RE: ADMT Hybrid Inter/Intra Forest Profile Issue
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Wed, 19 Jul 2006 06:08:02 GMT
Hi,
Frist, the profile new created issue is nothing related to the sidhistory.
Just considering that, is migration is succeed, the profile should be moved
to the new domain already, why they need sidhistory in such case? The
profile is new created because the security translation is failed. My
question is: When you finished migration to temp domain, have you tried to
logon to see if the profile will be recreated?
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
<ScottJPetersonMCSDMCPSBMCT@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: ADMT Hybrid Inter/Intra Forest Profile Issue
thread-index: Acaq7UHN/Ygoj+j3RTGC+HLr/VDffA==
X-WBNR-Posting-Host: 24.242.226.119
From: =?Utf-8?B?U2NvdHQgSi4gUGV0ZXJzb24sIE1DU0QsIE1DUFNCLCBNQ1Q=?=
microsoft.public.windows.server.migration:24481Subject: ADMT Hybrid Inter/Intra Forest Profile Issue
Date: Tue, 18 Jul 2006 21:39:01 -0700
Lines: 47
Message-ID: <AAA1A891-FC5F-4950-B059-8CBB326CCAD0@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
B.NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Synopsis: We have two (2) domains in the same forest, Domain A and Domain
UsersHundreds of users exist in both domains, via identical samAccountNames.
samebounce back and forth between using both accounts, etc. We are migrating
duplicate users from A (Source) to B (Target), and since they are in the
sidHistoryforest, we can't use ADMT directly, but in order to maintain the
have(since sids can't exist in same forest), we are doing the following, in
general:
1. Migrating all users from Domain A to a Temp Domain (out of forest) (in
order to keep a sidHistory, but remove users to create in same forest)
2. Storing all user attributes from users in Domain A in a database (to
forest)values to write later, such as title, phoneNumber)
3. Deleting all users from Domain A (so we can add sidHistory in same
(so4. Writing attributes from database to corresponding users in Domain B
perfectusers data will be updated)
5. Migrating all users from Temp Domain to Domain B (to add sidHistory)
6. (Optionally, removing the sidHistory entry that was from Temp Domain,
maintaining only the entry from Domain A)
So, everything works, mail, security, shares, etc., everything related
directly to a sidHistory/security descriptor/acls. The sidHistory is
Aand all attributes seem correct. What DOESN'T work is the user's profile.
NOTNEW profile always gets created when they log in. If we do a test, say,
corrupted"going through the TEMP domain (via ADMT A to B where a duplicate doesn't
exist already of course) the Profile migrates perfectly. ONLY when we go
A-->TEMP--> does it have the issue.
Now I know people are thinking "something is getting stripped or
ofgoing through the TEMP domain, but ADMT works perfectly and a comparison
is:attributes on a user object appear identical, ESPECIALLY the sidHistory,
which we believe is the only thing a profile depends on. So, the question
worksWhy is it always creating a NEW profile even when the AD attributes are
correct, especially the sidHistory?
Another way to state this:
We have successfully migrated the sidhistory via the temp domain. That
profile.perfectly. But, when the migrated user logs on, he receives a new
targetThis is not the case when we migrate directly from source domain to
thedomain. It is only a problem when we migrate via the temp forest.
Is there something besides sidhistory that allows the user to maintain
RE:profile on the computer?
BTW, no need to respond about using MoveTree or other processes, we have
been down every road...what I'm really hoping for is what we are missing
ofthe profiles, or what we can do alternatively, realizing this is hundreds
users...
.
- Follow-Ups:
- RE: ADMT Hybrid Inter/Intra Forest Profile Issue
- From: Scott J. Peterson, MCSD, MCPSB, MCT
- RE: ADMT Hybrid Inter/Intra Forest Profile Issue
- Prev by Date: Re: First Win2003 Server
- Next by Date: Re: Suggestions on best NT4 to 2003 Migration Method
- Previous by thread: Problem after migrate
- Next by thread: RE: ADMT Hybrid Inter/Intra Forest Profile Issue
- Index(es):
Relevant Pages
|
