Domain Migrations between Windows 2003 and Windows 2008R2 forest to forest
Hello, see the following blog from Santhosh about using ADMT: http://www.sivarajan.com/admt.htmlBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
July 17th, 2011 10:14am

I am preforming a domain migration from Windows 2003 to Windows 2008R2. I have setup and configured the domain trust. I have setup and configured ADMT 3.2 and password migrator. I have sid history enabled and sid filtering disabled. However here are the issues that I am encountering! 1. When I migrate the users to the target domain it forces a password change and also will not allow for access to the old domain. 2. No matter what I do the Windows 7 machines will not migrate. I get random failures from can find the admin$ share to errors around the the netlogon and workstation services not running. The firewall services is not running and there are not other firewall services on the machine. If I just connect to the machine with \\machinename\admin$ it works just fine. I am at a loss. Any helpPreston Thornhill
Free Windows Admin Tool Kit Click here and download it now
July 17th, 2011 12:01pm

Already looked at this and preformed these functions but it did not resolve the issue.Preston Thornhill
July 17th, 2011 9:19pm

Hi, Please make sure that the migration account has the required privileges on both domains and check the following list. Checklist: Performing an Intraforest Migration http://technet.microsoft.com/en-us/library/cc974337(WS.10).aspx Regards, Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com .Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2011 12:17am

Did this did not resolve the issue/Preston Thornhill
July 18th, 2011 2:21pm

>>> will not allow for access to the old domain. What do you mean by that? Did you verify the SID History? Are you getting any error message when you access the resources in the source domain?> >>> the Windows 7 machines will not migrate Please post the error message from ADMT log file here. Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX Blogs - http://blogs.sivarajan.com/ Articles - http://www.sivarajan.com/publications.html Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara This posting is provided AS IS with no warranties,and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2011 3:17pm

Here are the logs Settings Section] Task: User Migration (28) ADMT Console User: FENTON\administrator Computer: FENTON-AD-02.fenton.ad (FENTON-AD-02) Domain: fenton.ad (FENTON) OS: Windows Server 2008 R2 Datacenter 6.1 (7601) Service Pack 1 Source Domain Name: aeis.com (AEIS) DC: stlad01.aeis.com (STLAD01) OS: Windows Server 2003 5.2 (3790) Service Pack 2 OU: Target Domain Name: fenton.ad (FENTON) DC: FENTON-AD-02.fenton.ad (FENTON-AD-02) OS: Windows Server 2008 R2 Datacenter 6.1 (7601) Service Pack 1 OU: LDAP://fenton.ad/OU=Users,OU=Information Technology,OU=Fenton,DC=fenton,DC=ad Intra-Forest: No Password Option: Copy passwords, only for new objects = No Password Export Server: stlad01.aeis.com Migrate Security Identifiers: Yes Update Rights: Yes Translate Roaming Profiles: Yes Fix group membership: Yes Conflict Option: Merge, rights = No, members = No, move objects = Yes Source Disable Option: Leave source account Source Expiration: Do not expire source account Target Disable Option: Set target same as source Migrate groups: Yes Update Migrated Objects: Yes Migrate service accounts: Yes [Object Migration Section] 2011-07-20 18:35:43 Starting Account Replicator. 2011-07-20 18:35:43 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping LDAP://aeis.com/CN=Schema Admins,CN=Users,DC=aeis,DC=com 2011-07-20 18:35:43 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping LDAP://aeis.com/CN=Enterprise Admins,CN=Users,DC=aeis,DC=com 2011-07-20 18:35:43 CN=Thornhill\, Preston - Created 2011-07-20 18:35:43 SID for AEIS\pthornhi added to the SID History of FENTON\pthornhi 2011-07-20 18:35:44 WRN1:7561 ADMT could not migrate some properties for this object type (user) due to schema mismatches. Please refer to the Schema Section in the migration log for a complete listing. The Schema Section will be available once object migration is complete. 2011-07-20 18:35:44 WRN1:7857 Could not copy following properties for 'CN=Thornhill\, Preston'. 2011-07-20 18:35:44 showInAddressBook = CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=AEIS,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=aeis,DC=com, ... A constraint violation occurred. 2011-07-20 18:35:44 CN=Thornhill\, Preston - Password Copied. 2011-07-20 18:35:45 ERR2:7566 Unable to move object CN=Domain Admins,CN=Users,DC=fenton,DC=ad to OU=Users,OU=Information Technology,OU=Fenton,DC=fenton,DC=ad. This is most likely due to a conflicting relative distinguished name (RDN). There is a naming violation. 2011-07-20 18:35:45 ERR2:7301 Failed to migrate source object 'Domain Admins' to domain 'fenton.ad'. The target object could not be created. hr=0x80072037 There is a naming violation. 2011-07-20 18:35:45 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping LDAP://aeis.com/CN=Schema Admins,CN=Users,DC=aeis,DC=com 2011-07-20 18:35:45 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping LDAP://aeis.com/CN=Enterprise Admins,CN=Users,DC=aeis,DC=com 2011-07-20 18:35:45 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping LDAP://aeis.com/CN=Administrators,CN=Builtin,DC=aeis,DC=com 2011-07-20 18:35:45 Granting privilege SeServiceLogonRight to pthornhi 2011-07-20 18:35:45 Updated user rights for CN=Thornhill\, Preston 2011-07-20 18:35:45 Operation completed. Preston Thornhill
July 20th, 2011 7:45pm

>>2011-07-20 18:35:43 WRN1:7372 ADMT does not process BUILTIN accounts or change the membership of BUILTIN groups (Administrators, etc.). Skipping You can’t migrate built-in groups using ADMT. >>2011-07-20 18:35:44 WRN1:7561 ADMT could not migrate some properties for this object type (user) due to schema mismatches. Please refer to the Schema Section in the migration log for a complete listing. The Schema Section will be available once object migration is complete. You have some types of Schema mismatch, you need to exclude those attributes. Refer ADMT guide for info >>2011-07-20 18:35:45 ERR2:7566 Unable to move object CN=Domain Admins,CN=Users,DC=fenton,DC=ad to OU=Users,OU=Information Technology,OU=Fenton,DC=fenton,DC=ad You can’t migrate Domain Admins. Why are you trying to migrate Domain Admins? Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX Blogs - http://blogs.sivarajan.com/ Articles - http://www.sivarajan.com/publications.html Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara This posting is provided AS IS with no warranties,and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2011 8:20pm

Thats fine I will reduce amount of groups I migrate. But this would not cause the issue that I am having?Preston Thornhill
July 20th, 2011 10:28pm

Hi, I would like to confirm what is the current situation after reducing amount of groups? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help. Regards, Arthur Li Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2011 3:15am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics