Dear all, have posted quite recently with no feedback so hoping this time round to get a bit more info,
still looking at strategy for migration of the well known accounts - "Domain Admins" / Domain Users on which a lot of domain security is based. thought this was where the Group mapping and merging wizard gave us some help. using it to map sourcedom\Domain Admins to targetdom\Domain Admins with the "migrate group sids" option enabled - i assumed this would populate the Sidhistory of the targetdomain group object with that of the source domain sid and in doing so creating an entry in the ADMT database that will be read by the security translation / user migration wizards. ditto for Domain Users However this ADMT process is failing with the following error codes; ERR2: 7085 Replace failed rc=1371 Cannot perform this operation on builtin accounts for me am i not right to say that the above groups are not in fact builtin accounts but "well known accounts" ?? saw one post back that documented the use of a manual process (cloneprincipal) to acheive the population of the sidhistroy but this will not allow us to acheive the requirement of security translation any clues ?? GT List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/