> rights.
>>> >>> >>>
>>> >>> >>>
>>> >>> >>> --------------------
>>> >>> >>> >>Thread-Topic: strange access denied in ADMT v3
>>> >>> >>> >>thread-index: AcX2Z39GtKTb5NycSfKcHXW5TATKIA==
>>> >>> >>> >>X-WBNR-Posting-Host: 217.167.147.251
>>> >>> >>> >>From: "=?Utf-8?B?Sm9lIFBhc3M=?="
>>> <JoePass@xxxxxxxxxxxxxxxxxxxxxxxxx>
>>> >>> >>> >>Subject: strange access denied in ADMT v3
>>> >>> >>> >>Date: Thu, 1 Dec 2005 03:08:02 -0800
>>> >>> >>> >>Lines: 36
>>> >>> >>> >>Message-ID:
<79FDA5EF-0205-4759-AB33-E884C4786126@xxxxxxxxxxxxx>
>>> >>> >>> >>MIME-Version: 1.0
>>> >>> >>> >>Content-Type: text/plain;
>>> >>> >>> >> charset="Utf-8"
>>> >>> >>> >>Content-Transfer-Encoding: 7bit
>>> >>> >>> >>X-Newsreader: Microsoft CDO for Windows 2000
>>> >>> >>> >>Content-Class: urn:content-classes:message
>>> >>> >>> >>Importance: normal
>>> >>> >>> >>Priority: normal
>>> >>> >>> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>> >>> >>> >>Newsgroups: microsoft.public.windows.server.migration
>>> >>> >>> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>>> >>> >>> >>Path:
>>> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>>> >>> >>> >>Xref: TK2MSFTNGXA02.phx.gbl
>>> >>> >>> microsoft.public.windows.server.migration:21537
>>> >>> >>> >>X-Tomcat-NG: microsoft.public.windows.server.migration
>>> >>> >>> >>
>>> >>> >>> >>I have been using ADMT v2 for a while with other migration
>>> projects.
>>> >>> >>> >>I have a strange access rights issue with v3:
>>> >>> >>> >>Running it on the DC of the new domain with an account of old
>>> domain
>>> >>> that
>>> >>> >>> is :
>>> >>> >>> >>-part of the administrators group of the new domain
>>> >>> >>> >>-and part of the domain admins group of the old domain
>>> >>> >>> >>
>>> >>> >>> >>I have following error:
>>> >>> >>> >>
>>> >>> >>> >>Source Domain
>>> >>> >>> >> Name: SOURCE
>>> >>> >>> >> DC: PDC
>>> >>> >>> >> OS: Windows NT 4.0
>>> >>> >>> >>Target Domain
>>> >>> >>> >> Name: dest.local (DEST)
>>> >>> >>> >> DC: dcdest.dest.local (DCDEST)
>>> >>> >>> >> OS: Windows Server 2003 5.2 (3790) Service Pack 1
>>> >>> >>> >> OU: LDAP://dest.local/OU=Migration,DC=dest,DC=local
>>> >>> >>> >>Intra-Forest: No
>>> >>> >>> >>Translate Option: Add
>>> >>> >>> >>Translate Files: Yes
>>> >>> >>> >>Translate Local Groups: Yes
>>> >>> >>> >>Translate Printers: Yes
>>> >>> >>> >>Translate Registry: Yes
>>> >>> >>> >>Translate Rights: Yes
>>> >>> >>> >>Translate Shares: Yes
>>> >>> >>> >>Translate User Profiles: Yes
>>> >>> >>> >>Conflict Option: Ignore
>>> >>> >>> >>Perform Pre-check Only: No
>>> >>> >>> >>
>>> >>> >>> >>[Object Migration Section]
>>> >>> >>> >>2005-11-25 17:50:15 Starting Account Replicator.
>>> >>> >>> >>2005-11-25 17:50:18 ERR3:7585 The account replicator is
unable to
>>> >>> >>> continue.
>>> >>> >>> >> Access is denied.
>>> >>> >>> >>2005-11-25 17:50:18 Operation completed.
>>> >>> >>> >>
>>> >>> >>> >>Any ideas ? I'm stuck.
>>> >>> >>> >>
>>> >>> >>>
>>> >>> >>>
>>> >>> >>
>>> >>>
>>> >>>
>>> >>
>>>
>>>
>>

.

Relevant Pages