Re: SID Hitory Not Working after ADMT 3 Migration
- From: "Greg H" <gphalpin@xxxxxxxxx>
- Date: 5 Jul 2006 13:59:57 -0700
Yes, I have disabled SID filtering and I have enabled SID history using
the netdom trust command.
Sid history via groups is working. As for Home directories, I'm to the
user's home folder, which is located on the user accounts profile tab.
I'm also referring to folders on servers to which I gave just one user
specific access. The users cannot a
curieux wrote:
Hi Greg H,
Have you disable SID filtering ?
How-to :
http://technet2.microsoft.com/WindowsServer/en/Library/52b395b4-0313-47d8-87d4-fb1dd4d5c4701033.mspx?mfr=true
Explication des liaisons entre Migration et filtrage Sid :
http://technet2.microsoft.com/WindowsServer/en/Library/bde2f3b0-3cd9-46f3-855f-4a39a25f98ee1033.mspx?mfr=true
Best regards,
Curieux
"Greg H" <gphalpin@xxxxxxxxx> a écrit dans le message de news:
1151702606.593288.140430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello All,
I have read a lot of posts and found a lot of good information for the
migration we are doing but cannot find an answer to a SID history
problem we have.
I am using ADMT 3.0 to migrate users from a Windows 2000 domain to a
Windows 2003 domain in a separate forest. When I migrate the users,
the log shows that SID history was added to the users new account in
the new domain. A log sample is below. I did not migrate groups
because we need to clean up our groups and are creating new groups in
the new domain. Even when I tried migrating groups, SID history did
not work.
I have also disabled SID filtering using the netdom trust tool but that
did not correct the problem. I have restarted the domain controllers
several times. Also, I'm not referring to built-in groups. I'm
referring to Domain Local and Global groups that we created to
permission data.
Using the security translation tool, the users still have their
profiles on their computers but they cannot access resources in the old
domain unless we add them to a Domain Local group in the old domain or
repermission the old resources.
I appreciate any help on this.
Thanks,
Greg
[Settings Section]
Task: User Migration (9)
ADMT Console
User: UDLA\mstreet
Computer: laitpndns02.UDLA.tsu.edu (LAITPNDNS02)
Domain: udla.tsu.edu (CLA)
OS: Microsoft Windows Server 2003 R2 5.2 (3790) Service
Pack 1
Source Domain
Name: fsip.tsu.edu (FSIP)
DC: MAZDA.fsip.tsu.edu (MAZDA)
OS: Windows 2000 Server 5.0 (2195) Service Pack 4
OU:
Target Domain
Name: udla.tsu.edu (UDLA)
DC: laitpndns02.udla.tsu.edu (LAITPNDNS02)
OS: Windows Server 2003 5.2 (3790) Service Pack 1
OU: LDAP://udla.tsu.edu/OU=Staff,OU=Standard,OU=CLA User
Accounts,DC=udla,DC=tsu,DC=edu
Intra-Forest: No
Password Option: Copy passwords, only for new objects = No
Password Export Server: MAZDA.fsip.tsu.edu
Migrate Security Identifiers: Yes
Update Rights: No
Translate Roaming Profiles: No
Fix group membership: Yes
Conflict Option: Ignore
Source Disable Option: Leave source account
Source Expiration: Do not expire source account
Target Disable Option: Set target same as source
Migrate groups: No
Migrate service accounts: Yes
[Object Migration Section]
2006-06-30 09:44:07 Starting Account Replicator.
2006-06-30 09:44:08 CN=data migrate - Created
2006-06-30 09:44:08 SID for FSIP\dmigrate added to the SID History of
UDLA\dmigrate
2006-06-30 09:44:09 CN=data migrate - Password Copied.
2006-06-30 09:44:09 Operation completed.
.
- Follow-Ups:
- Re: SID Hitory Not Working after ADMT 3 Migration
- From: Vincent Xu [MSFT]
- Re: SID Hitory Not Working after ADMT 3 Migration
- References:
- SID Hitory Not Working after ADMT 3 Migration
- From: Greg H
- Re: SID Hitory Not Working after ADMT 3 Migration
- From: curieux
- SID Hitory Not Working after ADMT 3 Migration
- Prev by Date: Re: Migrating DC/File Server to new hardware...
- Next by Date: Re: Migrating DC/File Server to new hardware...
- Previous by thread: Re: SID Hitory Not Working after ADMT 3 Migration
- Next by thread: Re: SID Hitory Not Working after ADMT 3 Migration
- Index(es):
Relevant Pages
|
