Re: NT4 to 2003 with ADMT: Rights issue
- From: v-kzhao@xxxxxxxxxxxxxxxxxxxx ("Ken Zhao [MSFT]")
- Date: Mon, 13 Aug 2007 05:57:23 GMT
Hi Franz,
Thanks for your reply and let us know your situation.
Thanks & Regards,
Ken Zhao
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Franz Schenk" <franz.schenkNOSPAM@xxxxxxxxxxxxxxxx>
| References: <OQo3WAN2HHA.4712@xxxxxxxxxxxxxxxxxxxx>
<b5tW5dW2HHA.360@xxxxxxxxxxxxxxxxxxxxxx>
<#HBQCfl2HHA.1204@xxxxxxxxxxxxxxxxxxxx>
<4SHKw#y2HHA.6140@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: NT4 to 2003 with ADMT: Rights issue
| Date: Fri, 10 Aug 2007 14:10:29 +0200
| Lines: 241
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| Message-ID: <uymtWe02HHA.4880@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: mail.fitit.ch 81.6.6.11
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:1847
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Hello Ken
|
| Thank you for your feedback. 329887 is for Windows 2000 only as well,
| according the text in the article. And the article was revised in
February
| 2007. I thought also that Windows 2003 has the dcgpofix command for this
| issue instead.
|
| The DNS settings are very easy, since it's the only DC of the domain with
| it's DNS server. netdiag /test:dns runs without any errors. Verified also
| the DNS suffix of the LAN connection.
|
| But I'm able to launch AD users and computers with "run as" without any
| problems. And migration with ADMT of all objects of the old NT4 domain
also
| seem to work fine. So, i prefer to live with this workaround instead of
| modify the whole security on the Windows 2003 DC based on information of
an
| article that is only for Windows 2000. In my opinion, it's also unlikely
| that the security on the Windows 2003 DC is corrupted, since I have
| installed and updated this DC (virtual machine) from scratch only a few
days
| ago from an original CD image.
|
| best regards,
| Franz
|
| ""Ken Zhao [MSFT]"" <v-kzhao@xxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
| news:4SHKw%23y2HHA.6140@xxxxxxxxxxxxxxxxxxxxxxxxx
| > Hello Franz,
| >
| > I found the following article that might be helpful:
| > 329887: You Cannot Interact with Active Directory MMC Snap-Ins
| > http://support.microsoft.com/kb/329887/en-us
| >
| > In addition, I also found this similar issue may be caused by incorrect
| > DNS
| > configuration. Therefore, please check your DNS settings and make sure
DNS
| > is working fine.
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
| > <http://www.microsoft.com/security>
| > ====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > ====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| >
| > --------------------
| > | From: "Franz Schenk" <franz.schenkNOSPAM@xxxxxxxxxxxxxxxx>
| > | References: <OQo3WAN2HHA.4712@xxxxxxxxxxxxxxxxxxxx>
| > <b5tW5dW2HHA.360@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: NT4 to 2003 with ADMT: Rights issue
| > | Date: Thu, 9 Aug 2007 09:34:42 +0200
| > | Lines: 134
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| > | Message-ID: <#HBQCfl2HHA.1204@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: mail.fitit.ch 81.6.6.11
| > | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.migration:1837
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | Hi Ken
| > |
| > | Thank you for your feedback. But the articles you mentioned do not
| > apply:
| > |
| > | 257623: The machine was not upgraded, Windows 2003 is installed from
| > | scratch. The problem is also not machine specific. When launching AD
| > users
| > | and computer with "run as" and not using the migration user account
from
| > the
| > | trusted NT4 domain, AD users and computers work fine. Also, all the
| > events
| > | mentioned in the article do not appear. The eventlog is error free,
| > except
| > | the usual 3019 MrxSmb Warnings.
| > |
| > | 257346: Does not apply as well. The "Access this computer from the
| > network"
| > | right is defined in the default domain controller policy, and this
right
| > | have the following objects: Everyone, Administrators, Authenticated
| > Users,
| > | ENTERPRISE DOMAIN CONTROLLERS, Pre-Windows 2000 Compatible Access.
| > | Additionally I don't understand this article, it's weird to me: Why
| > | adjusting rights in the gpt.ini file and not in the GPO object itself?
| > |
| > | The articles you mentioned are also explicitely only for Windows 2000,
| > | despite they are all updated in the year 2007.
| > |
| > | Thank you all in advance for any further help!
| > | Franz
| > |
| > | ""Ken Zhao [MSFT]"" <v-kzhao@xxxxxxxxxxxxxxxxxxxx> schrieb im
| > Newsbeitrag
| > | news:b5tW5dW2HHA.360@xxxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hello Franz,
| > | >
| > | > Thank you for using newsgroup!
| > | >
| > | > Based on your error messages, I'd like to suggest you refer to:
| > | > 257623: The DNS suffix of the computer name of a new domain
controller
| > may
| > | > not match the name of the domain after you upgrade a Windows NT 4.0
| > | > primary
| > | > domain controller to Windows 2000
| > | > http://support.microsoft.com/kb/257623/en-us
| > | >
| > | > 257346: "Access This Computer from the Network" User Right Causes
| > Tools
| > | > Not
| > | > to Work
| > | > http://support.microsoft.com/kb/257346/en-us
| > | >
| > | > Thanks & Regards,
| > | >
| > | > Ken Zhao
| > | >
| > | > Microsoft Online Support
| > | > Microsoft Global Technical Support Center
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > <http://www.microsoft.com/security>
| > | > ====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > ====================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | From: "Franz Schenk" <franz.schenkNOSPAM@xxxxxxxxxxxxxxxx>
| > | > | Subject: NT4 to 2003 with ADMT: Rights issue
| > | > | Date: Tue, 7 Aug 2007 10:51:07 +0200
| > | > | Lines: 34
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | Message-ID: <OQo3WAN2HHA.4712@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.migration
| > | > | NNTP-Posting-Host: mail.fitit.ch 81.6.6.11
| > | > | Path:
| > TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| > | > | Xref: TK2MSFTNGHUB02.phx.gbl
| > | > microsoft.public.windows.server.migration:1824
| > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > |
| > | > | We have to migrate an NT4 domain into an existing OU in a Windows
| > 2003
| > | > | domain. The target domain is in Windows 2000 native mode.
| > | > |
| > | > | For test and concept purposes, I have setup a VM environment with
a
| > NT4
| > | > DC
| > | > | and a Windows 2003 SP2 DC, the domain is also in Windows 2000
native
| > | > mode
| > | > as
| > | > | it is at the customers site.
| > | > |
| > | > | Have deployed ADMT V3 according the Microsoft ADMT v3 Migration
| > Guide
| > | > and
| > | > | installed ADMT on the Windows 2003 DC. Have established an
external
| > two
| > | > way
| > | > | trust between the NT4 and the 2003 domain. for testing purposes, I
| > have
| > | > | added the source NT4 migration account (which has NT4 domain admin
| > | > | permissions) in the domain local administrators group of the
Windows
| > | > 2003
| > | > | domain.
| > | > |
| > | > | When logging on to the Windows 2003 DC with the migration Account
| > from
| > | > the
| > | > | NT4 source domain, I'm able to "Initialize ADMT" as described at
| > page
| > 47
| > | > of
| > | > | the ADMT migration guide, and I can also migrate a NT4 global
group
| > to
| > | > the
| > | > | target OU in the new domain.
| > | > |
| > | > | But when launching AD users and groups, I'm getting the error
| > "Naming
| > | > | information cannot be located because: Logon attempt failed.
Contact
| > | > your
| > | > | system administrator to verify that your domain is properly
| > configured
| > | > and
| > | > | is currently online.", and when launching AD domains and trusts,
I'm
| > | > getting
| > | > | the error "The configuration information describing this
enterprise
| > is
| > | > not
| > | > | available. The logon attempt failed". But these tools work fine
when
| > I
| > | > log
| > | > | on as a domain admin of the Windows 2003 domain. Have also found
KB
| > | > 329887,
| > | > | but this article is for Windows 2000, and my Windows 2003 DC is
| > freshly
| > | > | created and no security settings have been adjusted so far
(except
| > the
| > | > ones
| > | > | like SID hsitory that are described and required for admt).
| > | > |
| > | > | Any advice? Thank you all in advance for any help!
| > | > | Franz
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- References:
- NT4 to 2003 with ADMT: Rights issue
- From: Franz Schenk
- RE: NT4 to 2003 with ADMT: Rights issue
- From: "Ken Zhao [MSFT]"
- Re: NT4 to 2003 with ADMT: Rights issue
- From: Franz Schenk
- Re: NT4 to 2003 with ADMT: Rights issue
- From: "Ken Zhao [MSFT]"
- Re: NT4 to 2003 with ADMT: Rights issue
- From: Franz Schenk
- NT4 to 2003 with ADMT: Rights issue
- Prev by Date: Re: how to deal with security permission on folders
- Next by Date: Re: ADMT 3.0: howto migrate roaming profiles?
- Previous by thread: Re: NT4 to 2003 with ADMT: Rights issue
- Next by thread: Domain Migration - User Desktop Settings
- Index(es):
Relevant Pages
|
