RE: ADMT Error 7585: Access Denied when migrating users with groups
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Wed, 07 Jun 2006 07:31:21 GMT
Hi,
Please check if you select built-in / well-known security principals in
conjunction with the "replace existing" being enabled in the migration
wizard first.
Also, please do following test:
1. Please create two new groups, do NOT add any users to its member lists
(ensure the group has no members) and then migrate this test groups to see
if the problem occurs.
2. Please check whether the status of the FSMO roles of the forest and
related domains. We have handled a similar issue where the root cause was
the RID FSMO owner cannot be accessed.
Thanks.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
groupsThread-Topic: ADMT Error 7585: Access Denied when migrating users with
microsoft.public.windows.server.migration:23968thread-index: AcaJVfxz0E08XfEKSciqXjr2XsDOlg==
X-WBNR-Posting-Host: 194.201.64.100
From: =?Utf-8?B?SlQ=?= <JT@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: ADMT Error 7585: Access Denied when migrating users with groups
Date: Tue, 6 Jun 2006 03:43:02 -0700
Lines: 76
Message-ID: <9E0A78C6-889A-44F2-9BDF-187360E2790E@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
(newNNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Hi,
I am migrating Users & Groups from a 2000 domain to a new 2003 domain
listforest) using ADMT v.3.
I can happily migrate users and groups seperately, but when I attempt to
update group membership of multiple groups, only the first group in the
denied.is updated. The process then halts with:
ERR3:7585 The account replicator is unable to continue. Access is
many
It all works fine if I migrate the groups one at a time, but there are
1groups and this will kill me!
Here is the full log after I attempted to update memberhip of 3 groups
(GBPB, GBS7700 and Gbusiness&Commercial) - only the first in the list was
updated.
[Settings Section]
Task: Group Migration (20)
ADMT Console
User: UK-FWL\administrator
Computer: uk-fsws001.uk.fwl.local (UK-FSWS001)
Domain: uk.fwl.local (UK-FWL)
OS: Microsoft Windows Server 2003 5.2 (3790) Service Pack
ofSource Domain
Name: fwltech.com (FW-LOGISTICS)
DC: fwl-nt07.fwltech.com (FWL-NT07)
OS: Windows 2000 Server 5.0 (2195) Service Pack 4
OU:
Target Domain
Name: uk.fwl.local (UK-FWL)
DC: uk-fsws001.uk.fwl.local (UK-FSWS001)
OS: Windows Server 2003 5.2 (3790) Service Pack 1
OU: LDAP://uk.fwl.local/OU=Employees,DC=uk,DC=fwl,DC=local
Intra-Forest: No
Migrate Security Identifiers: Yes
Update Rights: Yes
Fix group membership: Yes
Conflict Option: Merge, rights = No, members = No, move objects = Yes
Migrate members: Yes
Password Option: Generate passwords, only for new objects = Yes
Password File: 'C:\WINDOWS\ADMT\Logs\passwords.txt'
Translate Roaming Profiles: No
Source Disable Option: Leave source account
Source Expiration: Do not expire source account
Target Disable Option: Set target same as source
[Object Migration Section]
2006-06-06 11:28:09 Starting Account Replicator.
2006-06-06 11:28:10 WRN1:7561 ADMT could not migrate some properties for
this object type (group) due to schema mismatches. Please refer to the
Schema Section in the migration log for a complete listing. The Schema
Section will be available once object migration is complete.
2006-06-06 11:28:10 CN=GBPB - Merged.
2006-06-06 11:28:10 SID for FW-LOGISTICS\GBPB added to the SID History of
UK-FWL\GBPB
2006-06-06 11:28:11 CN=GBS7799 - Merged.
2006-06-06 11:28:11 SID for FW-LOGISTICS\GBS7799 added to the SID History
theUK-FWL\GBS7799
2006-06-06 11:28:11 CN=GBusiness&Commercial - Merged.
2006-06-06 11:28:11 SID for FW-LOGISTICS\GBusiness&Commercial added to
wl,DC=local added.SID History of UK-FWL\GBusiness&Commercial
2006-06-06 11:28:11 Processing group membership for CN=GBPB.
2006-06-06 11:28:11 LDAP://uk-fsws001.uk.fwl.local/CN=Scott\,
Julie,OU=Staff,OU=Employees,DC=uk,DC=fwl,DC=local added.
2006-06-06 11:28:11
LDAP://uk-fsws001.uk.fwl.local/CN=replsrv,OU=Staff,OU=Employees,DC=uk,DC=f
continue.2006-06-06 11:28:12 ERR3:7585 The account replicator is unable to
Access is denied.
2006-06-06 11:28:12 Operation completed.
Thanks in advance for any help.
John
.
- Follow-Ups:
- References:
- Prev by Date: Re: NT 4.0 to 2003 Domain Name
- Next by Date: RE: DC Promotion
- Previous by thread: ADMT Error 7585: Access Denied when migrating users with groups
- Next by thread: RE: ADMT Error 7585: Access Denied when migrating users with group
- Index(es):
Relevant Pages
|
