Re: Problems caused with Migration.

Hi Mike,

Since posting my first post, i ended up hunting down a page
http://support.microsoft.com/default.aspx?scid=kb;en-us;260575 and reset the
password, and it allowed me to administer OU, GPO's, etc from within the
"Active Directory Users and Computers" on my Win2k box, before I reset the
password, I was getting the error message "the target principal name is
incorrect" when I was trying to run the formentioned application.

Now I'm in the situation where all my users can't connect to the Win2k
Machine, telling them access is denied with the error. "Your roaming profile
is not available. You are logged on with the locally stored profile. Changes
to the profile will not be copied to the server. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator. DETAIL - Access is
denied. "

Everything was fine before I started the migration process, so I'm thinking
that the ADMT has caused a hicup, or something...

I did what I thought were the correct things before the migration, as far as
I know the ADMIN$ and the C$ shares where all correct, and I was using the
Administrator account for the migration.

I'm really stumped now, I'm thinking I'm going to have to just build the
Win2k3 box from scratch, and explain to the users they will have to set the
profile up again, I'm dreading digging a bigger hole in my Win2k box, and
making it more difficult.

Hope all this makes sense, and thanks for replying..

Regards
Paul.

"Mike Luo [MSFT]" <v-miluo@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:lWg6TaRSHHA.3792@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello,

Thank you for using newsgroup!

From your post, I can't understand what "I can't seem to access the AD
from
within the machine" means. Could you send me the error screenshot?

Use ADMT to migrate computer account ADMT requires the following
permissions to run properly:
o Administrator rights in the source domain.
o Administrator rights on each computer that you migrate.
o Administrator rights on each computer on which you translate security.

Before you migrate a Windows 2000-based domain to a Windows Server
2003-based domain, you must make some domain and security configurations.
Computer migration and security translation do not require any special
domain configuration. However, each computer you want to migrate must have
the administrative shares, C$ and ADMIN$.

The account you use to run ADMT must have enough permissions to complete
the required tasks. The account must have permission to create computer
accounts in the target domain and organizational unit, and must be a
member
of the local Administrators group on each computer to be migrated.

Please check you have the correct settings.

Because the migration relies on trust between the two domains, I suggest
you verify the trust between domains. please refer to the following steps:
1. Switch to CMD mode.
2. Run trusting_domain_name /Domain:trusted_domain_name /UserD:<
<administrator of trusted_domain > /PasswordD:< password of the
administrator > /Verify
3. If the verify fails, please send me the error screenshot.

More Information:
=============
rust between a Windows NT domain and an Active Directory domain cannot be
established or it does not work as expected (889030)
<http://support.microsoft.com/default.aspx?scid=KB;EN-US;889030>
How to use Active Directory Migration Tool version 2 to migrate from
Windows 2000 to Windows Server 2003
<http://support.microsoft.com/kb/326480/en-us>

Thanks & Regards,

Mike Luo

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages