Hi all. New to the list. Roger says this is the group that knows their stuff with AD. I've got an oddball one that I can't figure out. Sorry for the long post as a beginning.
Here's the deal. I'm performing a migration from NT 4 domain to W3K AD. New domain, new hdw, migrate only the necessary stuff to the new domain. Need to rebuild xch 5.5 from NT4 to w2k server in new domain, but leave it at 5.5. Just switch domains and OS. Using a swing server for that. Move mailboxes, rebuild current server, then remove xch from swing server. Once AD is spinning normally, migrate users and shut down old domain. Built test lab. 2 W3K servers, both DCs, both DNS, both GCs. Working fine. Built production domain. 2 W3K servers, both DCs, both DNS, both GCs. Working fine. Same builds on both domains, same security templates, all set up the same. No radical lockdowns. Pretty basic behind-the-firewall builds. Two-way trusts between all 3 domains. No other domains involved. Installed fastlane migrator in the test domain to try some migration strategies. Created svc account for that app in the test domain. Built w2k server, joined new production domain, put xch 5.5 on it. SP4 for both OS and xch. Everything tests out fine. Did svc account hack to provide new domain svc account. Went fine, xch services started fine under new account. That's when things started looking a little strange... I looked at the old xch server to make sure things were still running OK. Spotted something odd. I looked at the members of the local admins group on the NT4 xch server. Saw that the svc account was listed as newdomain\account unknown. Tried adding another account from the new domain to that group. Added OK, but as soon as I view the group again, it reverts to newdomain\account unknown. Funny thing is, though, I can see the accounts from the testlab domain just fine. And, if I look in the perms within exchange, the accounts enumerate just fine. Tried doing same test on a w2k wkst in old domain, same issue. Newdomain account reverts to SID immediately after creation, but testlab account looks fine. Hmmm. OK, so I log in to the NT4 xch box as the new svc account. No prob. Logs in fine. But, I can't do everything. When I set a service to start as the svc account, it chokes and returns the error "Cannot set the startup parameters for the ...service. Error 1057 occurred: the account name is invalid or does not exist.". OK, so I try a couple other accounts to test, same issue if they're in the new domain. If I use a testlab account, it works fine. Then I try to run exAdmin while logged on as the svc account. When I connect to the new server, it works fine. When I connect to the old server, I get an error stating: "Network problems are preventing connection to the MS xch server. Mapi was unable to load the information service emsabp.dll. Be sure the service is correctly installed... Microsoft Address Book ID no. 00040380-000-00000000" I then try as a few different accounts in the new domain. Same issue. Not an Outlook problem; Office/Outlook is not installed on that xch server. If I use an account from the testlab domain, exadmin works as it should. Netdom, netdiag, dcdiag, all run OK. Tried rebooting all involved boxes. No change. DNS resolution/registration appears to be working fine. Using same WINS box as old domain, names registering in db OK. Trusts have been verified with gui and netdom. Haven't blown away and recreated them; wouldn't I see logon issues if I had a trust failure? Seems like something about the way I built the new domain is different from the testlab. I checked the security policy template, RSOP, domain controller policy, and made sure all the security options and user rights assignments were the same. I don't know what the issue is. Anyone know where I should start to look? I can't find any Qs or tech articles that accurately address the xch error I'm getting. My guess is it's one little security setting that I've overlooked. All help will be appreciated, and if I overlooked something obvious, then I deserve whatever I get. :-) Thanks! ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ********************** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
