Re: [ActiveDir] ADMT v2 PES question
You guys are right, it wasn't password complexity. I just switched complex passwords back on to see if I could reproduce. No dice, passwords still copy over fine when migrating an account. I'm positive that is the only thing I changed. I'm scratching my head here. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2 PES question
I agree with Tony as well. Right now we are migrating numerous NT4 and AD domains into a common W2003 domain with length =8 and complexity. No problems. Using ADMT v2.0. I know this doesn't help to understand what happened in you case, Jordan, but there must me something... -- Regards, Willem -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Sunday, September 19, 2004 12:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 PES question I second Tony's point: you shouldn't need to change the policy for PW lenght to make this work. However, Anonymous users must have access to the target domain, which is the default in 2000, but not for 2003. This is vor ADMTv2. With ADMTv3 the PES runs as a service on the source domain, which allows you to run it with special credentials = thus anonymous access is no longer allowed. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Friday, September 17, 2004 5:15 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan I'm glad it worked out for you. Apologies for misleading you and Dave on this. I'm pretty confused right now because I thought I had understood the behaviour pretty well. I'll see if you can get someone from inside MS to provide a decent description of how it actually works. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:49:58 -0600 Tony, I'm using ADMT v2 into a 2k3 domain, so they may have changed it somewhat. Anyway, I got it working so it's all good. Would have been nice to see that mentioned somewhere in the docs I read though. On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote: David Strange. My experience was also first hand. We migrated a large number of NT domains (with various different password policies) to a single Windows 2000 AD domain using ADMT 2.0. In many cases the source domain didn't conform to the password requirements (length, complexity) of the target domain, but the passwords were still exported successfully. Maybe the behaviour changes if the target domain is W2K3 AD? In any case, our discussion may be moot given the error that Jordan sees. The access is denied in the error would appear to indicate some other issue. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:50:58 -0400 Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
RE: [ActiveDir] ADMT v2 PES question
I second Tony's point: you shouldn't need to change the policy for PW lenght to make this work. However, Anonymous users must have access to the target domain, which is the default in 2000, but not for 2003. This is vor ADMTv2. With ADMTv3 the PES runs as a service on the source domain, which allows you to run it with special credentials = thus anonymous access is no longer allowed. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Friday, September 17, 2004 5:15 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan I'm glad it worked out for you. Apologies for misleading you and Dave on this. I'm pretty confused right now because I thought I had understood the behaviour pretty well. I'll see if you can get someone from inside MS to provide a decent description of how it actually works. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:49:58 -0600 Tony, I'm using ADMT v2 into a 2k3 domain, so they may have changed it somewhat. Anyway, I got it working so it's all good. Would have been nice to see that mentioned somewhere in the docs I read though. On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote: David Strange. My experience was also first hand. We migrated a large number of NT domains (with various different password policies) to a single Windows 2000 AD domain using ADMT 2.0. In many cases the source domain didn't conform to the password requirements (length, complexity) of the target domain, but the passwords were still exported successfully. Maybe the behaviour changes if the target domain is W2K3 AD? In any case, our discussion may be moot given the error that Jordan sees. The access is denied in the error would appear to indicate some other issue. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:50:58 -0400 Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution
Re: [ActiveDir] ADMT v2 PES question
Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2 PES question
Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org
RE: [ActiveDir] ADMT v2 PES question
David Strange. My experience was also first hand. We migrated a large number of NT domains (with various different password policies) to a single Windows 2000 AD domain using ADMT 2.0. In many cases the source domain didn't conform to the password requirements (length, complexity) of the target domain, but the passwords were still exported successfully. Maybe the behaviour changes if the target domain is W2K3 AD? In any case, our discussion may be moot given the error that Jordan sees. The access is denied in the error would appear to indicate some other issue. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:50:58 -0400 Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org
Re: [ActiveDir] ADMT v2 PES question
As soon as I modified my domain security policy on the w2k3 domain I was importing into the password migrated accross no problem. That is the only change I made (changed password must meet complexity requirments to disabled). On Fri, 17 Sep 2004 07:48:21 -0400, Tony Murray [EMAIL PROTECTED] wrote: Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ADMT v2 PES question
Tony, I'm using ADMT v2 into a 2k3 domain, so they may have changed it somewhat. Anyway, I got it working so it's all good. Would have been nice to see that mentioned somewhere in the docs I read though. On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote: David Strange. My experience was also first hand. We migrated a large number of NT domains (with various different password policies) to a single Windows 2000 AD domain using ADMT 2.0. In many cases the source domain didn't conform to the password requirements (length, complexity) of the target domain, but the passwords were still exported successfully. Maybe the behaviour changes if the target domain is W2K3 AD? In any case, our discussion may be moot given the error that Jordan sees. The access is denied in the error would appear to indicate some other issue. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:50:58 -0400 Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain
Re: [ActiveDir] ADMT v2 PES question
Jordan I'm glad it worked out for you. Apologies for misleading you and Dave on this. I'm pretty confused right now because I thought I had understood the behaviour pretty well. I'll see if you can get someone from inside MS to provide a decent description of how it actually works. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:49:58 -0600 Tony, I'm using ADMT v2 into a 2k3 domain, so they may have changed it somewhat. Anyway, I got it working so it's all good. Would have been nice to see that mentioned somewhere in the docs I read though. On Fri, 17 Sep 2004 09:38:03 -0400, Tony Murray [EMAIL PROTECTED] wrote: David Strange. My experience was also first hand. We migrated a large number of NT domains (with various different password policies) to a single Windows 2000 AD domain using ADMT 2.0. In many cases the source domain didn't conform to the password requirements (length, complexity) of the target domain, but the passwords were still exported successfully. Maybe the behaviour changes if the target domain is W2K3 AD? In any case, our discussion may be moot given the error that Jordan sees. The access is denied in the error would appear to indicate some other issue. Tony -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 17 Sep 2004 08:50:58 -0400 Tony, That situation was a first hand experience for me. Once I reset (loosened) the password policy on 2K3, the export went. In my case, it was not complexity that was stopping it, but minimum password length. Jordan, I just remembered another gotcha. If you reinstalled the pes dll on the NT4 PDC or installed it after you did all the regedits, recheck the reg edits, as the pes install resets some of the values. Again another first hand experience -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: September 17, 2004 7:48 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question Jordan You might want to first double-check David's statement below. My understanding is that ADMT 2.0 doesn't enforce complexity in any way for exported passwords. It doesn't actually export the password, only the hash. In other words, it won't know whether the password complexity requirements of the target domain are met by the password or not. The password complexity is only enforced when the user next changes password. The only situation I know of where a new password is generated to meet the complexity requirements is where there is no password associated with the account in the source domain. Tony -- Original Message -- From: Jordan Arendt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 16 Sep 2004 11:12:51 -0600 Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain
Re: [ActiveDir] ADMT v2 PES question
Thanks. I had dumbed down my default domain password policy as the NT 4 domain only required a password length of 6 characters. I am new to the site and didn't realize that complex passwords were not enforced, I just assumed it (ya ya ass u me). So anyway, I removed complex passwords from the domain security policy and will do so when we do the actual migration. Then enforce it once everyone is migrated over. Sigh. Thanks again, Jordan On Wed, 15 Sep 2004 21:59:37 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2 PES question
Ensure that whatever user you are logged in as and running ADMTv2 with has Administrator privileges to the NT4 domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: Wednesday, September 15, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ADMT v2 PES question
Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ADMT v2 PES question
I'm using Administrator of the destination Domain (2K3). I've added Domain admins of destination domain to Administrators of source NT domain. On Wed, 15 Sep 2004 17:06:50 -0400, Bernard, Aric [EMAIL PROTECTED] wrote: Ensure that whatever user you are logged in as and running ADMTv2 with has Administrator privileges to the NT4 domain. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: Wednesday, September 15, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ADMT v2 PES question
1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2 PES question
Check you default domain password policy. Likely your source domain has a weaker policy than the target (2K3) so it generates a random Password that meets the policy and places it in a file in the ADMT\logs directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordan Arendt Sent: September 15, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 PES question 1. Yes. Can ping both ways from each machine. Wins servers are entered correctly. 2. Yes the Pre-Windows 2000 Compatible Access group has the following members: Anonymous Logon Authenticated Users Everyone On Wed, 15 Sep 2004 23:18:41 +0200, Paul van Geldrop [EMAIL PROTECTED] wrote: Jordan, 1) Did you verify that both DNS _and_ WINS resolution are functioning properly ? You will need both of these to function properly for the migration to work. 2) Did you add both the Anonymous Logon group as the Everyone group to the Pre-Windows 2000 Compatible Access group ? Regards, Paul. - Original Message - From: Jordan Arendt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:52 PM Subject: [ActiveDir] ADMT v2 PES question Hi all, So, I've got a 2k3 forest that I am migrating an NT 4 domain into. I've setup a Password Export Server on a DC in my test NT 4 domain. Set registry entries, established trusts, etc. When I go to migrate a user, I get: WRN1:7557 Failed to copy the password for {user.} A strong password has been generated instead. Unable to copy password. Access is denied. I'm looking at http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;322981 and have verified everything except: Pre-Windows 2000 Compatible Access has Read and Enumerate Entire SAM Domain permissions on the object, as follows: CN=Server,CN=System,DC={TargetDomain},DC={tld} Can anyone translate this for me? I'm not sure what I am supposed to do here. Thanks, Jordan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group
Jonthan I shouldn't think the name of the group should cause any problems anyway, as ADMT would use the SID. The Admins du Domaine group should have a SID in the format: SID: S-1-5-domain-512 Can you confirm your Admins du Domaine has this value? Tony -- Original Message -- Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC Reply-To: [EMAIL PROTECTED] Date: Wed, 10 Mar 2004 10:36:44 +0100 Hi, I am trying to migrate between forests from a Windows 2000 Server (French Version) to 2003 (English / Multi-Language).We have our domain admins group in Admins du Domaine on the source domain. When I try to move a user in this group to the New 2003 domain, the ADMT v2 tool sends an error and stops running rather than realizing the group is a built-in and passing over it. All other users copy without a problem. ( I am migrating the SIDs for the users also... ) I cannot delete the Admins du Domaine and renaming this group still makes ADMT v2 error out. Does anyone know of a possible solution? I would rather not skip the users in the Admins du Domaine group with ADMT because this would be very time-consuming to re-create these users and it increases the chance for mis-configurations on my part. Any ideas would greatly be appreciated! Jonathan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Réf. : Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group
I have SID S-1-5-x-x-x-512 for the Admins du Domaine group. I thought everything was drawn from the SID but something is blocking the migration of this one particular group. Jonathan Tony Murray [EMAIL PROTECTED] Envoyé par : [EMAIL PROTECTED] 03/10/2004 12:57 PM Veuillez répondre à ActiveDir Pour :[EMAIL PROTECTED] cc : Objet :Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group Jonthan I shouldn't think the name of the group should cause any problems anyway, as ADMT would use the SID. The Admins du Domaine group should have a SID in the format: SID: S-1-5-domain-512 Can you confirm your Admins du Domaine has this value? Tony -- Original Message -- Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC Reply-To: [EMAIL PROTECTED] Date: Wed, 10 Mar 2004 10:36:44 +0100 Hi, I am trying to migrate between forests from a Windows 2000 Server (French Version) to 2003 (English / Multi-Language). We have our domain admins group in Admins du Domaine on the source domain. When I try to move a user in this group to the New 2003 domain, the ADMT v2 tool sends an error and stops running rather than realizing the group is a built-in and passing over it. All other users copy without a problem. ( I am migrating the SIDs for the users also... ) I cannot delete the Admins du Domaine and renaming this group still makes ADMT v2 error out. Does anyone know of a possible solution? I would rather not skip the users in the Admins du Domaine group with ADMT because this would be very time-consuming to re-create these users and it increases the chance for mis-configurations on my part. Any ideas would greatly be appreciated! Jonathan List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: Réf. : Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group
Just to Clarify, Is the problem that the group will not migrate or that the migration fails and doesn't take any of the group members? I know that the built in groups are not supposed to migrate but the accounts should be able to continue without issue. The group should just throw an error in the log file, perhaps you could post the admt log file here? The logfiles are located on C:\Program Files\Active Directory Migration Tool\Logs on your admt machine. On Mar 10, 2004, at 8:19 AM, [EMAIL PROTECTED]> wrote: I have SID S-1-5-x-x-x-512 for the Admins du Domaine group. I thought everything was drawn from the SID but something is blocking the migration of this one particular group. Brent Westmoreland BMW Group - Data Center Americas Business: 864.989.6567
RE: [ActiveDir] ADMT v2 : Problem with Domain Admins Group
you've probably configured ADMT to migrated the groups with the users - don't do this. ADMT can't migrate any built-in or default group (like domain admins), especially when using SIDhistory, so this could be the reason migrating the users belonging to this group will fail. First migrate groups, then migrate users with the option to update previously migrated groups. Can also do this the other way around. Other tools can also not migrate these built-in groups with SID-history, but some of them are at least smart enough to migrate them without SIDhistory anyways or at least populat the users into the appropriate groups (if you really want this). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Mittwoch, 10. März 2004 12:58 To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] ADMT v2 : Problem with Domain Admins Group Jonthan I shouldn't think the name of the group should cause any problems anyway, as ADMT would use the SID. The Admins du Domaine group should have a SID in the format: SID: S-1-5-domain-512 Can you confirm your Admins du Domaine has this value? Tony -- Original Message -- Wrom: EAIJJPHSCRTNHGSWZIDREXCAXZOWC Reply-To: [EMAIL PROTECTED] Date: Wed, 10 Mar 2004 10:36:44 +0100 Hi, I am trying to migrate between forests from a Windows 2000 Server (French Version) to 2003 (English / Multi-Language).We have our domain admins group in Admins du Domaine on the source domain. When I try to move a user in this group to the New 2003 domain, the ADMT v2 tool sends an error and stops running rather than realizing the group is a built-in and passing over it. All other users copy without a problem. ( I am migrating the SIDs for the users also... ) I cannot delete the Admins du Domaine and renaming this group still makes ADMT v2 error out. Does anyone know of a possible solution? I would rather not skip the users in the Admins du Domaine group with ADMT because this would be very time-consuming to re-create these users and it increases the chance for mis-configurations on my part. Any ideas would greatly be appreciated! Jonathan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
I don't recall Quest's Fastlane product requiring it. Since we were going to a virgin forest, however, there was no reason for us to even look at mixed mode for it. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject:[ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org
RE: [ActiveDir] ADMT v2
MS says this will be much easier in the next version of Exchange. Amit Zinman Systems Consultant Integrity Systems [EMAIL PROTECTED] 03-7522424 058-326753 -Original Message- From: Ayers, Diane [mailto:DAyers;pacbell.net] Sent: Wednesday, October 23, 2002 4:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Yea, it meets all those. It's actually an AD to AD migration. We re-ran some tests today and the accounts came across with passwords intact and SIDhistory. Way cool. GO figure why the other tests didn't work. I guess we were too impatient when we tried the accounts after migration. One key point that I found is that the PES key is computer specific. The migration can _only_ be done on the computer that generated the key. Now if I can just figure out the best way to do an E2K to E2K migration... Diane -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray Sent: Tuesday, October 22, 2002 8:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Yes. It's been a while since I've done a migration, but does your PES meet the following criteria?: Must be installed on a Domain Controller (PDC or BDC) The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher) The 128-bit high encryption pack must be installed on the Server At least one PES is required per NT Account Domain Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 22 Oct 2002 07:49:17 -0700 Has anyone gotten the PES (password export server) portion to work? I was pulling my hair out yesterday getting the thing to recognize the keys correctly. Once it did, still no password migration. I had the same success with third party migration tools that use the PES server. Q322981 was not much help although I did make sure everything was according to Hoyle Diane -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Monday, October 21, 2002 11:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 ...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is fully supported by Microsoft. Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Oct 2002 12:33:44 -0700 As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm
RE: [ActiveDir] ADMT v2
-Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 ADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] ADMT v2
http://www.aelita.com/products/DMW.htm For a few grand this does everything, 'nuff said. -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] ADMT v2
Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info
RE: [ActiveDir] ADMT v2
Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] ADMT v2
Sure does, aeltia does everything. ;p -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail
RE: [ActiveDir] ADMT v2
Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http
RE: [ActiveDir] ADMT v2
Is it free? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 9:50 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org
RE: [ActiveDir] ADMT v2
Nope... -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 11:36 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is it free? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 9:50 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org
RE: [ActiveDir] ADMT v2
I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject:[ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane
RE: [ActiveDir] ADMT v2
Not all that interesting but what I told Stuart was that our migration technologies will use SID History in both Native and Mixed mode domains. When in mixed mode, the user will only benefit from SID History if a W2k DC does the authentication. This is done by the way the SID History is applied. Aelita does it a bit different than MS. It is using the same SID History attribute it just applies it differently. I don't really know the bits and bytes of it or the APIs in use but understand it is done differently. It is definitely a nice feature to have available. I will try to get some more details... Kevin, -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Friday, October 25, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject
RE: [ActiveDir] ADMT v2
I'm interested too, if you could either post it or email it to me, that would be great. -gil -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Friday, October 25, 2002 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21
RE: [ActiveDir] ADMT v2
Kevin, Would Microsoft provide support if something happened during the SIDHistory update process since the published Microsoft API's are not being utilized? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Not all that interesting but what I told Stuart was that our migration technologies will use SID History in both Native and Mixed mode domains. When in mixed mode, the user will only benefit from SID History if a W2k DC does the authentication. This is done by the way the SID History is applied. Aelita does it a bit different than MS. It is using the same SID History attribute it just applies it differently. I don't really know the bits and bytes of it or the APIs in use but understand it is done differently. It is definitely a nice feature to have available. I will try to get some more details... Kevin, -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Friday, October 25, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment
RE: [ActiveDir] ADMT v2
This is fully supported by Microsoft. -Original Message- From: DiBias, Chip [mailto:Chip.DiBias;bindview.com] Sent: Friday, October 25, 2002 5:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Kevin, Would Microsoft provide support if something happened during the SIDHistory update process since the published Microsoft API's are not being utilized? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Not all that interesting but what I told Stuart was that our migration technologies will use SID History in both Native and Mixed mode domains. When in mixed mode, the user will only benefit from SID History if a W2k DC does the authentication. This is done by the way the SID History is applied. Aelita does it a bit different than MS. It is using the same SID History attribute it just applies it differently. I don't really know the bits and bytes of it or the APIs in use but understand it is done differently. It is definitely a nice feature to have available. I will try to get some more details... Kevin, -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Friday, October 25, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10
RE: [ActiveDir] ADMT v2
Sorry for the bad form but I wanted to add another comment. I never said Microsoft's published API's are not in use. I said I was not clear on the bits and bytes of it and the APIs used. But just understand from the developers that our process to update the attribute is different. (I don't know what different means here). I will try to get more information and post it next week. -Original Message- From: Sullivan, Kevin Sent: Friday, October 25, 2002 10:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 This is fully supported by Microsoft. -Original Message- From: DiBias, Chip [mailto:Chip.DiBias;bindview.com] Sent: Friday, October 25, 2002 5:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Kevin, Would Microsoft provide support if something happened during the SIDHistory update process since the published Microsoft API's are not being utilized? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Not all that interesting but what I told Stuart was that our migration technologies will use SID History in both Native and Mixed mode domains. When in mixed mode, the user will only benefit from SID History if a W2k DC does the authentication. This is done by the way the SID History is applied. Aelita does it a bit different than MS. It is using the same SID History attribute it just applies it differently. I don't really know the bits and bytes of it or the APIs in use but understand it is done differently. It is definitely a nice feature to have available. I will try to get some more details... Kevin, -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Friday, October 25, 2002 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 I'd be interested - Yes, please do post it. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Sullivan, Kevin Sent: Friday, October 25, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Replied via email... (If anyone else is interested let me know and I will post the response) -Original Message- From: Stuart Kwan [mailto:skwan;windows.microsoft.com] Sent: Friday, October 25, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Does it use SID History for the migration? -Original Message- From: Sullivan, Kevin [mailto:KSullivan;aelita.com] Sent: Friday, October 25, 2002 6:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Aelita Domain Migration Wizard... (For one) -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Friday, October 25, 2002 9:24 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 Is there any migration tool that doesn't require the target be in native mode. -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Thursday, October 24, 2002 6:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 erADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject:RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation
RE: [ActiveDir] ADMT v2
So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
I understood ADMT to be a good method for migrating Intraforest if you need to move users computers Servers. As in the case of domain consolidation. We have used v1 to collapse domains into the parent. IE: Upgrade Domain 1 to AD.com Upgrade Domain 2 to child.AD.com Use ADMT to move the groups, users, and computers to ad.com keeping the security correct. decommision child.ad.com I didn't think the prune and graft tools like movetree would allow that .. but I am always open to being corrected as it will make my next migration easier. Chad P. -Original Message- From: [EMAIL PROTECTED] To: Sent: 10/24/2002 11:19 AM Subject: RE: [ActiveDir] ADMT v2 I believe there are prune and graft tools that will let you do a intra-forest migration like that. I look at ADMT as an inter-forest migration tool. I have not investigated the intra-forest tools so I don't have the details. Diane -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Thursday, October 24, 2002 6:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ +++The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed
RE: [ActiveDir] ADMT v2
You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
I believe there are prune and graft tools that will let you do a intra-forest migration like that. I look at ADMT as an inter-forest migration tool. I have not investigated the intra-forest tools so I don't have the details. Diane -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Thursday, October 24, 2002 6:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Well, you can - but it is meant more for entity to entity, e.g. forest to forest, NT Domain to Windows 2000. A migration from domain to domain within the same forest effectively ends up being a move of security principals - there is no option or ability to disable the source account and maintain it. Looking st the construction of SIDs and RIDs, this makes sense, though. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 8:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Should be able to do that no problem. -- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA -Original Message- From: Salandra, Justin A. [mailto:jasalandra;chcsnet.org] Sent: Thursday, October 24, 2002 9:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
ADMT requires that the target be native, too. -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Thursday, October 24, 2002 11:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 But move tree requires that the target domain be in native mode. I have some places that need to stay in mixed mode. -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Thursday, October 24, 2002 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 You've got Movetree to move objects within a Forest. You don't need to migrate with ADMT. http://www.winnetmag.com/Articles/Index.cfm?ArticleID=7614 Tony -- Original Message -- From: Salandra, Justin A. [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 24 Oct 2002 09:47:56 -0400 So I can use ADMT v2 in a Windows 2000 AD environment to migrate between domains? Such as parent to child? -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Wednesday, October 23, 2002 6:50 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Diane, Glad to hear that everything is working. I was a bit concerned that your password migration scenario was not working. It's been flawless for us. Now, as to the migration can _only_ be done on the computer that generated the key - Yep. Did you miss that in the notes that I posted on the 16th? The more likely cause was that I made it so unintelligible that no one could understand it Sorry about that! Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Tuesday, October 22, 2002 9:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Yea, it meets all those. It's actually an AD to AD migration. We re-ran some tests today and the accounts came across with passwords intact and SIDhistory. Way cool. GO figure why the other tests didn't work. I guess we were too impatient when we tried the accounts after migration. One key point that I found is that the PES key is computer specific. The migration can _only_ be done on the computer that generated the key. Now if I can just figure out the best way to do an E2K to E2K migration... Diane -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray Sent: Tuesday, October 22, 2002 8:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Yes. It's been a while since I've done a migration, but does your PES meet the following criteria?: Must be installed on a Domain Controller (PDC or BDC) The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher) The 128-bit high encryption pack must be installed on the Server At least one PES is required per NT Account Domain Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 22 Oct 2002 07:49:17 -0700 Has anyone gotten the PES (password export server) portion to work? I was pulling my hair out yesterday getting the thing to recognize the keys correctly. Once it did, still no password migration. I had the same success with third party migration tools that use the PES server. Q322981 was not much help although I did make sure everything was according to Hoyle Diane -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Monday, October 21, 2002 11:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 ...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is fully supported by Microsoft. Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Oct 2002 12:33:44 -0700 As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List
RE: [ActiveDir] ADMT v2
What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject:RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Version 1 was/is usable in Win2k environments as well - typically cross forest. From the ADMT v 2.0 README: Scripting and command-line interface Password migration Migration log files Credentials needed for migration operators SID Mapping Files for security translation Windows 2000 attribute exclusion Agent credentials no longer required Fix membership is optional Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Salandra, Justin A. Sent: Wednesday, October 23, 2002 10:44 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ADMT v2 What is the difference between ADMT v2 and v1? Can you use the ADMT v2 in a Windows 2000 Active Directory Enviorment? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 914.681.8117 office 646.483.3325 cell [EMAIL PROTECTED] -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 1:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is fully supported by Microsoft. Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Oct 2002 12:33:44 -0700 As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Yes. It's been a while since I've done a migration, but does your PES meet the following criteria?: Must be installed on a Domain Controller (PDC or BDC) The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher) The 128-bit high encryption pack must be installed on the Server At least one PES is required per NT Account Domain Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 22 Oct 2002 07:49:17 -0700 Has anyone gotten the PES (password export server) portion to work? I was pulling my hair out yesterday getting the thing to recognize the keys correctly. Once it did, still no password migration. I had the same success with third party migration tools that use the PES server. Q322981 was not much help although I did make sure everything was according to Hoyle Diane -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Monday, October 21, 2002 11:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 ...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is fully supported by Microsoft. Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Oct 2002 12:33:44 -0700 As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
Yea, it meets all those. It's actually an AD to AD migration. We re-ran some tests today and the accounts came across with passwords intact and SIDhistory. Way cool. GO figure why the other tests didn't work. I guess we were too impatient when we tried the accounts after migration. One key point that I found is that the PES key is computer specific. The migration can _only_ be done on the computer that generated the key. Now if I can just figure out the best way to do an E2K to E2K migration... Diane -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org]On Behalf Of Tony Murray Sent: Tuesday, October 22, 2002 8:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Yes. It's been a while since I've done a migration, but does your PES meet the following criteria?: Must be installed on a Domain Controller (PDC or BDC) The Domain Controller must run Windows NT 4.0 Service Pack 5 (or higher) The 128-bit high encryption pack must be installed on the Server At least one PES is required per NT Account Domain Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 22 Oct 2002 07:49:17 -0700 Has anyone gotten the PES (password export server) portion to work? I was pulling my hair out yesterday getting the thing to recognize the keys correctly. Once it did, still no password migration. I had the same success with third party migration tools that use the PES server. Q322981 was not much help although I did make sure everything was according to Hoyle Diane -Original Message- From: Tony Murray [mailto:tony;mail.activedir.org] Sent: Monday, October 21, 2002 11:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 ...and the really good news about ADMT 2.0 is that the version on the .NET RC1 CD is fully supported by Microsoft. Tony -- Original Message -- From: Ayers, Diane [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Oct 2002 12:33:44 -0700 As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] ADMT v2
As Homer Sez: DOh! Thanks... -Original Message- From: Rick Kingslan [mailto:rkingsla;cox.net] Sent: Monday, October 21, 2002 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADMT v2 Diane, Look under the ADMT folder in the I386 directory. Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 Any sufficiently advanced technology is indistinguishable from magic. --- Arthur C. Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir-owner;mail.activedir.org] On Behalf Of Ayers, Diane Sent: Monday, October 21, 2002 12:29 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] ADMT v2 All: I'm looking for ADMT version 2. I've dug around my .NET CDs and can't find it. Can someone point me in the right direction... Diane List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/