Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



ADMT V3 has no right to migrate computers account from NT4 to 2003

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 27-06-2006
beemer
 
Posts: n/a
ADMT V3 has no right to migrate computers account from NT4 to 2003

I'm trying to migrate a test computer account from NT4 domain to AD2003 and
always get the same error:
2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
installed on pc_test_migraci
2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
\\pc_test_migraci is unknown, Error accessing registry key
SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
Access is denied.
2006-06-27 13:17:21 ERR2:7006 Failed to install agent on \\pc_test_migraci,
rc=5 Access is denied.
2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the machine
'pc_test_migraci'. Make sure the share exists and the account running ADMT
is a member of local administrators group on the machine 'pc_test_migraci'.
hr=0x80070005. Access is denied.

Obiously the computer to be migrated has only SourceDomain\Domain Admins
included on its administrator local group. The error says that I've to
include DestinationDomain\Domain Admins also, but how can I do it in
unnatended mode and 200 computers distributed in several cities?

I thought on a command line, but the users that logon on the computers are
normal users and have no rights to execute a net localgrou administrators
"DestinationDomain\Domain Admins" /add command.

I've added DestinationDomain\Domain Admins to the
SourceDomain\Administrators group but this group isn't in the local computer
administrator group either, and of course it did't work.

I imagine that there will be a simple and obvious solution to this issue,
but I cannot find it. Any ideas?

Thanks





Reply With Quote
  #2  
Old 28-06-2006
Vincent Xu [MSFT]
 
Posts: n/a
RE: ADMT V3 has no right to migrate computers account from NT4 to 2003

Hi,

1. Check if you logged in to the target domain (XYZ.com) root DC with the
Administrator account of the source domain (ABC.com) and now migrated the
computer accounts.

2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS

3. added the LOCAL SERVICE group to the permissions of the following
regisry
key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
nreg

4. You can use a script net localgroup administrators <account> /add to add
the appropriate account to the administrators group:



Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>From: "beemer" <beemer(antispam)@teleline.es>
>>Subject: ADMT V3 has no right to migrate computers account from NT4 to

2003
>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>Lines: 36
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net

80.28.13.152
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24255
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>I'm trying to migrate a test computer account from NT4 domain to AD2003

and
>>always get the same error:
>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>installed on pc_test_migraci
>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>\\pc_test_migraci is unknown, Error accessing registry key
>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>Access is denied.
>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on

\\pc_test_migraci,
>>rc=5 Access is denied.
>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the

machine
>>'pc_test_migraci'. Make sure the share exists and the account running

ADMT
>>is a member of local administrators group on the machine

'pc_test_migraci'.
>>hr=0x80070005. Access is denied.
>>
>>Obiously the computer to be migrated has only SourceDomain\Domain Admins
>>included on its administrator local group. The error says that I've to
>>include DestinationDomain\Domain Admins also, but how can I do it in
>>unnatended mode and 200 computers distributed in several cities?
>>
>>I thought on a command line, but the users that logon on the computers

are
>>normal users and have no rights to execute a net localgrou administrators
>>"DestinationDomain\Domain Admins" /add command.
>>
>>I've added DestinationDomain\Domain Admins to the
>>SourceDomain\Administrators group but this group isn't in the local

computer
>>administrator group either, and of course it did't work.
>>
>>I imagine that there will be a simple and obvious solution to this issue,
>>but I cannot find it. Any ideas?
>>
>>Thanks
>>
>>
>>
>>
>>


Reply With Quote
  #3  
Old 28-06-2006
beemer
 
Posts: n/a
Re: ADMT V3 has no right to migrate computers account from NT4 to 2003

Thanks for your answer Vicent.
I have followed your advice 1 but not in the DC but in a member server and
it worked for the testing computer.
Tomorrow I'll start to migrate real computers and hope all works OK ;)

Regards

Beemer




"Vincent Xu [MSFT]" <v-xuwen@online.microsoft.com> escribi? en el mensaje
news:DUJ8gylmGHA.5164@TK2MSFTNGXA01.phx.gbl...
> Hi,
>
> 1. Check if you logged in to the target domain (XYZ.com) root DC with the
> Administrator account of the source domain (ABC.com) and now migrated the
> computer accounts.
>
> 2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
> and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS
>
> 3. added the LOCAL SERVICE group to the permissions of the following
> regisry
> key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
> nreg
>
> 4. You can use a script net localgroup administrators <account> /add to
> add
> the appropriate account to the administrators group:
>
>
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> ======================================================
> Get Secure! - www.microsoft.com/security
> ======================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others
> may learn and benefit from this issue.
> ======================================================
> This posting is provided "AS IS" with no warranties,and confers no rights.
> ======================================================
>
>
>
> --------------------
>>>From: "beemer" <beemer(antispam)@teleline.es>
>>>Subject: ADMT V3 has no right to migrate computers account from NT4 to

> 2003
>>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>>Lines: 36
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
>>>Newsgroups: microsoft.public.windows.server.migration
>>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net

> 80.28.13.152
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl

> microsoft.public.windows.server.migration:24255
>>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>>
>>>I'm trying to migrate a test computer account from NT4 domain to AD2003

> and
>>>always get the same error:
>>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>>installed on pc_test_migraci
>>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>>\\pc_test_migraci is unknown, Error accessing registry key
>>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>>Access is denied.
>>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on

> \\pc_test_migraci,
>>>rc=5 Access is denied.
>>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the

> machine
>>>'pc_test_migraci'. Make sure the share exists and the account running

> ADMT
>>>is a member of local administrators group on the machine

> 'pc_test_migraci'.
>>>hr=0x80070005. Access is denied.
>>>
>>>Obiously the computer to be migrated has only SourceDomain\Domain Admins
>>>included on its administrator local group. The error says that I've to
>>>include DestinationDomain\Domain Admins also, but how can I do it in
>>>unnatended mode and 200 computers distributed in several cities?
>>>
>>>I thought on a command line, but the users that logon on the computers

> are
>>>normal users and have no rights to execute a net localgrou administrators
>>>"DestinationDomain\Domain Admins" /add command.
>>>
>>>I've added DestinationDomain\Domain Admins to the
>>>SourceDomain\Administrators group but this group isn't in the local

> computer
>>>administrator group either, and of course it did't work.
>>>
>>>I imagine that there will be a simple and obvious solution to this issue,
>>>but I cannot find it. Any ideas?
>>>
>>>Thanks
>>>
>>>
>>>
>>>
>>>

>



Reply With Quote
  #4  
Old 29-06-2006
Vincent Xu [MSFT]
 
Posts: n/a
Re: ADMT V3 has no right to migrate computers account from NT4 to 2003

Hi,

Glad to provide assistance. Remember, you must run admt on DC to migrate AD
Objects.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>From: "beemer" <beemer(antispam)@teleline.es>
>>References: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>

<DUJ8gylmGHA.5164@TK2MSFTNGXA01.phx.gbl>
>>Subject: Re: ADMT V3 has no right to migrate computers account from NT4

to 2003
>>Date: Wed, 28 Jun 2006 17:32:22 +0200
>>Lines: 118
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <uhdFOgsmGHA.748@TK2MSFTNGP02.phx.gbl>
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net

80.28.13.152
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24266
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>Thanks for your answer Vicent.
>>I have followed your advice 1 but not in the DC but in a member server

and
>>it worked for the testing computer.
>>Tomorrow I'll start to migrate real computers and hope all works OK ;)
>>
>>Regards
>>
>>Beemer
>>
>>
>>
>>
>>"Vincent Xu [MSFT]" <v-xuwen@online.microsoft.com> escribi?en el mensaje
>>news:DUJ8gylmGHA.5164@TK2MSFTNGXA01.phx.gbl...
>>> Hi,
>>>
>>> 1. Check if you logged in to the target domain (XYZ.com) root DC with

the
>>> Administrator account of the source domain (ABC.com) and now migrated

the
>>> computer accounts.
>>>
>>> 2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
>>> and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS
>>>
>>> 3. added the LOCAL SERVICE group to the permissions of the following
>>> regisry
>>>

key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
>>> nreg
>>>
>>> 4. You can use a script net localgroup administrators <account> /add to
>>> add
>>> the appropriate account to the administrators group:
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Vincent Xu
>>> Microsoft Online Partner Support
>>>
>>> ======================================================
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> When responding to posts, please "Reply to Group" via your newsreader so
>>> that others
>>> may learn and benefit from this issue.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties,and confers no

rights.
>>> ======================================================
>>>
>>>
>>>
>>> --------------------
>>>>>From: "beemer" <beemer(antispam)@teleline.es>
>>>>>Subject: ADMT V3 has no right to migrate computers account from NT4 to
>>> 2003
>>>>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>>>>Lines: 36
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>Message-ID: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
>>>>>Newsgroups: microsoft.public.windows.server.migration
>>>>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net
>>> 80.28.13.152
>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>>>>Xref: TK2MSFTNGXA01.phx.gbl
>>> microsoft.public.windows.server.migration:24255
>>>>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>>>>
>>>>>I'm trying to migrate a test computer account from NT4 domain to AD2003
>>> and
>>>>>always get the same error:
>>>>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>>>>installed on pc_test_migraci
>>>>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>>>>\\pc_test_migraci is unknown, Error accessing registry key
>>>>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>>>>Access is denied.
>>>>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on
>>> \\pc_test_migraci,
>>>>>rc=5 Access is denied.
>>>>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the
>>> machine
>>>>>'pc_test_migraci'. Make sure the share exists and the account running
>>> ADMT
>>>>>is a member of local administrators group on the machine
>>> 'pc_test_migraci'.
>>>>>hr=0x80070005. Access is denied.
>>>>>
>>>>>Obiously the computer to be migrated has only SourceDomain\Domain

Admins
>>>>>included on its administrator local group. The error says that I've to
>>>>>include DestinationDomain\Domain Admins also, but how can I do it in
>>>>>unnatended mode and 200 computers distributed in several cities?
>>>>>
>>>>>I thought on a command line, but the users that logon on the computers
>>> are
>>>>>normal users and have no rights to execute a net localgrou

administrators
>>>>>"DestinationDomain\Domain Admins" /add command.
>>>>>
>>>>>I've added DestinationDomain\Domain Admins to the
>>>>>SourceDomain\Administrators group but this group isn't in the local
>>> computer
>>>>>administrator group either, and of course it did't work.
>>>>>
>>>>>I imagine that there will be a simple and obvious solution to this

issue,
>>>>>but I cannot find it. Any ideas?
>>>>>
>>>>>Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>

>>
>>
>>


Reply With Quote
  #5  
Old 11-08-2006
Saqib Sultan Khan
 
Posts: n/a
RE: ADMT V3 has no right to migrate computers account from NT4 to 2003

As you have a trust relationship, logon to the Win2k3 domain using the admin
account of the NT4 domain and than run the ADMT. I was having the same
problem and i just tried this method and it's works well.

"beemer" wrote:

> I'm trying to migrate a test computer account from NT4 domain to AD2003 and
> always get the same error:
> 2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
> installed on pc_test_migraci
> 2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
> \\pc_test_migraci is unknown, Error accessing registry key
> SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
> Access is denied.
> 2006-06-27 13:17:21 ERR2:7006 Failed to install agent on \\pc_test_migraci,
> rc=5 Access is denied.
> 2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the machine
> 'pc_test_migraci'. Make sure the share exists and the account running ADMT
> is a member of local administrators group on the machine 'pc_test_migraci'.
> hr=0x80070005. Access is denied.
>
> Obiously the computer to be migrated has only SourceDomain\Domain Admins
> included on its administrator local group. The error says that I've to
> include DestinationDomain\Domain Admins also, but how can I do it in
> unnatended mode and 200 computers distributed in several cities?
>
> I thought on a command line, but the users that logon on the computers are
> normal users and have no rights to execute a net localgrou administrators
> "DestinationDomain\Domain Admins" /add command.
>
> I've added DestinationDomain\Domain Admins to the
> SourceDomain\Administrators group but this group isn't in the local computer
> administrator group either, and of course it did't work.
>
> I imagine that there will be a simple and obvious solution to this issue,
> but I cannot find it. Any ideas?
>
> Thanks
>
>
>
>
>

Reply With Quote
  #6  
Old 19-05-2008
Member
 
Join Date: May 2008
Posts: 4
I'm having similar trouble. I cannot logon to my Target DC using credentials from the Source domain. It complains that "The local policy of this system does not permit you to logon interactively". However, if I logon to the Target DC as a user from the Target domain, then logon completed, but I get errors when trying to migrate. I've found that the "net localgroup administrators Target\UserID /add" worked in testing, but how I can get this command on every workstation in the source domain?
I've already added Target\Domain Admins, and Target\UserID to the Source\BuiltIn\Administrators group, but that didn't work.

Please advise,
Tom
Reply With Quote
  #7  
Old 20-05-2008
Morgan che
 
Posts: n/a
Re: ADMT V3 has no right to migrate computers account from NT4 to 2003

Hi,

Thanks for posting here.

< I cannot logon to my Target DC using credentials from the Source domain.
It complains that "The local policy of this system does not permit you to
logon interactively">

[Morgan]:

To avoid "The local policy of this system does not permit you to logon
interactively" message, please perform the below steps:

1. Please log on the problematic computer. Click Start and choose Run.

2. Type "gpedit.msc" and click OK.

3. In the "Group Policy" window, double click on "Windows Settings" under
"Computer Configuration".

4. Double click on "Security Settings".

5. Double click on "Local Policies" and choose "User Rights Assignment".

6. In the right panel, double click on the "Allow log on locally" policy.
Please add the migrated user account and reboot the computer
to test the result.

If the "Allow log on locally" policy is grayed out, it probably inherits
from Domain or OU policy. Please modify "Allow log on locally" policy on
the domain or OU where you define this policy.

< if I logon to the Target DC as a user from the Target domain, then logon
completed, but I get errors when trying to migrate.>

[Morgan]:

To further assist on this issue, please send me the migration log file via
v-morche@microsoft.com . If there is any error message in Event log, please
send me together.

<I've found that the "net local group administrators Target\UserID /add"
worked in testing, but how I can get this command on every workstation in
the source domain?>

[Morgan]:

We don't need to run this command on every workstation. In a domain
environment, by default, the domain admin belongs to local administrator
group on member workstation. We just need to add a target Domain Admin user
account to the Administrators of local built-in group in the source domain,
when we log into the target server using this Domain Admin account from the
target domain, we will have the corresponding permissions to 'move' between
the target and source domain.

<I've already added Target\Domain Admins, and Target\UserID to the
Source\BuiltIn\Administrators group, but that didn't work.>

[Morgan]:

I recommend you refer to the following article firstly. To successfully
migrate computer account, not only we should grant the corresponding
permissions, but should we also perform other tasks, such as opening audit,
enabling TcpipClientSupport etc.

ADMT v3 Migration Guide
http://www.microsoft.com/downloads/d...770-3BBB-4B9E-

A8BC-01E9F7EF7342&displaylang=en

Hope this helps. If anything is unclear, please post back.


Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->From: thomasdietrich <thomasdietrich.39o13f@DoNotSpam.com>
--->Subject: Re: ADMT V3 has no right to migrate computers account from NT4
to 2003
--->Date: Mon, 19 May 2008 21:44:03 +0530
--->Message-ID: <thomasdietrich.39o13f@DoNotSpam.com>
--->Organization: Computer Help - http://forums.techarena.in
--->User-Agent: vBulletin USENET gateway
--->X-Newsreader: vBulletin USENET gateway
--->X-Originating-IP: 66.195.135.194
--->References: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
--->Newsgroups: microsoft.public.windows.server.migration
--->NNTP-Posting-Host: hostname.techarena.in 207.58.143.175
--->Lines: 1
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3625
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->
I'm having similar trouble. I cannot logon to my Target DC using
credentials from the Source domain. It complains that "The local
policy of this system does not permit you to logon interactively".
However, if I logon to the Target DC as a user from the Target domain,
then logon completed, but I get errors when trying to migrate. I've
found that the "net localgroup administrators Target\UserID /add"
worked in testing, but how I can get this command on every workstation
in the source domain?
--->I've already added Target\Domain Admins, and Target\UserID to the
Source\BuiltIn\Administrators group, but that didn't work.
--->
--->Please advise,
--->Tom


--
thomasdietrich
------------------------------------------------------------------------
thomasdietrich's Profile: http://forums.techarena.in/members/49810.htm
View this thread: ADMT V3 has no right to migrate computers account from NT4 to 2003

http://forums.techarena.in

--->

Reply With Quote
  #8  
Old 28-05-2008
Morgan che
 
Posts: n/a
Re: ADMT V3 has no right to migrate computers account from NT4 to 2003

Hi,

How are you?

I am writing to see if you have any update about this post. If my
suggestion is helpful or you
have solved this ssue, please feel free to let me know.
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->X-Tomcat-ID: 74848826
--->References: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
<thomasdietrich.39o13f@DoNotSpam.com>
--->MIME-Version: 1.0
--->Content-Type: text/plain
--->Content-Transfer-Encoding: 7bit
--->From: v-morche@online.microsoft.com (Morgan che(MSFT))
--->Organization: Microsoft
--->Date: Tue, 20 May 2008 07:53:24 GMT
--->Subject: Re: ADMT V3 has no right to migrate computers account from NT4
to 2003
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->Message-ID: <kuOaY6kuIHA.1788@TK2MSFTNGHUB02.phx.gbl>
--->Newsgroups: microsoft.public.windows.server.migration
--->Lines: 125
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3632
--->NNTP-Posting-Host: TOMCATIMPORT3 10.201.220.210
--->
--->Hi,
--->
--->Thanks for posting here.
--->
--->< I cannot logon to my Target DC using credentials from the Source
domain.
--->It complains that "The local policy of this system does not permit you
to
--->logon interactively">
--->
--->[Morgan]:
--->
--->To avoid "The local policy of this system does not permit you to logon
--->interactively" message, please perform the below steps:
--->
--->1. Please log on the problematic computer. Click Start and choose Run.
--->
--->2. Type "gpedit.msc" and click OK.
--->
--->3. In the "Group Policy" window, double click on "Windows Settings"
under
--->"Computer Configuration".
--->
--->4. Double click on "Security Settings".
--->
--->5. Double click on "Local Policies" and choose "User Rights Assignment".
--->
--->6. In the right panel, double click on the "Allow log on locally"
policy.
--->Please add the migrated user account and reboot the computer
--->to test the result.
--->
--->If the "Allow log on locally" policy is grayed out, it probably
inherits
--->from Domain or OU policy. Please modify "Allow log on locally" policy
on
--->the domain or OU where you define this policy.
--->
--->< if I logon to the Target DC as a user from the Target domain, then
logon
--->completed, but I get errors when trying to migrate.>
--->
--->[Morgan]:
--->
--->To further assist on this issue, please send me the migration log file
via
--->v-morche@microsoft.com . If there is any error message in Event log,
please
--->send me together.
--->
---><I've found that the "net local group administrators Target\UserID
/add"
--->worked in testing, but how I can get this command on every workstation
in
--->the source domain?>
--->
--->[Morgan]:
--->
--->We don't need to run this command on every workstation. In a domain
--->environment, by default, the domain admin belongs to local
administrator
--->group on member workstation. We just need to add a target Domain Admin
user
--->account to the Administrators of local built-in group in the source
domain,
--->when we log into the target server using this Domain Admin account from
the
--->target domain, we will have the corresponding permissions to 'move'
between
--->the target and source domain.
--->
---><I've already added Target\Domain Admins, and Target\UserID to the
--->Source\BuiltIn\Administrators group, but that didn't work.>
--->
--->[Morgan]:
--->
--->I recommend you refer to the following article firstly. To successfully
--->migrate computer account, not only we should grant the corresponding
--->permissions, but should we also perform other tasks, such as opening
audit,
--->enabling TcpipClientSupport etc.
--->
--->ADMT v3 Migration Guide
--->http://www.microsoft.com/downloads/d...99EF770-3BBB-4
B9E-
--->
--->A8BC-01E9F7EF7342&displaylang=en
--->
--->Hope this helps. If anything is unclear, please post back.
--->
--->
--->Sincerely
--->Morgan Che
--->Microsoft Online Support
--->Microsoft Global Technical Support Center
--->
--->Get Secure! - www.microsoft.com/security
--->=====================================================
--->When responding to posts, please "Reply to Group" via your newsreader
so
--->that others may learn and benefit from your issue.
--->=====================================================
--->This posting is provided "AS IS" with no warranties, and confers no
rights.
--->
--->
--->--------------------
--->--->From: thomasdietrich <thomasdietrich.39o13f@DoNotSpam.com>
--->--->Subject: Re: ADMT V3 has no right to migrate computers account from
NT4
--->to 2003
--->--->Date: Mon, 19 May 2008 21:44:03 +0530
--->--->Message-ID: <thomasdietrich.39o13f@DoNotSpam.com>
--->--->Organization: Computer Help - http://forums.techarena.in
--->--->User-Agent: vBulletin USENET gateway
--->--->X-Newsreader: vBulletin USENET gateway
--->--->X-Originating-IP: 66.195.135.194
--->--->References: <eMdjy1dmGHA.1552@TK2MSFTNGP04.phx.gbl>
--->--->Newsgroups: microsoft.public.windows.server.migration
--->--->NNTP-Posting-Host: hostname.techarena.in 207.58.143.175
--->--->Lines: 1
--->--->Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
--->--->Xref: TK2MSFTNGHUB02.phx.gbl
--->microsoft.public.windows.server.migration:3625
--->--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->--->
--->--->
--->I'm having similar trouble. I cannot logon to my Target DC using
--->credentials from the Source domain. It complains that "The local
--->policy of this system does not permit you to logon interactively".
--->However, if I logon to the Target DC as a user from the Target domain,
--->then logon completed, but I get errors when trying to migrate. I've
--->found that the "net localgroup administrators Target\UserID /add"
--->worked in testing, but how I can get this command on every workstation
--->in the source domain?
--->--->I've already added Target\Domain Admins, and Target\UserID to the
--->Source\BuiltIn\Administrators group, but that didn't work.
--->--->
--->--->Please advise,
--->--->Tom
--->
--->
--->--
--->thomasdietrich
--->------------------------------------------------------------------------
--->thomasdietrich's Profile:
http://forums.techarena.in/members/49810.htm
--->View this thread: ADMT V3 has no right to migrate computers account from NT4 to 2003
--->
--->http://forums.techarena.in
--->
--->--->
--->
--->

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "ADMT V3 has no right to migrate computers account from NT4 to 2003"
Thread Thread Starter Forum Replies Last Post
ADMT password migration between 2 2003 servers using Version 3.0 Craig B Windows Server Help 13 26-01-2012 09:58 PM
error using admt sbs 2003 McIntyre Small Business Server 4 17-07-2009 04:29 PM
Migrate server 2003 to new machine in site Stu Windows Server Help 10 22-11-2008 11:34 PM
ADMT 3.0: howto migrate roaming profiles? Franz Schenk Windows Server Help 3 13-08-2007 11:31 AM
Using ADMT to migrate computers Dan Active Directory 3 02-12-2004 03:48 PM


All times are GMT +5.5. The time now is 08:13 PM.