Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

You guys are right, it wasn't password complexity.  I just switched
complex passwords back on to see if I could reproduce.  No dice,
passwords still copy over fine when migrating an account.  I'm
positive that is the only thing I changed.  I'm scratching my head
here.
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2 PES question

[Willem Kasdorp]

I agree with Tony as well. Right now we are migrating numerous NT4 and AD
domains into a common W2003 domain with length =8 and complexity. No
problems. Using ADMT v2.0. I know this doesn't help to understand what
happened in you case, Jordan, but there must me something... 


--
Regards, Willem

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Sunday, September 19, 2004 12:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2 PES question

I second Tony's point: you shouldn't need to change the policy for PW
lenght to make this work. However, Anonymous users must have access to
the target domain, which is the default in 2000, but not for 2003. This
is vor ADMTv2.

With ADMTv3 the PES runs as a service on the source domain, which allows
you to run it with special credentials = thus anonymous access is no
longer allowed.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Friday, September 17, 2004 5:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 PES question

Jordan

I'm glad it worked out for you.  Apologies for misleading you and Dave
on this.  I'm pretty confused right now because I thought I had
understood the behaviour pretty well.  

I'll see if you can get someone from inside MS to provide a decent
description of how it actually works.

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 17 Sep 2004 08:49:58 -0600

Tony,

I'm using ADMT v2 into a 2k3 domain, so they may have changed it
somewhat.  Anyway, I got it working so it's all good.  Would have been
nice to see that mentioned somewhere in the docs I read though.


On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray
[EMAIL PROTECTED] wrote:
 David
 
 Strange.  My experience was also first hand.  We migrated a large
number of NT domains (with various different password policies) to a
single Windows 2000 AD domain using ADMT 2.0.  In many cases the source
domain didn't conform to the password requirements (length, complexity)
of the target domain, but the passwords were still exported
successfully.
 
 Maybe the behaviour changes if the target domain is W2K3 AD?
 
 In any case, our discussion may be moot given the error that Jordan
sees.  The access is denied in the error would appear to indicate some
other issue.
 
 Tony
 
 
 -- Original Message --
 From: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Fri, 17 Sep 2004 08:50:58 -0400
 
 Tony,
 
 That situation was a first hand experience for me.  Once I reset 
 (loosened) the password policy on 2K3, the export went.  In my case, 
 it was not complexity that was stopping it, but minimum password
length.
 
 Jordan,
 
 I just remembered another gotcha.  If you reinstalled the pes dll on 
 the NT4 PDC or installed it after you did all the regedits, recheck 
 the reg edits, as the pes install resets some of the values.  Again 
 another first hand experience
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: September 17, 2004 7:48 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 Jordan
 
 You might want to first double-check David's statement below.  My 
 understanding is that ADMT 2.0 doesn't enforce complexity in any way 
 for exported passwords.  It doesn't actually export the password, only
the hash.
 In other words, it won't know whether the password complexity 
 requirements of the target domain are met by the password or not.  The

 password complexity is only enforced when the user next changes
password.
 
 The only situation I know of where a new password is generated to meet

 the complexity requirements is where there is no password associated 
 with the account in the source domain.
 
 Tony
 -- Original Message --
 From: Jordan Arendt [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Thu, 16 Sep 2004 11:12:51 -0600
 
 Thanks.  I had dumbed down my default domain password policy as the 
 NT 4 domain only required a password length of 6 characters.  I am new

 to the site and didn't realize that complex passwords were not 
 enforced, I just assumed it (ya ya ass u me).  So anyway, I removed 
 complex passwords from the domain security policy and will do so when
we do the actual migration.
 Then enforce it once everyone is migrated over.  Sigh.
 
 Thanks again,
 
 Jordan
 
 On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] 
 [EMAIL PROTECTED] wrote:
  Check you default domain password policy.  Likely your source domain

  has a weaker policy than the target (2K3) so it generates a random 
  Password that meets the policy and places it in a file in the 
  ADMT\logs
 directory.
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED

RE: [ActiveDir] ADMT v2 PES question

[Grillenmeier, Guido]

I second Tony's point: you shouldn't need to change the policy for PW
lenght to make this work. However, Anonymous users must have access to
the target domain, which is the default in 2000, but not for 2003. This
is vor ADMTv2.

With ADMTv3 the PES runs as a service on the source domain, which allows
you to run it with special credentials = thus anonymous access is no
longer allowed.

/Guido

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Friday, September 17, 2004 5:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 PES question

Jordan

I'm glad it worked out for you.  Apologies for misleading you and Dave
on this.  I'm pretty confused right now because I thought I had
understood the behaviour pretty well.  

I'll see if you can get someone from inside MS to provide a decent
description of how it actually works.

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 17 Sep 2004 08:49:58 -0600

Tony,

I'm using ADMT v2 into a 2k3 domain, so they may have changed it
somewhat.  Anyway, I got it working so it's all good.  Would have been
nice to see that mentioned somewhere in the docs I read though.


On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray
[EMAIL PROTECTED] wrote:
 David
 
 Strange.  My experience was also first hand.  We migrated a large
number of NT domains (with various different password policies) to a
single Windows 2000 AD domain using ADMT 2.0.  In many cases the source
domain didn't conform to the password requirements (length, complexity)
of the target domain, but the passwords were still exported
successfully.
 
 Maybe the behaviour changes if the target domain is W2K3 AD?
 
 In any case, our discussion may be moot given the error that Jordan
sees.  The access is denied in the error would appear to indicate some
other issue.
 
 Tony
 
 
 -- Original Message --
 From: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Fri, 17 Sep 2004 08:50:58 -0400
 
 Tony,
 
 That situation was a first hand experience for me.  Once I reset 
 (loosened) the password policy on 2K3, the export went.  In my case, 
 it was not complexity that was stopping it, but minimum password
length.
 
 Jordan,
 
 I just remembered another gotcha.  If you reinstalled the pes dll on 
 the NT4 PDC or installed it after you did all the regedits, recheck 
 the reg edits, as the pes install resets some of the values.  Again 
 another first hand experience
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: September 17, 2004 7:48 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 Jordan
 
 You might want to first double-check David's statement below.  My 
 understanding is that ADMT 2.0 doesn't enforce complexity in any way 
 for exported passwords.  It doesn't actually export the password, only
the hash.
 In other words, it won't know whether the password complexity 
 requirements of the target domain are met by the password or not.  The

 password complexity is only enforced when the user next changes
password.
 
 The only situation I know of where a new password is generated to meet

 the complexity requirements is where there is no password associated 
 with the account in the source domain.
 
 Tony
 -- Original Message --
 From: Jordan Arendt [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Thu, 16 Sep 2004 11:12:51 -0600
 
 Thanks.  I had dumbed down my default domain password policy as the 
 NT 4 domain only required a password length of 6 characters.  I am new

 to the site and didn't realize that complex passwords were not 
 enforced, I just assumed it (ya ya ass u me).  So anyway, I removed 
 complex passwords from the domain security policy and will do so when
we do the actual migration.
 Then enforce it once everyone is migrated over.  Sigh.
 
 Thanks again,
 
 Jordan
 
 On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] 
 [EMAIL PROTECTED] wrote:
  Check you default domain password policy.  Likely your source domain

  has a weaker policy than the target (2K3) so it generates a random 
  Password that meets the policy and places it in a file in the 
  ADMT\logs
 directory.
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Jordan 
  Arendt
  Sent: September 15, 2004 6:11 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] ADMT v2 PES question
 
  1.  Yes. Can ping both ways from each machine. Wins servers are 
  entered correctly.
 
  2. Yes the Pre-Windows 2000 Compatible Access group has the 
  following
  members:
  Anonymous Logon
  Authenticated Users
  Everyone
 
  On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop 
  [EMAIL PROTECTED]
  wrote:
   Jordan,
  
   1) Did you verify that both DNS _and_ WINS resolution

Re: [ActiveDir] ADMT v2 PES question

[Tony Murray]

Jordan

You might want to first double-check David's statement below.  My understanding is 
that ADMT 2.0 doesn't enforce complexity in any way for exported passwords.  It 
doesn't actually export the password, only the hash.  In other words, it won't know 
whether the password complexity requirements of the target domain are met by the 
password or not.  The password complexity is only enforced when the user next changes 
password.

The only situation I know of where a new password is generated to meet the complexity 
requirements is where there is no password associated with the account in the source 
domain.  

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 16 Sep 2004 11:12:51 -0600

Thanks.  I had dumbed down my default domain password policy as the
NT 4 domain only required a password length of 6 characters.  I am new
to the site and didn't realize that complex passwords were not
enforced, I just assumed it (ya ya ass u me).  So anyway, I removed
complex passwords from the domain security policy and will do so when
we do the actual migration.  Then enforce it once everyone is migrated
over.  Sigh.

Thanks again,

Jordan 


On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 Check you default domain password policy.  Likely your source domain has a
 weaker policy than the target (2K3) so it generates a random Password that
 meets the policy and places it in a file in the ADMT\logs directory.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
 Sent: September 15, 2004 6:11 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 1.  Yes. Can ping both ways from each machine. Wins servers are entered
 correctly.
 
 2. Yes the Pre-Windows 2000 Compatible Access group has the following
 members:
 Anonymous Logon
 Authenticated Users
 Everyone
 
 On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED]
 wrote:
  Jordan,
 
  1) Did you verify that both DNS _and_ WINS resolution are functioning
  properly ? You will need both of these to function properly for the
  migration to work.
  2) Did you add both the Anonymous Logon group as the Everyone group to
  the Pre-Windows 2000 Compatible Access group ?
 
  Regards,
 
  Paul.
 
 
 
  - Original Message -
  From: Jordan Arendt [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Wednesday, September 15, 2004 10:52 PM
  Subject: [ActiveDir] ADMT v2 PES question
 
   Hi all,
  
   So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
   I've setup a Password Export Server on a DC in my test NT 4 domain.
   Set registry entries, established trusts, etc.  When I go to migrate
   a user, I get:
  
   WRN1:7557 Failed to copy the password for {user.} A strong password
   has been generated instead. Unable to copy password. Access is denied.
  
   I'm looking at
   http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
  
   and have verified everything except:
  
   Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
   Domain permissions on the object, as follows:
   CN=Server,CN=System,DC={TargetDomain},DC={tld}
  
   Can anyone translate this for me?  I'm not sure what I am supposed
   to do here.
  
   Thanks,
  
   Jordan
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir%40mail.activedir.org/
 
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2 PES question

[Frost . David]

Tony,

That situation was a first hand experience for me.  Once I reset (loosened)
the password policy on 2K3, the export went.  In my case, it was not
complexity that was stopping it, but minimum password length. 

Jordan,

I just remembered another gotcha.  If you reinstalled the pes dll on the NT4
PDC or installed it after you did all the regedits, recheck the reg edits,
as the pes install resets some of the values.  Again another first hand
experience

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: September 17, 2004 7:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 PES question

Jordan

You might want to first double-check David's statement below.  My
understanding is that ADMT 2.0 doesn't enforce complexity in any way for
exported passwords.  It doesn't actually export the password, only the hash.
In other words, it won't know whether the password complexity requirements
of the target domain are met by the password or not.  The password
complexity is only enforced when the user next changes password.

The only situation I know of where a new password is generated to meet the
complexity requirements is where there is no password associated with the
account in the source domain.  

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 16 Sep 2004 11:12:51 -0600

Thanks.  I had dumbed down my default domain password policy as the NT 4
domain only required a password length of 6 characters.  I am new to the
site and didn't realize that complex passwords were not enforced, I just
assumed it (ya ya ass u me).  So anyway, I removed complex passwords from
the domain security policy and will do so when we do the actual migration.
Then enforce it once everyone is migrated over.  Sigh.

Thanks again,

Jordan 


On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 Check you default domain password policy.  Likely your source domain 
 has a weaker policy than the target (2K3) so it generates a random 
 Password that meets the policy and places it in a file in the ADMT\logs
directory.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
 Sent: September 15, 2004 6:11 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 1.  Yes. Can ping both ways from each machine. Wins servers are 
 entered correctly.
 
 2. Yes the Pre-Windows 2000 Compatible Access group has the following
 members:
 Anonymous Logon
 Authenticated Users
 Everyone
 
 On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop 
 [EMAIL PROTECTED]
 wrote:
  Jordan,
 
  1) Did you verify that both DNS _and_ WINS resolution are 
  functioning properly ? You will need both of these to function 
  properly for the migration to work.
  2) Did you add both the Anonymous Logon group as the Everyone group 
  to the Pre-Windows 2000 Compatible Access group ?
 
  Regards,
 
  Paul.
 
 
 
  - Original Message -
  From: Jordan Arendt [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Wednesday, September 15, 2004 10:52 PM
  Subject: [ActiveDir] ADMT v2 PES question
 
   Hi all,
  
   So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
   I've setup a Password Export Server on a DC in my test NT 4 domain.
   Set registry entries, established trusts, etc.  When I go to 
   migrate a user, I get:
  
   WRN1:7557 Failed to copy the password for {user.} A strong 
   password has been generated instead. Unable to copy password. Access
is denied.
  
   I'm looking at
   http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
  
   and have verified everything except:
  
   Pre-Windows 2000 Compatible Access has Read and Enumerate Entire 
   SAM Domain permissions on the object, as follows:
   CN=Server,CN=System,DC={TargetDomain},DC={tld}
  
   Can anyone translate this for me?  I'm not sure what I am supposed 
   to do here.
  
   Thanks,
  
   Jordan
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir%40mail.activedir.org/
 
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org

RE: [ActiveDir] ADMT v2 PES question

[Tony Murray]

David

Strange.  My experience was also first hand.  We migrated a large number of NT domains 
(with various different password policies) to a single Windows 2000 AD domain using 
ADMT 2.0.  In many cases the source domain didn't conform to the password requirements 
(length, complexity) of the target domain, but the passwords were still exported 
successfully.

Maybe the behaviour changes if the target domain is W2K3 AD?

In any case, our discussion may be moot given the error that Jordan sees.  The access 
is denied in the error would appear to indicate some other issue.

Tony
-- Original Message --
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 17 Sep 2004 08:50:58 -0400

Tony,

That situation was a first hand experience for me.  Once I reset (loosened)
the password policy on 2K3, the export went.  In my case, it was not
complexity that was stopping it, but minimum password length. 

Jordan,

I just remembered another gotcha.  If you reinstalled the pes dll on the NT4
PDC or installed it after you did all the regedits, recheck the reg edits,
as the pes install resets some of the values.  Again another first hand
experience

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: September 17, 2004 7:48 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 PES question

Jordan

You might want to first double-check David's statement below.  My
understanding is that ADMT 2.0 doesn't enforce complexity in any way for
exported passwords.  It doesn't actually export the password, only the hash.
In other words, it won't know whether the password complexity requirements
of the target domain are met by the password or not.  The password
complexity is only enforced when the user next changes password.

The only situation I know of where a new password is generated to meet the
complexity requirements is where there is no password associated with the
account in the source domain.  

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Thu, 16 Sep 2004 11:12:51 -0600

Thanks.  I had dumbed down my default domain password policy as the NT 4
domain only required a password length of 6 characters.  I am new to the
site and didn't realize that complex passwords were not enforced, I just
assumed it (ya ya ass u me).  So anyway, I removed complex passwords from
the domain security policy and will do so when we do the actual migration.
Then enforce it once everyone is migrated over.  Sigh.

Thanks again,

Jordan 


On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 Check you default domain password policy.  Likely your source domain 
 has a weaker policy than the target (2K3) so it generates a random 
 Password that meets the policy and places it in a file in the ADMT\logs
directory.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
 Sent: September 15, 2004 6:11 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 1.  Yes. Can ping both ways from each machine. Wins servers are 
 entered correctly.
 
 2. Yes the Pre-Windows 2000 Compatible Access group has the following
 members:
 Anonymous Logon
 Authenticated Users
 Everyone
 
 On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop 
 [EMAIL PROTECTED]
 wrote:
  Jordan,
 
  1) Did you verify that both DNS _and_ WINS resolution are 
  functioning properly ? You will need both of these to function 
  properly for the migration to work.
  2) Did you add both the Anonymous Logon group as the Everyone group 
  to the Pre-Windows 2000 Compatible Access group ?
 
  Regards,
 
  Paul.
 
 
 
  - Original Message -
  From: Jordan Arendt [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Wednesday, September 15, 2004 10:52 PM
  Subject: [ActiveDir] ADMT v2 PES question
 
   Hi all,
  
   So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
   I've setup a Password Export Server on a DC in my test NT 4 domain.
   Set registry entries, established trusts, etc.  When I go to 
   migrate a user, I get:
  
   WRN1:7557 Failed to copy the password for {user.} A strong 
   password has been generated instead. Unable to copy password. Access
is denied.
  
   I'm looking at
   http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
  
   and have verified everything except:
  
   Pre-Windows 2000 Compatible Access has Read and Enumerate Entire 
   SAM Domain permissions on the object, as follows:
   CN=Server,CN=System,DC={TargetDomain},DC={tld}
  
   Can anyone translate this for me?  I'm not sure what I am supposed 
   to do here.
  
   Thanks,
  
   Jordan
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir%40mail.activedir.org

Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

 As soon as I modified my domain security policy on the w2k3 domain I
was importing into the password migrated accross no problem.  That is
the only change I made (changed password must meet complexity
requirments to disabled).



On Fri, 17 Sep 2004 07:48:21 -0400, Tony Murray [EMAIL PROTECTED] wrote:
 Jordan
 
 You might want to first double-check David's statement below.  My understanding is 
 that ADMT 2.0 doesn't enforce complexity in any way for exported passwords.  It 
 doesn't actually export the password, only the hash.  In other words, it won't know 
 whether the password complexity requirements of the target domain are met by the 
 password or not.  The password complexity is only enforced when the user next 
 changes password.
 
 The only situation I know of where a new password is generated to meet the 
 complexity requirements is where there is no password associated with the account in 
 the source domain.
 
 Tony
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

Tony,

I'm using ADMT v2 into a 2k3 domain, so they may have changed it
somewhat.  Anyway, I got it working so it's all good.  Would have been
nice to see that mentioned somewhere in the docs I read though.


On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote:
 David
 
 Strange.  My experience was also first hand.  We migrated a large number of NT 
 domains (with various different password policies) to a single Windows 2000 AD 
 domain using ADMT 2.0.  In many cases the source domain didn't conform to the 
 password requirements (length, complexity) of the target domain, but the passwords 
 were still exported successfully.
 
 Maybe the behaviour changes if the target domain is W2K3 AD?
 
 In any case, our discussion may be moot given the error that Jordan sees.  The 
 access is denied in the error would appear to indicate some other issue.
 
 Tony
 
 
 -- Original Message --
 From: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Fri, 17 Sep 2004 08:50:58 -0400
 
 Tony,
 
 That situation was a first hand experience for me.  Once I reset (loosened)
 the password policy on 2K3, the export went.  In my case, it was not
 complexity that was stopping it, but minimum password length.
 
 Jordan,
 
 I just remembered another gotcha.  If you reinstalled the pes dll on the NT4
 PDC or installed it after you did all the regedits, recheck the reg edits,
 as the pes install resets some of the values.  Again another first hand
 experience
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: September 17, 2004 7:48 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 Jordan
 
 You might want to first double-check David's statement below.  My
 understanding is that ADMT 2.0 doesn't enforce complexity in any way for
 exported passwords.  It doesn't actually export the password, only the hash.
 In other words, it won't know whether the password complexity requirements
 of the target domain are met by the password or not.  The password
 complexity is only enforced when the user next changes password.
 
 The only situation I know of where a new password is generated to meet the
 complexity requirements is where there is no password associated with the
 account in the source domain.
 
 Tony
 -- Original Message --
 From: Jordan Arendt [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Thu, 16 Sep 2004 11:12:51 -0600
 
 Thanks.  I had dumbed down my default domain password policy as the NT 4
 domain only required a password length of 6 characters.  I am new to the
 site and didn't realize that complex passwords were not enforced, I just
 assumed it (ya ya ass u me).  So anyway, I removed complex passwords from
 the domain security policy and will do so when we do the actual migration.
 Then enforce it once everyone is migrated over.  Sigh.
 
 Thanks again,
 
 Jordan
 
 On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
 [EMAIL PROTECTED] wrote:
  Check you default domain password policy.  Likely your source domain
  has a weaker policy than the target (2K3) so it generates a random
  Password that meets the policy and places it in a file in the ADMT\logs
 directory.
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
  Sent: September 15, 2004 6:11 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] ADMT v2 PES question
 
  1.  Yes. Can ping both ways from each machine. Wins servers are
  entered correctly.
 
  2. Yes the Pre-Windows 2000 Compatible Access group has the following
  members:
  Anonymous Logon
  Authenticated Users
  Everyone
 
  On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop
  [EMAIL PROTECTED]
  wrote:
   Jordan,
  
   1) Did you verify that both DNS _and_ WINS resolution are
   functioning properly ? You will need both of these to function
   properly for the migration to work.
   2) Did you add both the Anonymous Logon group as the Everyone group
   to the Pre-Windows 2000 Compatible Access group ?
  
   Regards,
  
   Paul.
  
  
  
   - Original Message -
   From: Jordan Arendt [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Wednesday, September 15, 2004 10:52 PM
   Subject: [ActiveDir] ADMT v2 PES question
  
Hi all,
   
So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
I've setup a Password Export Server on a DC in my test NT 4 domain.
Set registry entries, established trusts, etc.  When I go to
migrate a user, I get:
   
WRN1:7557 Failed to copy the password for {user.} A strong
password has been generated instead. Unable to copy password. Access
 is denied.
   
I'm looking at
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
   
and have verified everything except:
   
Pre-Windows 2000 Compatible Access has Read and Enumerate Entire
SAM Domain

Re: [ActiveDir] ADMT v2 PES question

[Tony Murray]

Jordan

I'm glad it worked out for you.  Apologies for misleading you and Dave on this.  I'm 
pretty confused right now because I thought I had understood the behaviour pretty 
well.  

I'll see if you can get someone from inside MS to provide a decent description of how 
it actually works.

Tony
-- Original Message --
From: Jordan Arendt [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 17 Sep 2004 08:49:58 -0600

Tony,

I'm using ADMT v2 into a 2k3 domain, so they may have changed it
somewhat.  Anyway, I got it working so it's all good.  Would have been
nice to see that mentioned somewhere in the docs I read though.


On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote:
 David
 
 Strange.  My experience was also first hand.  We migrated a large number of NT 
 domains (with various different password policies) to a single Windows 2000 AD 
 domain using ADMT 2.0.  In many cases the source domain didn't conform to the 
 password requirements (length, complexity) of the target domain, but the passwords 
 were still exported successfully.
 
 Maybe the behaviour changes if the target domain is W2K3 AD?
 
 In any case, our discussion may be moot given the error that Jordan sees.  The 
 access is denied in the error would appear to indicate some other issue.
 
 Tony
 
 
 -- Original Message --
 From: [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Fri, 17 Sep 2004 08:50:58 -0400
 
 Tony,
 
 That situation was a first hand experience for me.  Once I reset (loosened)
 the password policy on 2K3, the export went.  In my case, it was not
 complexity that was stopping it, but minimum password length.
 
 Jordan,
 
 I just remembered another gotcha.  If you reinstalled the pes dll on the NT4
 PDC or installed it after you did all the regedits, recheck the reg edits,
 as the pes install resets some of the values.  Again another first hand
 experience
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: September 17, 2004 7:48 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 Jordan
 
 You might want to first double-check David's statement below.  My
 understanding is that ADMT 2.0 doesn't enforce complexity in any way for
 exported passwords.  It doesn't actually export the password, only the hash.
 In other words, it won't know whether the password complexity requirements
 of the target domain are met by the password or not.  The password
 complexity is only enforced when the user next changes password.
 
 The only situation I know of where a new password is generated to meet the
 complexity requirements is where there is no password associated with the
 account in the source domain.
 
 Tony
 -- Original Message --
 From: Jordan Arendt [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date:  Thu, 16 Sep 2004 11:12:51 -0600
 
 Thanks.  I had dumbed down my default domain password policy as the NT 4
 domain only required a password length of 6 characters.  I am new to the
 site and didn't realize that complex passwords were not enforced, I just
 assumed it (ya ya ass u me).  So anyway, I removed complex passwords from
 the domain security policy and will do so when we do the actual migration.
 Then enforce it once everyone is migrated over.  Sigh.
 
 Thanks again,
 
 Jordan
 
 On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
 [EMAIL PROTECTED] wrote:
  Check you default domain password policy.  Likely your source domain
  has a weaker policy than the target (2K3) so it generates a random
  Password that meets the policy and places it in a file in the ADMT\logs
 directory.
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
  Sent: September 15, 2004 6:11 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [ActiveDir] ADMT v2 PES question
 
  1.  Yes. Can ping both ways from each machine. Wins servers are
  entered correctly.
 
  2. Yes the Pre-Windows 2000 Compatible Access group has the following
  members:
  Anonymous Logon
  Authenticated Users
  Everyone
 
  On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop
  [EMAIL PROTECTED]
  wrote:
   Jordan,
  
   1) Did you verify that both DNS _and_ WINS resolution are
   functioning properly ? You will need both of these to function
   properly for the migration to work.
   2) Did you add both the Anonymous Logon group as the Everyone group
   to the Pre-Windows 2000 Compatible Access group ?
  
   Regards,
  
   Paul.
  
  
  
   - Original Message -
   From: Jordan Arendt [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Wednesday, September 15, 2004 10:52 PM
   Subject: [ActiveDir] ADMT v2 PES question
  
Hi all,
   
So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
I've setup a Password Export Server on a DC in my test NT 4 domain

Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

Thanks.  I had dumbed down my default domain password policy as the
NT 4 domain only required a password length of 6 characters.  I am new
to the site and didn't realize that complex passwords were not
enforced, I just assumed it (ya ya ass u me).  So anyway, I removed
complex passwords from the domain security policy and will do so when
we do the actual migration.  Then enforce it once everyone is migrated
over.  Sigh.

Thanks again,

Jordan 


On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 Check you default domain password policy.  Likely your source domain has a
 weaker policy than the target (2K3) so it generates a random Password that
 meets the policy and places it in a file in the ADMT\logs directory.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
 Sent: September 15, 2004 6:11 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [ActiveDir] ADMT v2 PES question
 
 1.  Yes. Can ping both ways from each machine. Wins servers are entered
 correctly.
 
 2. Yes the Pre-Windows 2000 Compatible Access group has the following
 members:
 Anonymous Logon
 Authenticated Users
 Everyone
 
 On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED]
 wrote:
  Jordan,
 
  1) Did you verify that both DNS _and_ WINS resolution are functioning
  properly ? You will need both of these to function properly for the
  migration to work.
  2) Did you add both the Anonymous Logon group as the Everyone group to
  the Pre-Windows 2000 Compatible Access group ?
 
  Regards,
 
  Paul.
 
 
 
  - Original Message -
  From: Jordan Arendt [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Wednesday, September 15, 2004 10:52 PM
  Subject: [ActiveDir] ADMT v2 PES question
 
   Hi all,
  
   So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
   I've setup a Password Export Server on a DC in my test NT 4 domain.
   Set registry entries, established trusts, etc.  When I go to migrate
   a user, I get:
  
   WRN1:7557 Failed to copy the password for {user.} A strong password
   has been generated instead. Unable to copy password. Access is denied.
  
   I'm looking at
   http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
  
   and have verified everything except:
  
   Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
   Domain permissions on the object, as follows:
   CN=Server,CN=System,DC={TargetDomain},DC={tld}
  
   Can anyone translate this for me?  I'm not sure what I am supposed
   to do here.
  
   Thanks,
  
   Jordan
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir%40mail.activedir.org/
 
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2 PES question

[Bernard, Aric]

Ensure that whatever user you are logged in as and running ADMTv2 with
has Administrator privileges to the NT4 domain.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
Sent: Wednesday, September 15, 2004 1:53 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADMT v2 PES question

Hi all,

So, I've got a 2k3 forest that I am migrating an NT 4 domain into. 
I've setup a Password Export Server on a DC in my test NT 4 domain. 
Set registry entries, established trusts, etc.  When I go to migrate a
user, I get:

WRN1:7557 Failed to copy the password for {user.} A strong password
has been generated instead. Unable to copy password. Access is denied.

I'm looking at 
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981

and have verified everything except:

Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
Domain permissions on the object, as follows:
CN=Server,CN=System,DC={TargetDomain},DC={tld}

Can anyone translate this for me?  I'm not sure what I am supposed to do
here.  

Thanks,

Jordan
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] ADMT v2 PES question

[Paul van Geldrop]

Jordan,
1) Did you verify that both DNS _and_ WINS resolution are functioning 
properly ? You will need both of these to function properly for the 
migration to work.
2) Did you add both the Anonymous Logon group as the Everyone group to the 
Pre-Windows 2000 Compatible Access group ?

Regards,
Paul.
- Original Message - 
From: Jordan Arendt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 15, 2004 10:52 PM
Subject: [ActiveDir] ADMT v2 PES question


Hi all,
So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
I've setup a Password Export Server on a DC in my test NT 4 domain.
Set registry entries, established trusts, etc.  When I go to migrate a
user, I get:
WRN1:7557 Failed to copy the password for {user.} A strong password
has been generated instead. Unable to copy password. Access is denied.
I'm looking at
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
and have verified everything except:
Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
Domain permissions on the object, as follows:
CN=Server,CN=System,DC={TargetDomain},DC={tld}
Can anyone translate this for me?  I'm not sure what I am supposed to do 
here.

Thanks,
Jordan
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

I'm using Administrator of the destination Domain (2K3).  I've added
Domain admins of destination domain to Administrators of source NT
domain.


On Wed, 15 Sep 2004 17:06:50 -0400, Bernard, Aric [EMAIL PROTECTED] wrote:
 Ensure that whatever user you are logged in as and running ADMTv2 with
 has Administrator privileges to the NT4 domain.
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
 Sent: Wednesday, September 15, 2004 1:53 PM
 To: [EMAIL PROTECTED]
 Subject: [ActiveDir] ADMT v2 PES question
 
 Hi all,
 
 So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
 I've setup a Password Export Server on a DC in my test NT 4 domain.
 Set registry entries, established trusts, etc.  When I go to migrate a
 user, I get:
 
 WRN1:7557 Failed to copy the password for {user.} A strong password
 has been generated instead. Unable to copy password. Access is denied.
 
 I'm looking at
 http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
 
 and have verified everything except:
 
 Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
 Domain permissions on the object, as follows:
 CN=Server,CN=System,DC={TargetDomain},DC={tld}
 
 Can anyone translate this for me?  I'm not sure what I am supposed to do
 here.
 
 Thanks,
 
 Jordan
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] ADMT v2 PES question

[Jordan Arendt]

1.  Yes. Can ping both ways from each machine. Wins servers are
entered correctly.

2. Yes the Pre-Windows 2000 Compatible Access group has the following members:
Anonymous Logon
Authenticated Users
Everyone


On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote:
 Jordan,
 
 1) Did you verify that both DNS _and_ WINS resolution are functioning
 properly ? You will need both of these to function properly for the
 migration to work.
 2) Did you add both the Anonymous Logon group as the Everyone group to the
 Pre-Windows 2000 Compatible Access group ?
 
 Regards,
 
 Paul.
 
 
 
 - Original Message -
 From: Jordan Arendt [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, September 15, 2004 10:52 PM
 Subject: [ActiveDir] ADMT v2 PES question
 
  Hi all,
 
  So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
  I've setup a Password Export Server on a DC in my test NT 4 domain.
  Set registry entries, established trusts, etc.  When I go to migrate a
  user, I get:
 
  WRN1:7557 Failed to copy the password for {user.} A strong password
  has been generated instead. Unable to copy password. Access is denied.
 
  I'm looking at
  http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
 
  and have verified everything except:
 
  Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM
  Domain permissions on the object, as follows:
  CN=Server,CN=System,DC={TargetDomain},DC={tld}
 
  Can anyone translate this for me?  I'm not sure what I am supposed to do
  here.
 
  Thanks,
 
  Jordan
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2 PES question

[Frost . David]

Check you default domain password policy.  Likely your source domain has a
weaker policy than the target (2K3) so it generates a random Password that
meets the policy and places it in a file in the ADMT\logs directory. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt
Sent: September 15, 2004 6:11 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 PES question

1.  Yes. Can ping both ways from each machine. Wins servers are entered
correctly.

2. Yes the Pre-Windows 2000 Compatible Access group has the following
members:
Anonymous Logon
Authenticated Users
Everyone


On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED]
wrote:
 Jordan,
 
 1) Did you verify that both DNS _and_ WINS resolution are functioning 
 properly ? You will need both of these to function properly for the 
 migration to work.
 2) Did you add both the Anonymous Logon group as the Everyone group to 
 the Pre-Windows 2000 Compatible Access group ?
 
 Regards,
 
 Paul.
 
 
 
 - Original Message -
 From: Jordan Arendt [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Wednesday, September 15, 2004 10:52 PM
 Subject: [ActiveDir] ADMT v2 PES question
 
  Hi all,
 
  So, I've got a 2k3 forest that I am migrating an NT 4 domain into.
  I've setup a Password Export Server on a DC in my test NT 4 domain.
  Set registry entries, established trusts, etc.  When I go to migrate 
  a user, I get:
 
  WRN1:7557 Failed to copy the password for {user.} A strong password 
  has been generated instead. Unable to copy password. Access is denied.
 
  I'm looking at
  http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981
 
  and have verified everything except:
 
  Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM 
  Domain permissions on the object, as follows:
  CN=Server,CN=System,DC={TargetDomain},DC={tld}
 
  Can anyone translate this for me?  I'm not sure what I am supposed 
  to do here.
 
  Thanks,
 
  Jordan
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group

[Tony Murray]

Jonthan

I shouldn't think the name of the group should cause any problems anyway, as ADMT 
would use the SID.  The Admins du Domaine group should have a SID in the format:

SID: S-1-5-domain-512

Can you confirm your Admins du Domaine has this value?

Tony

-- Original Message --
Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 10 Mar 2004 10:36:44 +0100

Hi,

I am trying to migrate between forests from a Windows 2000 Server (French 
Version) to 2003 (English / Multi-Language).We have our domain admins 
group in Admins du Domaine on the source domain.  When I try to move a 
user in this group to the New 2003 domain, the ADMT v2 tool sends an error 
and stops running rather than realizing the group is a built-in and 
passing over it.  All other users copy without a problem.   ( I am 
migrating the SIDs for the users also... )

I cannot delete the Admins du Domaine and renaming this group still makes 
ADMT v2 error out.  Does anyone know of a possible solution?  I would 
rather not skip the users in the Admins du Domaine group with ADMT 
because this would be very time-consuming to re-create these users and it 
increases the chance for mis-configurations on my part. 




Any ideas would greatly be appreciated!

Jonathan


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Réf. : Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group

[JMiller]

I have SID S-1-5-x-x-x-512 for the Admins du Domaine group. I thought everything was drawn from the SID but something is blocking the migration of this one particular group.


Jonathan










Tony Murray [EMAIL PROTECTED]
Envoyé par : [EMAIL PROTECTED]
03/10/2004 12:57 PM
Veuillez répondre à ActiveDir


Pour :[EMAIL PROTECTED]
cc :
Objet :Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group


Jonthan

I shouldn't think the name of the group should cause any problems anyway, as ADMT would use the SID. The Admins du Domaine group should have a SID in the format:

SID: S-1-5-domain-512

Can you confirm your Admins du Domaine has this value?

Tony

-- Original Message --
Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC
Reply-To: [EMAIL PROTECTED]
Date: Wed, 10 Mar 2004 10:36:44 +0100

Hi,

I am trying to migrate between forests from a Windows 2000 Server (French 
Version) to 2003 (English / Multi-Language).  We have our domain admins 
group in Admins du Domaine on the source domain. When I try to move a 
user in this group to the New 2003 domain, the ADMT v2 tool sends an error 
and stops running rather than realizing the group is a built-in and 
passing over it. All other users copy without a problem.  ( I am 
migrating the SIDs for the users also... )

I cannot delete the Admins du Domaine and renaming this group still makes 
ADMT v2 error out. Does anyone know of a possible solution? I would 
rather not skip the users in the Admins du Domaine group with ADMT 
because this would be very time-consuming to re-create these users and it 
increases the chance for mis-configurations on my part. 




Any ideas would greatly be appreciated!

Jonathan


List info  : http://www.activedir.org/mail_list.htm
List FAQ  : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: Réf. : Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group

[Brent Westmoreland]

Just to Clarify, 

Is the problem that the group will not migrate or that the migration fails and doesn't take any of the group members?

I know that the built in groups are not supposed to migrate but the accounts should be able to continue without issue.  The group should just throw an error in the log file, perhaps you could post the admt log file here?

The logfiles are located on C:\Program Files\Active Directory Migration Tool\Logs on your admt machine.




On Mar 10, 2004, at 8:19 AM, [EMAIL PROTECTED]> wrote:

I have SID S-1-5-x-x-x-512 for the Admins du Domaine group.  I thought everything was drawn from the SID but something is blocking the migration of this one particular group. 



Brent Westmoreland
BMW Group - Data Center Americas
Business:  864.989.6567

RE: [ActiveDir] ADMT v2 : Problem with Domain Admins Group

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

you've probably configured ADMT to migrated the groups with the users -
don't do this. ADMT can't migrate any built-in or default group (like domain
admins), especially when using SIDhistory, so this could be the reason
migrating the users belonging to this group will fail. 

First migrate groups, then migrate users with the option to update
previously migrated groups. Can also do this the other way around. 

Other tools can also not migrate these built-in groups with SID-history, but
some of them are at least smart enough to migrate them without SIDhistory
anyways or at least populat the users into the appropriate groups (if you
really want this).

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Mittwoch, 10. März 2004 12:58
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group

Jonthan

I shouldn't think the name of the group should cause any problems anyway, as
ADMT would use the SID.  The Admins du Domaine group should have a SID in
the format:

SID: S-1-5-domain-512

Can you confirm your Admins du Domaine has this value?

Tony

-- Original Message --
Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC
Reply-To: [EMAIL PROTECTED]
Date:  Wed, 10 Mar 2004 10:36:44 +0100

Hi,

I am trying to migrate between forests from a Windows 2000 Server (French 
Version) to 2003 (English / Multi-Language).We have our domain admins 
group in Admins du Domaine on the source domain.  When I try to move a 
user in this group to the New 2003 domain, the ADMT v2 tool sends an error 
and stops running rather than realizing the group is a built-in and 
passing over it.  All other users copy without a problem.   ( I am 
migrating the SIDs for the users also... )

I cannot delete the Admins du Domaine and renaming this group still makes 
ADMT v2 error out.  Does anyone know of a possible solution?  I would 
rather not skip the users in the Admins du Domaine group with ADMT 
because this would be very time-consuming to re-create these users and it 
increases the chance for mis-configurations on my part. 




Any ideas would greatly be appreciated!

Jonathan


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Roger Seielstad]

I don't recall Quest's Fastlane product requiring it. Since we were going to
a virgin forest, however, there was no reason for us to even look at mixed
mode for it.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Is there any migration tool that doesn't require the target 
 be in native
 mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native 
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You 
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to 
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well - 
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
   Salandra, Justin A.
   Sent: Wednesday, October 23, 2002 10:44 AM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] ADMT v2
   
   
   What is the difference between ADMT v2 and v1?  Can you use
   the ADMT v2 in a Windows 2000 Active Directory Enviorment?
   
   Justin A. Salandra, MCSE
   Senior Network Engineer
   Catholic Healthcare System
   914.681.8117 office
   646.483.3325 cell
   [EMAIL PROTECTED]
   
   
-Original Message-
   From: Rick Kingslan [mailto:rkingsla;cox.net] 
   Sent: Monday, October 21, 2002 1:37 PM
   To:   [EMAIL PROTECTED]
   Subject:  RE: [ActiveDir] ADMT v2
   
   Diane,
   
   Look under the ADMT folder in the I386 directory.
   
   Rick Kingslan - Microsoft MVP [Windows NT/2000]
 Microsoft Certified Trainer
 MCSA, MCSE+I - Windows NT / 2000
 
   Any sufficiently advanced technology
   is indistinguishable from magic.
 ---  Arthur C. Clarke
   
   
   
   
   
-Original Message-
From:   [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Ayers, Diane
Sent:   Monday, October 21, 2002 12:29 PM
To: '[EMAIL PROTECTED]'
Subject:[ActiveDir] ADMT v2


All:

I'm looking for ADMT version 2.  I've dug around my 
 .NET CDs and 
can't find it.  Can someone point me in the right direction...

Diane
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir% 40mail.activedir.org/

   
   
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
   List info   : 
   http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org

RE: [ActiveDir] ADMT v2

[Amit Zinman]

MS says this will be much easier in the next version of Exchange.

Amit Zinman
Systems Consultant
Integrity Systems
[EMAIL PROTECTED]
03-7522424
058-326753


-Original Message-
From: Ayers, Diane [mailto:DAyers;pacbell.net] 
Sent: Wednesday, October 23, 2002 4:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Yea, it meets all those.  It's actually an AD to AD migration.  We
re-ran
some tests today and the accounts came across with passwords intact and
SIDhistory.  Way cool.  GO figure why the other tests didn't work.  I
guess
we were too impatient when we tried the accounts after migration.

One key point that I found is that the PES key is computer specific.
The
migration can _only_ be done on the computer that generated the key.

Now if I can just figure out the best way to do an E2K to E2K
migration...

Diane

-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray
Sent: Tuesday, October 22, 2002 8:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Yes.  It's been a while since I've done a migration, but does your PES
meet
the following criteria?:

Must be installed on a Domain Controller (PDC or BDC)
The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher)
The 128-bit high encryption pack must be installed on the Server
At least one PES is required per NT Account Domain

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 22 Oct 2002 07:49:17 -0700

Has anyone gotten the PES (password export server) portion to work?  I
was
pulling my hair out yesterday getting the thing to recognize the keys
correctly.  Once it did, still no password migration.  I had the same
success with third party migration tools that use the PES server.
Q322981
was not much help although I did make sure everything was according to
Hoyle

Diane

-Original Message-
From: Tony Murray [mailto:tony;mail.activedir.org]
Sent: Monday, October 21, 2002 11:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


...and the really good news about ADMT 2.0 is that the version on the
.NET
RC1 CD is fully supported by Microsoft.

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Oct 2002 12:33:44 -0700

As Homer Sez:

DOh!

Thanks...

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Monday, October 21, 2002 10:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000

Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2


 All:

 I'm looking for ADMT version 2.  I've dug around my .NET CDs
 and can't find it.  Can someone point me in the right direction...

 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

ADMT requires that the target be native, too.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent: Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir

RE: [ActiveDir] ADMT v2

[Weston Rogers]

http://www.aelita.com/products/DMW.htm

For a few grand this does everything, 'nuff said.

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2


Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well -
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use the ADMT 
  v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info

RE: [ActiveDir] ADMT v2

[Stuart Kwan]

Does it use SID History for the migration?


-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 6:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir

RE: [ActiveDir] ADMT v2

[Weston Rogers]

Sure does, aeltia does everything. ;p

-Original Message-
From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
Sent: Friday, October 25, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Does it use SID History for the migration?


-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 6:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well -
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use the ADMT 
  v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

Replied via email... (If anyone else is interested let me know and I
will post the response)

-Original Message-
From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
Sent: Friday, October 25, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Does it use SID History for the migration?


-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 6:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

Is it free?

 -Original Message-
From:   Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent:   Friday, October 25, 2002 9:50 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

Nope...

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 11:36 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is it free?

 -Original Message-
From:   Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent:   Friday, October 25, 2002 9:50 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Aelita Domain Migration Wizard... (For one)

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
Sent: Friday, October 25, 2002 9:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2

Is there any migration tool that doesn't require the target be in native
mode.

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Thursday, October 24, 2002 6:54 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

 erADMT requires that the target be native, too.
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To:   '[EMAIL PROTECTED]'
 Subject:  RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From:   [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent:   Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To:   '[EMAIL PROTECTED]'
   Subject:  [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org

RE: [ActiveDir] ADMT v2

[Rick Kingslan]

I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me 
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target 
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well -
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Salandra, Justin A.
   Sent: Wednesday, October 23, 2002 10:44 AM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] ADMT v2
   
   
   What is the difference between ADMT v2 and v1?  Can you 
 use the ADMT 
   v2 in a Windows 2000 Active Directory Enviorment?
   
   Justin A. Salandra, MCSE
   Senior Network Engineer
   Catholic Healthcare System
   914.681.8117 office
   646.483.3325 cell
   [EMAIL PROTECTED]
   
   
-Original Message-
   From: Rick Kingslan [mailto:rkingsla;cox.net] 
   Sent: Monday, October 21, 2002 1:37 PM
   To:   [EMAIL PROTECTED]
   Subject:  RE: [ActiveDir] ADMT v2
   
   Diane,
   
   Look under the ADMT folder in the I386 directory.
   
   Rick Kingslan - Microsoft MVP [Windows NT/2000]
 Microsoft Certified Trainer
 MCSA, MCSE+I - Windows NT / 2000
 
   Any sufficiently advanced technology
   is indistinguishable from magic.
 ---  Arthur C. Clarke
   
   
   
   
   
-Original Message-
From:   [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Ayers, Diane
Sent:   Monday, October 21, 2002 12:29 PM
To: '[EMAIL PROTECTED]'
Subject:[ActiveDir] ADMT v2


All:

I'm looking for ADMT version 2.  I've dug around my .NET CDs and
can't find it.  Can someone point me in the right direction...

Diane

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

Not all that interesting but what I told Stuart was that our migration
technologies will use SID History in both Native and Mixed mode domains.
When in mixed mode, the user will only benefit from SID History if a W2k
DC does the authentication. This is done by the way the SID History is
applied. Aelita does it a bit different than MS. It is using the same
SID History attribute it just applies it differently. I don't really
know the bits and bytes of it or the APIs in use but understand it is
done differently. It is definitely a nice feature to have available.

I will try to get some more details...

Kevin,

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Friday, October 25, 2002 1:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me 
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target 
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well -
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Salandra, Justin A.
   Sent: Wednesday, October 23, 2002 10:44 AM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] ADMT v2
   
   
   What is the difference between ADMT v2 and v1?  Can you 
 use the ADMT 
   v2 in a Windows 2000 Active Directory Enviorment?
   
   Justin A. Salandra, MCSE
   Senior Network Engineer
   Catholic Healthcare System
   914.681.8117 office
   646.483.3325 cell
   [EMAIL PROTECTED]
   
   
-Original Message-
   From: Rick Kingslan [mailto:rkingsla;cox.net] 
   Sent: Monday, October 21, 2002 1:37 PM
   To:   [EMAIL PROTECTED]
   Subject

RE: [ActiveDir] ADMT v2

[Gil Kirkpatrick]

I'm interested too, if you could either post it or email it to me, that
would be great.

-gil

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Friday, October 25, 2002 10:43 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com]
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com]
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, 
  Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native mode.  I 
  have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You don't need 
  to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to migrate 
  between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well - typically 
  cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, 
   Justin A.
   Sent: Wednesday, October 23, 2002 10:44 AM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] ADMT v2
   
   
   What is the difference between ADMT v2 and v1?  Can you
 use the ADMT
   v2 in a Windows 2000 Active Directory Enviorment?
   
   Justin A. Salandra, MCSE
   Senior Network Engineer
   Catholic Healthcare System
   914.681.8117 office
   646.483.3325 cell
   [EMAIL PROTECTED]
   
   
-Original Message-
   From: Rick Kingslan [mailto:rkingsla;cox.net] 
   Sent: Monday, October 21, 2002 1:37 PM
   To:   [EMAIL PROTECTED]
   Subject:  RE: [ActiveDir] ADMT v2
   
   Diane,
   
   Look under the ADMT folder in the I386 directory.
   
   Rick Kingslan - Microsoft MVP [Windows NT/2000]
 Microsoft Certified Trainer
 MCSA, MCSE+I - Windows NT / 2000
 
   Any sufficiently advanced technology
   is indistinguishable from magic.
 ---  Arthur C. Clarke
   
   
   
   
   
-Original Message-
From:   [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Ayers, Diane
Sent:   Monday, October 21

RE: [ActiveDir] ADMT v2

[DiBias, Chip]

Kevin,

Would Microsoft provide support if something happened during the
SIDHistory update process since the published Microsoft API's are not
being utilized?

-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 2:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Not all that interesting but what I told Stuart was that our migration
technologies will use SID History in both Native and Mixed mode domains.
When in mixed mode, the user will only benefit from SID History if a W2k
DC does the authentication. This is done by the way the SID History is
applied. Aelita does it a bit different than MS. It is using the same
SID History attribute it just applies it differently. I don't really
know the bits and bytes of it or the APIs in use but understand it is
done differently. It is definitely a nice feature to have available.

I will try to get some more details...

Kevin,

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Friday, October 25, 2002 1:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me 
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target 
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well -
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Salandra, Justin A.
   Sent: Wednesday, October 23, 2002 10:44 AM
   To:   '[EMAIL PROTECTED]'
   Subject:  RE: [ActiveDir] ADMT v2
   
   
   What is the difference between ADMT v2 and v1?  Can you 
 use the ADMT 
   v2 in a Windows 2000 Active Directory Enviorment

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

This is fully supported by Microsoft. 

-Original Message-
From: DiBias, Chip [mailto:Chip.DiBias;bindview.com] 
Sent: Friday, October 25, 2002 5:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Kevin,

Would Microsoft provide support if something happened during the
SIDHistory update process since the published Microsoft API's are not
being utilized?

-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 2:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Not all that interesting but what I told Stuart was that our migration
technologies will use SID History in both Native and Mixed mode domains.
When in mixed mode, the user will only benefit from SID History if a W2k
DC does the authentication. This is done by the way the SID History is
applied. Aelita does it a bit different than MS. It is using the same
SID History attribute it just applies it differently. I don't really
know the bits and bytes of it or the APIs in use but understand it is
done differently. It is definitely a nice feature to have available.

I will try to get some more details...

Kevin,

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Friday, October 25, 2002 1:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me 
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target 
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well -
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation
  Windows 2000 attribute exclusion
  Agent credentials no longer required
  Fix membership is optional
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
   Salandra, Justin A.
   Sent: Wednesday, October 23, 2002 10

RE: [ActiveDir] ADMT v2

[Sullivan, Kevin]

Sorry for the bad form but I wanted to add another comment. I never said
Microsoft's published API's are not in use. 

I said I was not clear on the bits and bytes of it and the APIs used.
But just understand from the developers that our process to update the
attribute is different. (I don't know what different means here). 

I will try to get more information and post it next week.

-Original Message-
From: Sullivan, Kevin 
Sent: Friday, October 25, 2002 10:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

This is fully supported by Microsoft. 

-Original Message-
From: DiBias, Chip [mailto:Chip.DiBias;bindview.com] 
Sent: Friday, October 25, 2002 5:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Kevin,

Would Microsoft provide support if something happened during the
SIDHistory update process since the published Microsoft API's are not
being utilized?

-Original Message-
From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
Sent: Friday, October 25, 2002 2:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

Not all that interesting but what I told Stuart was that our migration
technologies will use SID History in both Native and Mixed mode domains.
When in mixed mode, the user will only benefit from SID History if a W2k
DC does the authentication. This is done by the way the SID History is
applied. Aelita does it a bit different than MS. It is using the same
SID History attribute it just applies it differently. I don't really
know the bits and bytes of it or the APIs in use but understand it is
done differently. It is definitely a nice feature to have available.

I will try to get some more details...

Kevin,

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net] 
Sent: Friday, October 25, 2002 1:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2

I'd be interested - Yes, please do post it.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Sullivan, Kevin
 Sent: Friday, October 25, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Replied via email... (If anyone else is interested let me 
 know and I will post the response)
 
 -Original Message-
 From: Stuart Kwan [mailto:skwan;windows.microsoft.com] 
 Sent: Friday, October 25, 2002 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Does it use SID History for the migration?
 
 
 -Original Message-
 From: Sullivan, Kevin [mailto:KSullivan;aelita.com] 
 Sent: Friday, October 25, 2002 6:50 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 Aelita Domain Migration Wizard... (For one)
 
 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Friday, October 25, 2002 9:24 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 Is there any migration tool that doesn't require the target 
 be in native mode.
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Thursday, October 24, 2002 6:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
  erADMT requires that the target be native, too.
  -Original Message-
  From:   [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Salandra, Justin A.
  Sent:   Thursday, October 24, 2002 11:18 AM
  To: '[EMAIL PROTECTED]'
  Subject:RE: [ActiveDir] ADMT v2
  
  
  But move tree requires that the target domain be in native
  mode.  I have some places that need to stay in mixed mode.
  
   -Original Message-
  From:   Tony Murray [mailto:tony;mail.activedir.org] 
  Sent:   Thursday, October 24, 2002 11:38 AM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  You've got Movetree to move objects within a Forest.  You
  don't need to migrate with ADMT.
  
  http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
  
  Tony
  
  -- Original Message --
  From:   Salandra, Justin A. [EMAIL PROTECTED]
  Reply-To:   [EMAIL PROTECTED]
  Date: Thu, 24 Oct 2002 09:47:56 -0400
  
  So I can use ADMT v2 in a Windows 2000 AD environment to
  migrate between domains?  Such as parent to child?
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Wednesday, October 23, 2002 6:50 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Version 1 was/is usable in Win2k environments as well -
  typically cross forest.
  
  From the ADMT v 2.0 README:
  
  Scripting and command-line interface
  Password migration
  Migration log files
  Credentials needed for migration operators
  SID Mapping Files for security translation

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

So I can use ADMT v2 in a Windows 2000 AD environment to migrate between
domains?  Such as parent to child?

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Wednesday, October 23, 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Purviance, Chad]

I understood ADMT to be a good method for migrating Intraforest if you need
to move users  computers  Servers. As in the case of domain consolidation.
We have used v1 to collapse domains into the parent.

IE:
Upgrade Domain 1 to AD.com
Upgrade Domain 2 to child.AD.com
Use ADMT to move the groups, users, and computers to ad.com keeping the
security correct.
decommision child.ad.com

I didn't think the prune and graft tools like movetree would allow that ..
but I am always open to being corrected as it will make my next migration
easier.

Chad P.

-Original Message-
From: [EMAIL PROTECTED]
To: 
Sent: 10/24/2002 11:19 AM
Subject: RE: [ActiveDir] ADMT v2

I believe there are prune and graft tools that will let you do a
intra-forest migration like that.  I look at ADMT as an inter-forest
migration tool.  I have not investigated the intra-forest tools so I
don't
have the details.

Diane

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
Sent: Thursday, October 24, 2002 6:48 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2


So I can use ADMT v2 in a Windows 2000 AD environment to migrate between
domains?  Such as parent to child?

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Wednesday, October 23, 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
 +++The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material.  Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and destroy any
copies of this document.+++
The information transmitted is intended only for the person or entity to
which it is addressed

RE: [ActiveDir] ADMT v2

[Tony Murray]

You've got Movetree to move objects within a Forest.  You don't need to migrate with 
ADMT.

http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614

Tony

-- Original Message --
From: Salandra, Justin A. [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 24 Oct 2002 09:47:56 -0400

So I can use ADMT v2 in a Windows 2000 AD environment to migrate between
domains?  Such as parent to child?

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Wednesday, October 23, 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Ayers, Diane]

I believe there are prune and graft tools that will let you do a
intra-forest migration like that.  I look at ADMT as an inter-forest
migration tool.  I have not investigated the intra-forest tools so I don't
have the details.

Diane

-Original Message-
From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org]
Sent: Thursday, October 24, 2002 6:48 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADMT v2


So I can use ADMT v2 in a Windows 2000 AD environment to migrate between
domains?  Such as parent to child?

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Wednesday, October 23, 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Rick Kingslan]

Well, you can - but it is meant more for entity to entity, e.g. forest
to forest, NT Domain to Windows 2000.

A migration from domain to domain within the same forest effectively
ends up being a move of security principals - there is no option or
ability to disable the source account and maintain it.  Looking st the
construction of SIDs and RIDs, this makes sense, though.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 8:48 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent: Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

But move tree requires that the target domain be in native mode.  I have
some places that need to stay in mixed mode.

 -Original Message-
From:   Tony Murray [mailto:tony;mail.activedir.org] 
Sent:   Thursday, October 24, 2002 11:38 AM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

You've got Movetree to move objects within a Forest.  You don't need to
migrate with ADMT.

http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614

Tony

-- Original Message --
From: Salandra, Justin A. [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 24 Oct 2002 09:47:56 -0400

So I can use ADMT v2 in a Windows 2000 AD environment to migrate between
domains?  Such as parent to child?

 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Wednesday, October 23, 2002 6:50 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Roger Seielstad]

Should be able to do that no problem.

--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


 -Original Message-
 From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] 
 Sent: Thursday, October 24, 2002 9:48 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between
 domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross
 forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED] 
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent: Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use 
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs
   and can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive: 
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Rick Kingslan]

ADMT requires that the target be native, too.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Thursday, October 24, 2002 11:18 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 But move tree requires that the target domain be in native 
 mode.  I have some places that need to stay in mixed mode.
 
  -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org] 
 Sent: Thursday, October 24, 2002 11:38 AM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 You've got Movetree to move objects within a Forest.  You 
 don't need to migrate with ADMT.
 
 http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614
 
 Tony
 
 -- Original Message --
 From: Salandra, Justin A. [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Thu, 24 Oct 2002 09:47:56 -0400
 
 So I can use ADMT v2 in a Windows 2000 AD environment to 
 migrate between domains?  Such as parent to child?
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Wednesday, October 23, 2002 6:50 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Version 1 was/is usable in Win2k environments as well - 
 typically cross forest.
 
 From the ADMT v 2.0 README:
 
 Scripting and command-line interface
 Password migration
 Migration log files
 Credentials needed for migration operators
 SID Mapping Files for security translation
 Windows 2000 attribute exclusion
 Agent credentials no longer required
 Fix membership is optional
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
  Salandra, Justin A.
  Sent: Wednesday, October 23, 2002 10:44 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: [ActiveDir] ADMT v2
  
  
  What is the difference between ADMT v2 and v1?  Can you use
  the ADMT v2 in a Windows 2000 Active Directory Enviorment?
  
  Justin A. Salandra, MCSE
  Senior Network Engineer
  Catholic Healthcare System
  914.681.8117 office
  646.483.3325 cell
  [EMAIL PROTECTED]
  
  
   -Original Message-
  From:   Rick Kingslan [mailto:rkingsla;cox.net] 
  Sent:   Monday, October 21, 2002 1:37 PM
  To: [EMAIL PROTECTED]
  Subject:RE: [ActiveDir] ADMT v2
  
  Diane,
  
  Look under the ADMT folder in the I386 directory.
  
  Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000

  Any sufficiently advanced technology
  is indistinguishable from magic.
---  Arthur C. Clarke
  
  
  
  
  
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of
  Ayers, Diane
   Sent: Monday, October 21, 2002 12:29 PM
   To: '[EMAIL PROTECTED]'
   Subject: [ActiveDir] ADMT v2
   
   
   All:
   
   I'm looking for ADMT version 2.  I've dug around my .NET CDs and 
   can't find it.  Can someone point me in the right direction...
   
   Diane
   List info   : http://www.activedir.org/mail_list.htm
   List FAQ: http://www.activedir.org/list_faq.htm
   List archive:
   http://www.mail-archive.com/activedir% 40mail.activedir.org/
   
  
  
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
  List info   : 
  http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Rick Kingslan]

Diane,

Glad to hear that everything is working.  I was a bit concerned that
your password migration scenario was not working.  It's been flawless
for us.

Now, as to the migration can _only_ be done on the computer that
generated the key - Yep.  Did you miss that in the notes that I posted
on the 16th?  

The more likely cause was that I made it so unintelligible that no one
could understand it  Sorry about that!

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Tuesday, October 22, 2002 9:55 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Yea, it meets all those.  It's actually an AD to AD 
 migration.  We re-ran some tests today and the accounts came 
 across with passwords intact and SIDhistory.  Way cool.  GO 
 figure why the other tests didn't work.  I guess we were too 
 impatient when we tried the accounts after migration.
 
 One key point that I found is that the PES key is computer 
 specific.  The migration can _only_ be done on the computer 
 that generated the key.
 
 Now if I can just figure out the best way to do an E2K to E2K 
 migration...
 
 Diane
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray
 Sent: Tuesday, October 22, 2002 8:32 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Yes.  It's been a while since I've done a migration, but does 
 your PES meet the following criteria?:
 
 Must be installed on a Domain Controller (PDC or BDC)
 The Domain Controller must run Windows NT 4.0 Service Pack 5 
 (or higher) The 128-bit high encryption pack must be 
 installed on the Server At least one PES is required per NT 
 Account Domain
 
 Tony
 
 -- Original Message --
 From: Ayers, Diane [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Tue, 22 Oct 2002 07:49:17 -0700
 
 Has anyone gotten the PES (password export server) portion to 
 work?  I was pulling my hair out yesterday getting the thing 
 to recognize the keys correctly.  Once it did, still no 
 password migration.  I had the same success with third party 
 migration tools that use the PES server.  Q322981 was not 
 much help although I did make sure everything was according 
 to Hoyle
 
 Diane
 
 -Original Message-
 From: Tony Murray [mailto:tony;mail.activedir.org]
 Sent: Monday, October 21, 2002 11:46 PM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 ...and the really good news about ADMT 2.0 is that the 
 version on the .NET RC1 CD is fully supported by Microsoft.
 
 Tony
 
 -- Original Message --
 From: Ayers, Diane [EMAIL PROTECTED]
 Reply-To: [EMAIL PROTECTED]
 Date: Mon, 21 Oct 2002 12:33:44 -0700
 
 As Homer Sez:
 
 DOh!
 
 Thanks...
 
 -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net]
 Sent: Monday, October 21, 2002 10:37 AM
 To: [EMAIL PROTECTED]
 Subject: RE: [ActiveDir] ADMT v2
 
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
 
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
 
 
  All:
 
  I'm looking for ADMT version 2.  I've dug around my .NET 
 CDs and can't 
  find it.  Can someone point me in the right direction...
 
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List

RE: [ActiveDir] ADMT v2

[Salandra, Justin A.]

What is the difference between ADMT v2 and v1?  Can you use the ADMT v2 in a
Windows 2000 Active Directory Enviorment?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED]


 -Original Message-
From:   Rick Kingslan [mailto:rkingsla;cox.net] 
Sent:   Monday, October 21, 2002 1:37 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADMT v2

Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2
 
 
 All:
 
 I'm looking for ADMT version 2.  I've dug around my .NET CDs 
 and can't find it.  Can someone point me in the right direction...
 
 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Rick Kingslan]

Version 1 was/is usable in Win2k environments as well - typically cross
forest.

From the ADMT v 2.0 README:

Scripting and command-line interface
Password migration
Migration log files
Credentials needed for migration operators
SID Mapping Files for security translation
Windows 2000 attribute exclusion
Agent credentials no longer required
Fix membership is optional

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Salandra, Justin A.
 Sent: Wednesday, October 23, 2002 10:44 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: [ActiveDir] ADMT v2
 
 
 What is the difference between ADMT v2 and v1?  Can you use 
 the ADMT v2 in a Windows 2000 Active Directory Enviorment?
 
 Justin A. Salandra, MCSE
 Senior Network Engineer
 Catholic Healthcare System
 914.681.8117 office
 646.483.3325 cell
 [EMAIL PROTECTED]
 
 
  -Original Message-
 From: Rick Kingslan [mailto:rkingsla;cox.net] 
 Sent: Monday, October 21, 2002 1:37 PM
 To:   [EMAIL PROTECTED]
 Subject:  RE: [ActiveDir] ADMT v2
 
 Diane,
 
 Look under the ADMT folder in the I386 directory.
 
 Rick Kingslan - Microsoft MVP [Windows NT/2000]
   Microsoft Certified Trainer
   MCSA, MCSE+I - Windows NT / 2000
   
 Any sufficiently advanced technology
 is indistinguishable from magic.
   ---  Arthur C. Clarke
 
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of 
 Ayers, Diane
  Sent: Monday, October 21, 2002 12:29 PM
  To: '[EMAIL PROTECTED]'
  Subject: [ActiveDir] ADMT v2
  
  
  All:
  
  I'm looking for ADMT version 2.  I've dug around my .NET CDs
  and can't find it.  Can someone point me in the right direction...
  
  Diane
  List info   : http://www.activedir.org/mail_list.htm
  List FAQ: http://www.activedir.org/list_faq.htm
  List archive:
  http://www.mail-archive.com/activedir% 40mail.activedir.org/
  
 
 
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 
 List info   : 
 http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Tony Murray]

...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is 
fully supported by Microsoft.

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Oct 2002 12:33:44 -0700

As Homer Sez:

DOh!

Thanks...

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Monday, October 21, 2002 10:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2
 
 
 All:
 
 I'm looking for ADMT version 2.  I've dug around my .NET CDs 
 and can't find it.  Can someone point me in the right direction...
 
 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Tony Murray]

Yes.  It's been a while since I've done a migration, but does your PES meet the 
following criteria?:

Must be installed on a Domain Controller (PDC or BDC)
The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher)
The 128-bit high encryption pack must be installed on the Server
At least one PES is required per NT Account Domain

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 22 Oct 2002 07:49:17 -0700

Has anyone gotten the PES (password export server) portion to work?  I was
pulling my hair out yesterday getting the thing to recognize the keys
correctly.  Once it did, still no password migration.  I had the same
success with third party migration tools that use the PES server.  Q322981
was not much help although I did make sure everything was according to
Hoyle

Diane

-Original Message-
From: Tony Murray [mailto:tony;mail.activedir.org]
Sent: Monday, October 21, 2002 11:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


...and the really good news about ADMT 2.0 is that the version on the .NET
RC1 CD is fully supported by Microsoft.

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Oct 2002 12:33:44 -0700

As Homer Sez:

DOh!

Thanks...

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Monday, October 21, 2002 10:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2
 
 
 All:
 
 I'm looking for ADMT version 2.  I've dug around my .NET CDs 
 and can't find it.  Can someone point me in the right direction...
 
 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Ayers, Diane]

Yea, it meets all those.  It's actually an AD to AD migration.  We re-ran
some tests today and the accounts came across with passwords intact and
SIDhistory.  Way cool.  GO figure why the other tests didn't work.  I guess
we were too impatient when we tried the accounts after migration.

One key point that I found is that the PES key is computer specific.  The
migration can _only_ be done on the computer that generated the key.

Now if I can just figure out the best way to do an E2K to E2K migration...

Diane

-Original Message-
From: [EMAIL PROTECTED]
[mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray
Sent: Tuesday, October 22, 2002 8:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Yes.  It's been a while since I've done a migration, but does your PES meet
the following criteria?:

Must be installed on a Domain Controller (PDC or BDC)
The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher)
The 128-bit high encryption pack must be installed on the Server
At least one PES is required per NT Account Domain

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 22 Oct 2002 07:49:17 -0700

Has anyone gotten the PES (password export server) portion to work?  I was
pulling my hair out yesterday getting the thing to recognize the keys
correctly.  Once it did, still no password migration.  I had the same
success with third party migration tools that use the PES server.  Q322981
was not much help although I did make sure everything was according to
Hoyle

Diane

-Original Message-
From: Tony Murray [mailto:tony;mail.activedir.org]
Sent: Monday, October 21, 2002 11:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


...and the really good news about ADMT 2.0 is that the version on the .NET
RC1 CD is fully supported by Microsoft.

Tony

-- Original Message --
From: Ayers, Diane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Oct 2002 12:33:44 -0700

As Homer Sez:

DOh!

Thanks...

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Monday, October 21, 2002 10:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000

Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2


 All:

 I'm looking for ADMT version 2.  I've dug around my .NET CDs
 and can't find it.  Can someone point me in the right direction...

 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive:
 http://www.mail-archive.com/activedir% 40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADMT v2

[Ayers, Diane]

As Homer Sez:

DOh!

Thanks...

-Original Message-
From: Rick Kingslan [mailto:rkingsla;cox.net]
Sent: Monday, October 21, 2002 10:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] ADMT v2


Diane,

Look under the ADMT folder in the I386 directory.

Rick Kingslan - Microsoft MVP [Windows NT/2000]
  Microsoft Certified Trainer
  MCSA, MCSE+I - Windows NT / 2000
  
Any sufficiently advanced technology
is indistinguishable from magic.
  ---  Arthur C. Clarke





 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane
 Sent: Monday, October 21, 2002 12:29 PM
 To: '[EMAIL PROTECTED]'
 Subject: [ActiveDir] ADMT v2
 
 
 All:
 
 I'm looking for ADMT version 2.  I've dug around my .NET CDs 
 and can't find it.  Can someone point me in the right direction...
 
 Diane
 List info   : http://www.activedir.org/mail_list.htm
 List FAQ: http://www.activedir.org/list_faq.htm
 List archive: 
 http://www.mail-archive.com/activedir% 40mail.activedir.org/
 


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/