|
|
![]() |
| Thread Tools | Search this Thread |
#1
| |||
| |||
How to assign Domain admin credential to User from trusted domain
I am using the ADMT to migrate users from a Windows 2003 domain to a Windows 2008 domain in a different forest. I need to migrate the SID history with the users. The technet article states the following "Delegated Read all user information permission on the user OU or group OU and domain administrator credential" My problem is that using AD Users & Computers in the source domain there is no option to add my migration account from the target domain to the Domain Admins group in the source domain. The target trusted domain does not show up as an available option to add accounts from. (There is a two way trust setup between both domains and it is working) The ADMT wizzard will not allow me to migrate the SID history without this. Is there some way around this? Thanks |
#2
| |||
| |||
Re: How to assign Domain admin credential to User from trusted domain
Hello tom, Create a universal group in Domain1 (maybe Domain1\ADMTAdmin), add Domain2\Domain Admins to Domain1\ADMTAdmins, now you can add Domain1\ADMTAdmins to Domain1\Domain Admins Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Delegated Read all user information permission on the user OU or group > OU > |
#3
| |||
| |||
Re: How to assign Domain admin credential to User from trusted domain
If you can't see any users or groups from the source domain it sounds like the trust isn't setup/working properly. Can you see users/groups from any server within the source domain. If you can see users and groups but not be able to place users in a particular group it is probably just because the group you are intending to use can't contain members from another domain/forest. You need to be aware of the group scope: http://technet.microsoft.com/en-us/l...92(WS.10).aspx -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft's Thrive IT Pro of the Month - June 2009 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Tom" <Tom@discussions.microsoft.com> wrote in message news:506DB6A9-DB8E-469E-89B9-7E6DC5172A6B@microsoft.com... >I am using the ADMT to migrate users from a Windows 2003 domain to a >Windows > 2008 domain in a different forest. I need to migrate the SID history with > the > users. The technet article states the following > "Delegated Read all user information permission on the user OU or group OU > and domain administrator credential" > My problem is that using AD Users & Computers in the source domain there > is > no option to add my migration account from the target domain to the Domain > Admins group in the source domain. The target trusted domain does not show > up > as an available option to add accounts from. (There is a two way trust > setup > between both domains and it is working) > The ADMT wizzard will not allow me to migrate the SID history without > this. > Is there some way around this? > Thanks > |
#4
| |||
| |||
Re: How to assign Domain admin credential to User from trusted dom
Hi Meinolf, Eventhough both domains trust eachother domain2 is not an available option when I attempt to add an account or group from domain1. Universal and Global groups do not appear to accept accounts from a trusted domain, they also do not accept accounts grom Domain Local Security groups in the same domain. How do I give an account from a trusted domain admin priviliges on a trusting domain? "Meinolf Weber [MVP-DS]" wrote: > Hello tom, > > Create a universal group in Domain1 (maybe Domain1\ADMTAdmin), add Domain2\Domain > Admins to Domain1\ADMTAdmins, now you can add Domain1\ADMTAdmins to Domain1\Domain > Admins > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > Delegated Read all user information permission on the user OU or group > > OU > > > > > |
#5
| |||
| |||
Re: How to assign Domain admin credential to User from trusted dom
Just realized the group I need to add the other domain admin to is the Builtin/administrators group "Tom" wrote: > Hi Meinolf, > Eventhough both domains trust eachother domain2 is not an available option > when I attempt to add an account or group from domain1. Universal and Global > groups do not appear to accept accounts from a trusted domain, they also do > not accept accounts grom Domain Local Security groups in the same domain. > How do I give an account from a trusted domain admin priviliges on a > trusting domain? > > > "Meinolf Weber [MVP-DS]" wrote: > > > Hello tom, > > > > Create a universal group in Domain1 (maybe Domain1\ADMTAdmin), add Domain2\Domain > > Admins to Domain1\ADMTAdmins, now you can add Domain1\ADMTAdmins to Domain1\Domain > > Admins > > > > Best regards > > > > Meinolf Weber > > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > > no rights. > > ** Please do NOT email, only reply to Newsgroups > > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > > > > Delegated Read all user information permission on the user OU or group > > > OU > > > > > > > > > |
![]() |
|
Tags: assign, credential, trusted |
Thread Tools | Search this Thread |
|
![]() | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Domain Admin cannot create user account | ChrisMo | Windows Server Help | 1 | 10-04-2012 12:03 PM |
Unable to see a forest trusted domain from XP admin tools but able to see from a Domain Controller | Assasin boy | Networking & Security | 5 | 24-08-2010 03:12 AM |
How to make a VPN domain user permanent local admin | Hassing | Operating Systems | 2 | 05-05-2010 05:40 PM |
Child domain user does not show parent domain group membership | Pratim | Active Directory | 1 | 19-06-2008 01:58 AM |
Making a user Local Admin on domain computers | Niklas Ramstedt | Windows Server Help | 1 | 29-04-2008 02:41 PM |