Re: [ActiveDir] ADMT v3 implementation questions
My problems seemed to have been solved by simply logging in as the Administrator from the source domain, on the target domain. Then I was able to access all shares in the source domain, as well as run the ADMT agent with no problems. I am trying to finish up my ADMT v3.0 migration document to help others who are running into problems. I will let you all know when it is ready. Thanks for the help. Joe On 3/8/06, Joe Lagreca <[EMAIL PROTECTED]> wrote: > I got ADMT running in a test environment, but now have a few problems. > > Problem #1 > > When I use the wizard to migrate a computer from the source domain to > the target, I then have the same machine account in both domains. > Making it impossible for the target domain to access the shares of the > workstation in the source domain. I have experienced this problem, > and found it documented here: > > http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm > > > 4655 » Logon Failure error when accessing a child domain controller from > > the parent domain? 08-Jan-02 > > > > When you attempt to access a child domain controller from the parent > > domain, you receive: > > > > Logon Failure: The target account name is incorrect. > > > > This error will occur if a computer in the parent domain has the same > > computer name as a computer in the child domain. > > > > To resolve the problem, rename one of the computers. > > > > NOTE: If the computer no longer exists, delete it's machine account. > > > If I delete the the newly migrated computer from the target domain, I > can then access the shares on the workstation in the source domain. > Anyone have an idea of how I can get around this limitation? I don't > think it is possible to remove the workstation from the source domain > yet, as it hasn't had the agent dispatched to it to change its domain > ownership. > > Problem #2 > > Even though I have already added the opposite Domain Admins group to > the local Administrator group of each machine, I don't appear to have > admin rights across the trust between domains. > > One example is that the target domain cannot access the Admin$ share > of the workstation in the source domain. > > If I go to the source domain workstation and add the administrator of > the target domain to the local Administrator group of the workstation, > I can then access the Admin$ share and dispatch the ADMT agent to the > workstation. > > Since this is not practical in a widespread migration, I need to > figure out how to get administrative privileges across the trust > between domains. > > Thanks. > > Joe > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v3 implementation questions
For #1, you are apparently not migrating with SIDHistory. If you have a problem with SIDHistory and don't want to use it, then you will have to wait until you have migrated everything and repermissioned the resources before you can access resources. For #2, try http://www.akomolafe.com/TechStuff/Scripts/tabid/63/Default.aspx Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Joe Lagreca Sent: Wed 3/8/2006 2:35 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADMT v3 implementation questions I got ADMT running in a test environment, but now have a few problems. Problem #1 When I use the wizard to migrate a computer from the source domain to the target, I then have the same machine account in both domains. Making it impossible for the target domain to access the shares of the workstation in the source domain. I have experienced this problem, and found it documented here: http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm > 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02 > > When you attempt to access a child domain controller from the parent domain, you receive: > > Logon Failure: The target account name is incorrect. > > This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain. > > To resolve the problem, rename one of the computers. > > NOTE: If the computer no longer exists, delete it's machine account. If I delete the the newly migrated computer from the target domain, I can then access the shares on the workstation in the source domain. Anyone have an idea of how I can get around this limitation? I don't think it is possible to remove the workstation from the source domain yet, as it hasn't had the agent dispatched to it to change its domain ownership. Problem #2 Even though I have already added the opposite Domain Admins group to the local Administrator group of each machine, I don't appear to have admin rights across the trust between domains. One example is that the target domain cannot access the Admin$ share of the workstation in the source domain. If I go to the source domain workstation and add the administrator of the target domain to the local Administrator group of the workstation, I can then access the Admin$ share and dispatch the ADMT agent to the workstation. Since this is not practical in a widespread migration, I need to figure out how to get administrative privileges across the trust between domains. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ADMT v3 implementation questions
I got ADMT running in a test environment, but now have a few problems. Problem #1 When I use the wizard to migrate a computer from the source domain to the target, I then have the same machine account in both domains. Making it impossible for the target domain to access the shares of the workstation in the source domain. I have experienced this problem, and found it documented here: http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm > 4655 » Logon Failure error when accessing a child domain controller from the > parent domain? 08-Jan-02 > > When you attempt to access a child domain controller from the parent domain, > you receive: > > Logon Failure: The target account name is incorrect. > > This error will occur if a computer in the parent domain has the same > computer name as a computer in the child domain. > > To resolve the problem, rename one of the computers. > > NOTE: If the computer no longer exists, delete it's machine account. If I delete the the newly migrated computer from the target domain, I can then access the shares on the workstation in the source domain. Anyone have an idea of how I can get around this limitation? I don't think it is possible to remove the workstation from the source domain yet, as it hasn't had the agent dispatched to it to change its domain ownership. Problem #2 Even though I have already added the opposite Domain Admins group to the local Administrator group of each machine, I don't appear to have admin rights across the trust between domains. One example is that the target domain cannot access the Admin$ share of the workstation in the source domain. If I go to the source domain workstation and add the administrator of the target domain to the local Administrator group of the workstation, I can then access the Admin$ share and dispatch the ADMT agent to the workstation. Since this is not practical in a widespread migration, I need to figure out how to get administrative privileges across the trust between domains. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/