how can we migrate 2000 to 2003 without rejoin user to new domain

[melcy]

i'm doing the migration from 2000 to 2003 and i'e already migrate users' and groups' account. do we still need to rejoin computer to new domain even we've migrated the computer account to 2003/ is there any way to prevent rejoin domain /

Hello,

Thanks for your post.

Based on my research, you needn't rejoin computer to new domain if you have
already run the "Computer Migration Wizard" in ADMT.

During running the "Computer Migration Wizard", you need to keep all
clients' machine that you want to migrate running. And after migration,
all the clients should restart to take the migration effect. During
migration it dispatches an agent to each computer being migrated. The agent
will restart each computer after the computers join the target domain.
However, for down-level machine such as win98, you need manually restart
the client so that win98 can join to the new domain.

We recommend migrate the groups and user objects in the following order and
please refer to the following article:

Migration of a Windows NT 4.0 Account Domain to Active Directory
http://www.microsoft.com/technet/pro...eploy/cookbook
/cookchp9.mspx

The accounts and objects migration sequence have been addressed in Figure
9.8

For more information about ADMT:

Active Directory Migration Tool Overview
http://www.microsoft.com/windows2000...directory/admt.
asp

[melcy]

hello,
thanks for your reply


*During running the "Computer Migration Wizard", you need to keep all
clients' machine that you want to migrate running.
A. You mean that all client machine should shut down during the 'computer migration wizard'/ And clients restart again after the migration /
so clients do not need to rejoin domain manually totally and we can demote the old server after that right/

[melcy]

Hi Amanda
Sorry .....i misunderstood what you hace told me before so please skip the question i asked at the last post.

Thank You Very Much

Bst Rgrd,
Melcy

Hello,

Thanks for your update and let me know your concern.

There may be some misunderstanding between us.

I mean that when you perform migration, you need to keep all client machine
up and running NOT shut down them. After finishing computer migration,
client machines will restart automatically and join to the new domain.
Only for those down-level machine such as win98, you need manually restart
the client so that win98 can join to the new domain.

Therefore, they needn't rejoin domain manually and then you can demote the
old server.

If there is anything unclear, please feel free to let me know.

[melcy]

hi Amanda,
when i do the computer account migration, on the dispacthed view display that agent installation failed and the log file was written as below
2005-05-12 17:01:08 Installing agent on 1 servers
2005-05-12 17:01:08 The Active Directory Migration Tool Agent will be installed on \\comp-test.testing.corp
2005-05-12 17:01:08 ERR2:7625 Unable to connect to \\comp-test.testing.corp\ADMIN$. The machine might be down or its Server, Netlogon service might not be started. rc=1722 The RPC server is unavailable.
2005-05-12 17:01:08 ERR2:7014 The Active Directory Migration Tool Agent Service on \\comp-test.testing.corp did not start. See the application log on \\comp-test.testing.corp for details.
2005-05-12 17:01:09 All agents are installed. The dispatcher is finished.

i can't connect \\comp-test.testing.corp\ADMIN$ but i can connect with its ip address \\192.168.100.1\ADMIN$ or just its computername \\comp-test\ADMIN$
is it the problem that cause the migration failed/ then how to solve it/

[melcy]

Hi Amanda,

Here is some additional. Is the error message that i showed above is because of windows 2000 can't translate the domain admins of windows 2003 / Here is the message when i opened up the member tab of win 2000 builtin,
**Some of the object names cannot be shown in their user-friendly form. This can happen if the object is from an external domain and that domain is not available to translate the object's name.**

Such kind of problem didn't happen in win 2003.

Hi Melcy,

Thanks for your update.

You encountered the following error when migrating computer account:

2005-05-12 17:01:08 ERR2:7625 Unable to connect
to\\comp-test.testing.corp\ADMIN$. The machine might be down or its Server,
Netlogon service might not be started. rc=1722 The RPC server is
unavailable.
2005-05-12 17:01:08 ERR2:7014 The Active Directory Migration Tool
AgentService on \\comp-test.testing.corp did not start. See the
applicationlog on \\comp-test.testing.corp for details.

And you found that you can't connect \\comp-test.testing.corp\ADMIN$ but
can connect with its ip address \\192.168.100.1\ADMIN$ or just its
computername\\comp-test\ADMIN$.

Based on my research, first, you need to confirm the netlogon and RPC
services have been started.

Second, I found a related KB article as following and there is a workaround
and hotfix in it:

Active Directory Migration Tool Version 2 Uses the DNS Name to Resolve the
IP Address
http://support.microsoft.com/default...b;en-us;823735

Third, perform the following steps:

1. File and Print sharing must be installed and enabled on every client to
be migrated.
2. The following registry key (WINREG) on each workstation MUST be deleted:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

Fourth, send the MPSReport to me as following:

a. Visit
http://download.microsoft.com/downlo...5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE. to download the file.
b. Run the MPSRPT_NETWORK.EXE
c. Wait for 10~15 minutes.
d. Open Windows explorer, navigate to
%SYSTEMROOT%\MPSReports\Network\Reports\cab\
e. Send the .cab file directly to me.

[melcy]

Hi Amanda,

**Based on my research, first, you need to confirm the netlogon and RPC
services have been started.
A. the netlogon and RPC have already been started.

**Second, I found a related KB article as following and there is a workaround
and hotfix in it:
Active Directory Migration Tool Version 2 Uses the DNS Name to Resolve the
IP Address
http://support.microsoft.com/default...b;en-us;823735

**Third, perform the following steps:

1. File and Print sharing must be installed and enabled on every client to
be migrated.
2. The following registry key (WINREG) on each workstation MUST be deleted:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
A. I have deleted registry key of one of the client machine. Then i did the migration , but it was failed.

**Fourth, send the MPSReport to me as following:
a. Visit
http://download.microsoft.com/downlo...5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE. to download the file.
b. Run the MPSRPT_NETWORK.EXE
c. Wait for 10~15 minutes.
d. Open Windows explorer, navigate to
%SYSTEMROOT%\MPSReports\Network\Reports\cab\
e. Send the .cab file directly to me.

Should i do all the step or just choose the most effective one/
Where should i install the hotfix, 2000 or 2003/
I send you the cab file of 2000 and 2003.

[melcy]

Hello,

Thanks for your update and I don't know why I haven't received the MPS
Report you have mentioned. Could you send them to me at
v-amanwa@microsoft.com again if it is convenient for you?

About the question of where to install the hotfix, at the end of the
article have mentioned that:

Note To install this hotfix on Windows 2000-based computers or on Windows
XP-based computers that are running ADMT 2.0, extract the hotfix by using
the /x switch. Next, copy Mcsdispatcher.exe to the ADMT install directory.
For example, copy Mcsdispatcher.exe to C:\Program Files\Active Directory
Migration Tool.

[melcy]

Hi Amanda,
Thanks for your reply, it is so helpful.
About where to install the hotfix, can i install it at windows server 2003/ Because my ADMTwas installed at server 2003.
The MPS report was attached in last post, but i will send thru your email too.

[melcy]

Hi Amanda,
It wasn;t because of test mode. It was really couldn't change the domain automatically and also didn't reboot by itself. I did success once, the domain changed automatically after it rebooted by itself. Can you please tell me what is the problem and how to solve it/

Hello Melly,

Thanks for your update.

The following error is really caused by running the ADMTv2 in test mode and
the computer account migration task will succeed when you run ADMTv2 in
normal mode and changes are actually written:

ERR3:7075 Failed to change domain affiliation, hr=800706fb The security
database on the server does not have a computer account for this
workstation trust relationship.

You can refer to the following KB article to see the detailed information:

828261 "ERR3:7075 Failed to change domain affiliation, hr=800706fb" error
when
http://support.microsoft.com/?id=828261

Meanwhile, based on my further research, the previous issue should be
caused by name resolution. You can try the following two suggestions to
troubleshoot the issue:

Suggestion1: Fixed reg hive, logged in as Domain Admin and more
importantly, fixed DNS so that the domains could be queried properly.

1: Add the LOCAL SERVICE group to the permissions of the following registry
key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

Logged in on Target DC as Source ADMIN.

2: Logged into ADMT system as a member of the Domain Admins from Source
domain.

Go through articles
http://support.microsoft.com/default...&Product=win20
00

Trusts are in place.
Global Domain Admins from Target is part of Source Domain Local
Administrators
Global Domain Admins from Source is part of Target Domain Local
Administrators
Local group in source domain called SEWALL$$$ exists. No members in it.
Auditing is set up in both source and target accounts.
Administrative rights on each computer we're trying to migrate.
RPC is working fine. We can access client computer admin shares.
Regkey HKLM\System\CurrentControlSet\Control\LSA\TcpipClientSupport is set
to 1 according to article.

3: To check if DNS was working properly between the two domains. Either
we needed delegations, Secondary zones or conditional forwarding set up.
We need to set up secondary zones that pointed to the other DNS servers for
primary zones. To confirm the following:

a. If Source DNS had a primary zone for the Target domain
b. If Target DNS server had a primary zone for the Source domain
c. Changed zones on each DNS server to be secondary zones of each other's
Primary zones
d. Set zone transfers to transfer to each other.
e. Refreshed DNS and _Records showed up on each DNS Server.

Suggestion2: If the issue persists, I suggest you use a LMHOST file to
resolve the name resolution issue. Please refer to the following KB to
create a LMHOSTS file for name resolution and check whether the problem can
be resolved:

180094 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=180094

Note: Please note that there must be a total of 20 characters within the
quotations. If you are not sure on this, please send me your LMHOSTS file
and I will double-check it for you.

I have received your MPS Report in my E-mail. However, I don't know why in
the file it only contains two files in it and the information is not
integrated. Also I have checked the MPS Report which you have attached in
the last post. The information is as following:

|Filename: cab file.rar |
|Download: http://forums.techarena.in/attachment.php?attachmentid=5712|

I log on the download address. However, it asks me to log in by using a
user name and password or register.

Therefore, I still cannot perform further research by using MPS Report. If
the issue persists after performing the steps above, please perform the
collection steps step by step as following and help me collect the network
MPS Report again. Thanks.

a. Visit
http://download.microsoft.com/downlo...5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE. to download the file.
b. Run the MPSRPT_NETWORK.EXE
c. Wait for 10~15 minutes.
d. Open Windows explorer, navigate to
%SYSTEMROOT%\MPSReports\Network\Reports\cab\
e. Send the .cab file directly to me at v-amanwa@microsoft.com.

[melcy]

Hi Amanda,
Sorry for sending wrong files to you. I've sent you the correct and complete one via email. Thank You for your help, it means too much. I can migrated computer account now but with creating new host files for every user is really troublesome. We have a hundred computer here, so i need to create a hundred host files too. As what has mentioned in http://support.microsoft.com/default...b;en-us;823735, what is the what is the difference between group and user migration at account domain walkthrough and resource domain walkthrough/