Re: Howto: migrate service accounts on workstations

Hello,

do not forget scheduled stasks too...

If you have many stations, you may automate this task, like using this script:
http://techtasks.com/code/viewbookcode/594

Just need a wrapper around to make all workstation, one after one

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


"Franz Schenk" <franzNO-_-SPAM.no-sPAMschenk@xxxxxxxx> wrote in message news:uifN2nDAIHA.5960@xxxxxxxxxxxxxxxxxxxxxxx
- have to migrate an NT4 domain into a Windows 2003 AD. Using ADMT V3
- the operator of the Windows 2003 AD tolerates only a one way trust from the NT4 domain to the Windows 2003 domain. A two way trust is not possible.
- There is a SW distribution solution in the old domain in place that runs an agent as a service under the account <olddomain>\<sw-dist-user> on every workstation.
- The user <olddomain>\<sw-dist-user> is in the domain admins group of the old domain and has therefore local admin rights on all workstations before they are migrated.

Due to the one way trust requirement, The SW distribution agent on all workstations will not work anymore after the workstation is migrated into the new domain. We can migrate the user <olddomain>\<sw-dist-user> into the new domain. But the whole procedure is not clear to me:

1. How do we have to migrate the user <olddomain>\<sw-dist-user>? This user account is not used on the NT4 DC's and therefore not recognized from ADMT as a service account.
2. How can we change the SCW entries (the account information in the services applet on the workstations) on the workstations?

Thank you in advance for any clarification and help!
Franz

.

Relevant Pages

  • Re: Rollback Solution / Password Reset
    ... Mike Davidson Ireland ... environment where workstations are loosing connection to the Domain. ... the server is throwing the account off the domain. ... Instead of the website you're using, I suggest to use OEx (Outlook Express ...
    (microsoft.public.windows.server.active_directory)
  • Re: New Domain Name
    ... Danny wrote: ... Presently my workstations log on to mydomain.ca and ... transfer Files and Settings to new profile? ... account of user that utilizes this particular machine. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Controls for client machines
    ... I am trying to assess the risks that this causes to local data files and network security in general. ... For NT workstations it would be possible to use a NTFSDOS boot disk to ... allows the password of any local account to be set. ... domain account while disconnected from the network. ...
    (microsoft.public.security)
  • Re: Easy question on the local admin passwords
    ... Or even why worry about a local password on workstations. ... Set the account to a random long impossible to remember password and when you need to get into a machine and domain creds aren't working, reset the password with one of the hack CDs. ... The startup script has the obvious issues already discussed. ... GPO scripts which is not good because the SMS packages and GPO scripts ...
    (microsoft.public.win2000.security)
  • Re: Controls for client machines
    ... floppy - cd drive or at least not able to boot from is a good first step ... For these workstations I ... > allows the password of any local account to be set. ... > domain account while disconnected from the network. ...
    (microsoft.public.security)