ADMT V3 has no right to migrate computers account from NT4 to 2003

[beemer]

I'm trying to migrate a test computer account from NT4 domain to AD2003 and
always get the same error:
2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
installed on pc_test_migraci
2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
\\pc_test_migraci is unknown, Error accessing registry key
SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
Access is denied.
2006-06-27 13:17:21 ERR2:7006 Failed to install agent on \\pc_test_migraci,
rc=5 Access is denied.
2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the machine
'pc_test_migraci'. Make sure the share exists and the account running ADMT
is a member of local administrators group on the machine 'pc_test_migraci'.
hr=0x80070005. Access is denied.

Obiously the computer to be migrated has only SourceDomain\Domain Admins
included on its administrator local group. The error says that I've to
include DestinationDomain\Domain Admins also, but how can I do it in
unnatended mode and 200 computers distributed in several cities?

I thought on a command line, but the users that logon on the computers are
normal users and have no rights to execute a net localgrou administrators
"DestinationDomain\Domain Admins" /add command.

I've added DestinationDomain\Domain Admins to the
SourceDomain\Administrators group but this group isn't in the local computer
administrator group either, and of course it did't work.

I imagine that there will be a simple and obvious solution to this issue,
but I cannot find it. Any ideas?

Thanks

[Vincent Xu [MSFT]]

Hi,

1. Check if you logged in to the target domain (XYZ.com) root DC with the
Administrator account of the source domain (ABC.com) and now migrated the
computer accounts.

2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS

3. added the LOCAL SERVICE group to the permissions of the following
regisry
key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
nreg

4. You can use a script net localgroup administrators <account> /add to add
the appropriate account to the administrators group:



Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>From: "beemer" <beemer(antispam)@teleline.es>
>>Subject: ADMT V3 has no right to migrate computers account from NT4 to
2003
>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>Lines: 36
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <[email protected]>
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net
80.28.13.152
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24255
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>I'm trying to migrate a test computer account from NT4 domain to AD2003
and
>>always get the same error:
>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>installed on pc_test_migraci
>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>\\pc_test_migraci is unknown, Error accessing registry key
>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>Access is denied.
>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on
\\pc_test_migraci,
>>rc=5 Access is denied.
>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the
machine
>>'pc_test_migraci'. Make sure the share exists and the account running
ADMT
>>is a member of local administrators group on the machine
'pc_test_migraci'.
>>hr=0x80070005. Access is denied.
>>
>>Obiously the computer to be migrated has only SourceDomain\Domain Admins
>>included on its administrator local group. The error says that I've to
>>include DestinationDomain\Domain Admins also, but how can I do it in
>>unnatended mode and 200 computers distributed in several cities?
>>
>>I thought on a command line, but the users that logon on the computers
are
>>normal users and have no rights to execute a net localgrou administrators
>>"DestinationDomain\Domain Admins" /add command.
>>
>>I've added DestinationDomain\Domain Admins to the
>>SourceDomain\Administrators group but this group isn't in the local
computer
>>administrator group either, and of course it did't work.
>>
>>I imagine that there will be a simple and obvious solution to this issue,
>>but I cannot find it. Any ideas?
>>
>>Thanks
>>
>>
>>
>>
>>

[beemer]

Thanks for your answer Vicent.
I have followed your advice 1 but not in the DC but in a member server and
it worked for the testing computer.
Tomorrow I'll start to migrate real computers and hope all works OK ;)

Regards

Beemer




"Vincent Xu [MSFT]" <[email protected]> escribió en el mensaje
news:[email protected]...
> Hi,
>
> 1. Check if you logged in to the target domain (XYZ.com) root DC with the
> Administrator account of the source domain (ABC.com) and now migrated the
> computer accounts.
>
> 2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
> and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS
>
> 3. added the LOCAL SERVICE group to the permissions of the following
> regisry
> key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
> nreg
>
> 4. You can use a script net localgroup administrators <account> /add to
> add
> the appropriate account to the administrators group:
>
>
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> ======================================================
> Get Secure! - www.microsoft.com/security
> ======================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others
> may learn and benefit from this issue.
> ======================================================
> This posting is provided "AS IS" with no warranties,and confers no rights.
> ======================================================
>
>
>
> --------------------
>>>From: "beemer" <beemer(antispam)@teleline.es>
>>>Subject: ADMT V3 has no right to migrate computers account from NT4 to
> 2003
>>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>>Lines: 36
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <[email protected]>
>>>Newsgroups: microsoft.public.windows.server.migration
>>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net
> 80.28.13.152
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.migration:24255
>>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>>
>>>I'm trying to migrate a test computer account from NT4 domain to AD2003
> and
>>>always get the same error:
>>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>>installed on pc_test_migraci
>>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>>\\pc_test_migraci is unknown, Error accessing registry key
>>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>>Access is denied.
>>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on
> \\pc_test_migraci,
>>>rc=5 Access is denied.
>>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the
> machine
>>>'pc_test_migraci'. Make sure the share exists and the account running
> ADMT
>>>is a member of local administrators group on the machine
> 'pc_test_migraci'.
>>>hr=0x80070005. Access is denied.
>>>
>>>Obiously the computer to be migrated has only SourceDomain\Domain Admins
>>>included on its administrator local group. The error says that I've to
>>>include DestinationDomain\Domain Admins also, but how can I do it in
>>>unnatended mode and 200 computers distributed in several cities?
>>>
>>>I thought on a command line, but the users that logon on the computers
> are
>>>normal users and have no rights to execute a net localgrou administrators
>>>"DestinationDomain\Domain Admins" /add command.
>>>
>>>I've added DestinationDomain\Domain Admins to the
>>>SourceDomain\Administrators group but this group isn't in the local
> computer
>>>administrator group either, and of course it did't work.
>>>
>>>I imagine that there will be a simple and obvious solution to this issue,
>>>but I cannot find it. Any ideas?
>>>
>>>Thanks
>>>
>>>
>>>
>>>
>>>
>

[Vincent Xu [MSFT]]

Hi,

Glad to provide assistance. Remember, you must run admt on DC to migrate AD
Objects.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
>>From: "beemer" <beemer(antispam)@teleline.es>
>>References: <[email protected]>
<[email protected]>
>>Subject: Re: ADMT V3 has no right to migrate computers account from NT4
to 2003
>>Date: Wed, 28 Jun 2006 17:32:22 +0200
>>Lines: 118
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>X-RFC2646: Format=Flowed; Original
>>Message-ID: <[email protected]>
>>Newsgroups: microsoft.public.windows.server.migration
>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net
80.28.13.152
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24266
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>Thanks for your answer Vicent.
>>I have followed your advice 1 but not in the DC but in a member server
and
>>it worked for the testing computer.
>>Tomorrow I'll start to migrate real computers and hope all works OK ;)
>>
>>Regards
>>
>>Beemer
>>
>>
>>
>>
>>"Vincent Xu [MSFT]" <[email protected]> escribi?en el mensaje
>>news:[email protected]...
>>> Hi,
>>>
>>> 1. Check if you logged in to the target domain (XYZ.com) root DC with
the
>>> Administrator account of the source domain (ABC.com) and now migrated
the
>>> computer accounts.
>>>
>>> 2. Check if you added a secondary zone on the Nt4 DNS for the 2K domain
>>> and on the 2K DNS add secondary DNs zones for the zones on the NT4 DNS
>>>
>>> 3. added the LOCAL SERVICE group to the permissions of the following
>>> regisry
>>>
key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\wi
>>> nreg
>>>
>>> 4. You can use a script net localgroup administrators <account> /add to
>>> add
>>> the appropriate account to the administrators group:
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Vincent Xu
>>> Microsoft Online Partner Support
>>>
>>> ======================================================
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> When responding to posts, please "Reply to Group" via your newsreader so
>>> that others
>>> may learn and benefit from this issue.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties,and confers no
rights.
>>> ======================================================
>>>
>>>
>>>
>>> --------------------
>>>>>From: "beemer" <beemer(antispam)@teleline.es>
>>>>>Subject: ADMT V3 has no right to migrate computers account from NT4 to
>>> 2003
>>>>>Date: Tue, 27 Jun 2006 13:33:04 +0200
>>>>>Lines: 36
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>Message-ID: <[email protected]>
>>>>>Newsgroups: microsoft.public.windows.server.migration
>>>>>NNTP-Posting-Host: 80-28-13-152.adsl.nuria.telefonica-data.net
>>> 80.28.13.152
>>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
>>>>>Xref: TK2MSFTNGXA01.phx.gbl
>>> microsoft.public.windows.server.migration:24255
>>>>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>>>>
>>>>>I'm trying to migrate a test computer account from NT4 domain to AD2003
>>> and
>>>>>always get the same error:
>>>>>2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
>>>>>installed on pc_test_migraci
>>>>>2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
>>>>>\\pc_test_migraci is unknown, Error accessing registry key
>>>>>SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
>>>>>Access is denied.
>>>>>2006-06-27 13:17:21 ERR2:7006 Failed to install agent on
>>> \\pc_test_migraci,
>>>>>rc=5 Access is denied.
>>>>>2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the
>>> machine
>>>>>'pc_test_migraci'. Make sure the share exists and the account running
>>> ADMT
>>>>>is a member of local administrators group on the machine
>>> 'pc_test_migraci'.
>>>>>hr=0x80070005. Access is denied.
>>>>>
>>>>>Obiously the computer to be migrated has only SourceDomain\Domain
Admins
>>>>>included on its administrator local group. The error says that I've to
>>>>>include DestinationDomain\Domain Admins also, but how can I do it in
>>>>>unnatended mode and 200 computers distributed in several cities?
>>>>>
>>>>>I thought on a command line, but the users that logon on the computers
>>> are
>>>>>normal users and have no rights to execute a net localgrou
administrators
>>>>>"DestinationDomain\Domain Admins" /add command.
>>>>>
>>>>>I've added DestinationDomain\Domain Admins to the
>>>>>SourceDomain\Administrators group but this group isn't in the local
>>> computer
>>>>>administrator group either, and of course it did't work.
>>>>>
>>>>>I imagine that there will be a simple and obvious solution to this
issue,
>>>>>but I cannot find it. Any ideas?
>>>>>
>>>>>Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>
>>
>>

[Saqib Sultan Khan]

As you have a trust relationship, logon to the Win2k3 domain using the admin
account of the NT4 domain and than run the ADMT. I was having the same
problem and i just tried this method and it's works well.

"beemer" wrote:

> I'm trying to migrate a test computer account from NT4 domain to AD2003 and
> always get the same error:
> 2006-06-27 13:15:48 The Active Directory Migration Tool Agent will be
> installed on pc_test_migraci
> 2006-06-27 13:17:21 WRN1:7290 Processor architecture for machine
> \\pc_test_migraci is unknown, Error accessing registry key
> SYSTEM\CurrentControlSet\Control\Session Manager\Environment rc=5
> Access is denied.
> 2006-06-27 13:17:21 ERR2:7006 Failed to install agent on \\pc_test_migraci,
> rc=5 Access is denied.
> 2006-06-27 13:17:21 ERR2:7667 Unable to access ADMIN$ share on the machine
> 'pc_test_migraci'. Make sure the share exists and the account running ADMT
> is a member of local administrators group on the machine 'pc_test_migraci'.
> hr=0x80070005. Access is denied.
>
> Obiously the computer to be migrated has only SourceDomain\Domain Admins
> included on its administrator local group. The error says that I've to
> include DestinationDomain\Domain Admins also, but how can I do it in
> unnatended mode and 200 computers distributed in several cities?
>
> I thought on a command line, but the users that logon on the computers are
> normal users and have no rights to execute a net localgrou administrators
> "DestinationDomain\Domain Admins" /add command.
>
> I've added DestinationDomain\Domain Admins to the
> SourceDomain\Administrators group but this group isn't in the local computer
> administrator group either, and of course it did't work.
>
> I imagine that there will be a simple and obvious solution to this issue,
> but I cannot find it. Any ideas?
>
> Thanks
>
>
>
>
>

[thomasdietrich]

I'm having similar trouble. I cannot logon to my Target DC using credentials from the Source domain. It complains that "The local policy of this system does not permit you to logon interactively". However, if I logon to the Target DC as a user from the Target domain, then logon completed, but I get errors when trying to migrate. I've found that the "net localgroup administrators Target\UserID /add" worked in testing, but how I can get this command on every workstation in the source domain?
I've already added Target\Domain Admins, and Target\UserID to the Source\BuiltIn\Administrators group, but that didn't work.

Please advise,
Tom

[Morgan che]

Hi,

Thanks for posting here.

< I cannot logon to my Target DC using credentials from the Source domain.
It complains that "The local policy of this system does not permit you to
logon interactively">

[Morgan]:

To avoid "The local policy of this system does not permit you to logon
interactively" message, please perform the below steps:

1. Please log on the problematic computer. Click Start and choose Run.

2. Type "gpedit.msc" and click OK.

3. In the "Group Policy" window, double click on "Windows Settings" under
"Computer Configuration".

4. Double click on "Security Settings".

5. Double click on "Local Policies" and choose "User Rights Assignment".

6. In the right panel, double click on the "Allow log on locally" policy.
Please add the migrated user account and reboot the computer
to test the result.

If the "Allow log on locally" policy is grayed out, it probably inherits
from Domain or OU policy. Please modify "Allow log on locally" policy on
the domain or OU where you define this policy.

< if I logon to the Target DC as a user from the Target domain, then logon
completed, but I get errors when trying to migrate.>

[Morgan]:

To further assist on this issue, please send me the migration log file via
[email protected] . If there is any error message in Event log, please
send me together.

<I've found that the "net local group administrators Target\UserID /add"
worked in testing, but how I can get this command on every workstation in
the source domain?>

[Morgan]:

We don't need to run this command on every workstation. In a domain
environment, by default, the domain admin belongs to local administrator
group on member workstation. We just need to add a target Domain Admin user
account to the Administrators of local built-in group in the source domain,
when we log into the target server using this Domain Admin account from the
target domain, we will have the corresponding permissions to 'move' between
the target and source domain.

<I've already added Target\Domain Admins, and Target\UserID to the
Source\BuiltIn\Administrators group, but that didn't work.>

[Morgan]:

I recommend you refer to the following article firstly. To successfully
migrate computer account, not only we should grant the corresponding
permissions, but should we also perform other tasks, such as opening audit,
enabling TcpipClientSupport etc.

ADMT v3 Migration Guide
http://www.microsoft.com/downloads/d...770-3BBB-4B9E-

A8BC-01E9F7EF7342&displaylang=en

Hope this helps. If anything is unclear, please post back.


Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->From: thomasdietrich <[email protected]>
--->Subject: Re: ADMT V3 has no right to migrate computers account from NT4
to 2003
--->Date: Mon, 19 May 2008 21:44:03 +0530
--->Message-ID: <[email protected]>
--->Organization: Computer Help - http://forums.techarena.in
--->User-Agent: vBulletin USENET gateway
--->X-Newsreader: vBulletin USENET gateway
--->X-Originating-IP: 66.195.135.194
--->References: <[email protected]>
--->Newsgroups: microsoft.public.windows.server.migration
--->NNTP-Posting-Host: hostname.techarena.in 207.58.143.175
--->Lines: 1
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3625
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->
I'm having similar trouble. I cannot logon to my Target DC using
credentials from the Source domain. It complains that "The local
policy of this system does not permit you to logon interactively".
However, if I logon to the Target DC as a user from the Target domain,
then logon completed, but I get errors when trying to migrate. I've
found that the "net localgroup administrators Target\UserID /add"
worked in testing, but how I can get this command on every workstation
in the source domain?
--->I've already added Target\Domain Admins, and Target\UserID to the
Source\BuiltIn\Administrators group, but that didn't work.
--->
--->Please advise,
--->Tom


--
thomasdietrich
------------------------------------------------------------------------
thomasdietrich's Profile: http://forums.techarena.in/member.php?userid=49810
View this thread: http://forums.techarena.in/showthread.php?t=540707

http://forums.techarena.in

--->

[Morgan che]

Hi,

How are you?

I am writing to see if you have any update about this post. If my
suggestion is helpful or you
have solved this ssue, please feel free to let me know.
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->X-Tomcat-ID: 74848826
--->References: <[email protected]>
<[email protected]>
--->MIME-Version: 1.0
--->Content-Type: text/plain
--->Content-Transfer-Encoding: 7bit
--->From: [email protected] (Morgan che(MSFT))
--->Organization: Microsoft
--->Date: Tue, 20 May 2008 07:53:24 GMT
--->Subject: Re: ADMT V3 has no right to migrate computers account from NT4
to 2003
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->Message-ID: <[email protected]>
--->Newsgroups: microsoft.public.windows.server.migration
--->Lines: 125
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3632
--->NNTP-Posting-Host: TOMCATIMPORT3 10.201.220.210
--->
--->Hi,
--->
--->Thanks for posting here.
--->
--->< I cannot logon to my Target DC using credentials from the Source
domain.
--->It complains that "The local policy of this system does not permit you
to
--->logon interactively">
--->
--->[Morgan]:
--->
--->To avoid "The local policy of this system does not permit you to logon
--->interactively" message, please perform the below steps:
--->
--->1. Please log on the problematic computer. Click Start and choose Run.
--->
--->2. Type "gpedit.msc" and click OK.
--->
--->3. In the "Group Policy" window, double click on "Windows Settings"
under
--->"Computer Configuration".
--->
--->4. Double click on "Security Settings".
--->
--->5. Double click on "Local Policies" and choose "User Rights Assignment".
--->
--->6. In the right panel, double click on the "Allow log on locally"
policy.
--->Please add the migrated user account and reboot the computer
--->to test the result.
--->
--->If the "Allow log on locally" policy is grayed out, it probably
inherits
--->from Domain or OU policy. Please modify "Allow log on locally" policy
on
--->the domain or OU where you define this policy.
--->
--->< if I logon to the Target DC as a user from the Target domain, then
logon
--->completed, but I get errors when trying to migrate.>
--->
--->[Morgan]:
--->
--->To further assist on this issue, please send me the migration log file
via
--->[email protected] . If there is any error message in Event log,
please
--->send me together.
--->
---><I've found that the "net local group administrators Target\UserID
/add"
--->worked in testing, but how I can get this command on every workstation
in
--->the source domain?>
--->
--->[Morgan]:
--->
--->We don't need to run this command on every workstation. In a domain
--->environment, by default, the domain admin belongs to local
administrator
--->group on member workstation. We just need to add a target Domain Admin
user
--->account to the Administrators of local built-in group in the source
domain,
--->when we log into the target server using this Domain Admin account from
the
--->target domain, we will have the corresponding permissions to 'move'
between
--->the target and source domain.
--->
---><I've already added Target\Domain Admins, and Target\UserID to the
--->Source\BuiltIn\Administrators group, but that didn't work.>
--->
--->[Morgan]:
--->
--->I recommend you refer to the following article firstly. To successfully
--->migrate computer account, not only we should grant the corresponding
--->permissions, but should we also perform other tasks, such as opening
audit,
--->enabling TcpipClientSupport etc.
--->
--->ADMT v3 Migration Guide
--->http://www.microsoft.com/downloads/d...99EF770-3BBB-4
B9E-
--->
--->A8BC-01E9F7EF7342&displaylang=en
--->
--->Hope this helps. If anything is unclear, please post back.
--->
--->
--->Sincerely
--->Morgan Che
--->Microsoft Online Support
--->Microsoft Global Technical Support Center
--->
--->Get Secure! - www.microsoft.com/security
--->=====================================================
--->When responding to posts, please "Reply to Group" via your newsreader
so
--->that others may learn and benefit from your issue.
--->=====================================================
--->This posting is provided "AS IS" with no warranties, and confers no
rights.
--->
--->
--->--------------------
--->--->From: thomasdietrich <[email protected]>
--->--->Subject: Re: ADMT V3 has no right to migrate computers account from
NT4
--->to 2003
--->--->Date: Mon, 19 May 2008 21:44:03 +0530
--->--->Message-ID: <[email protected]>
--->--->Organization: Computer Help - http://forums.techarena.in
--->--->User-Agent: vBulletin USENET gateway
--->--->X-Newsreader: vBulletin USENET gateway
--->--->X-Originating-IP: 66.195.135.194
--->--->References: <[email protected]>
--->--->Newsgroups: microsoft.public.windows.server.migration
--->--->NNTP-Posting-Host: hostname.techarena.in 207.58.143.175
--->--->Lines: 1
--->--->Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
--->--->Xref: TK2MSFTNGHUB02.phx.gbl
--->microsoft.public.windows.server.migration:3625
--->--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->--->
--->--->
--->I'm having similar trouble. I cannot logon to my Target DC using
--->credentials from the Source domain. It complains that "The local
--->policy of this system does not permit you to logon interactively".
--->However, if I logon to the Target DC as a user from the Target domain,
--->then logon completed, but I get errors when trying to migrate. I've
--->found that the "net localgroup administrators Target\UserID /add"
--->worked in testing, but how I can get this command on every workstation
--->in the source domain?
--->--->I've already added Target\Domain Admins, and Target\UserID to the
--->Source\BuiltIn\Administrators group, but that didn't work.
--->--->
--->--->Please advise,
--->--->Tom
--->
--->
--->--
--->thomasdietrich
--->------------------------------------------------------------------------
--->thomasdietrich's Profile:
http://forums.techarena.in/member.php?userid=49810
--->View this thread: http://forums.techarena.in/showthread.php?t=540707
--->
--->http://forums.techarena.in
--->
--->--->
--->
--->