ADMT failure - "Access Denied"

J

Jim Hatfield

I am trying to use the Active Directory Migration Tool
to move users from an NT4 domain to an AD domain. Initially
I am trying to move just one user account.

ADMT is installed on my own PC, which runs XP Pro and is a
member of the AD domain. I log on as AD domain admin.

There is full two-way trust between the two domains.

The AD Domain Admins group is a member of the Administrators
local group on the NT DCs.

I elect to transfer user rights (which gets me a prompt for
the NT domain admin name and password). I select none of the
other optional checkboxes.

Everything goes fine right up to the last step. As soon as I
click Finish I get a dialog which says "Access Denied". That's
it - no other info.

Interestingly, if I repeat the process I instead get an error
that says an existing ADMT process is still running.

I could just create the users in the AD domain since there aren't
that many, but then they won't have any rights over resources in
the NT domain unless I recreate them - and what if I had thousands
of users, manual creation wouldn't be an option.
 
M

Mike D

I would think this would have better results if you ran this from the NT 4.0
PDC rather than a workstation on the network. Just a thought.
Mike D
 
J

Jim Hatfield

(top posting reversed)
These links maybe helpful to you too:

http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

http://support.microsoft.com/default.aspx?scid=kb;en-us;832221
Click to expand...

OK I went all the way through the first of these documents and
everything was OK until the last step:
Therefore, logging into the PDC that is the FSMO role holder in the target domain with the source domain\Administrator account suffices, assuming that the source domain\Domain Administrators group belongs to each computer's Administrators group.
Click to expand...

I was unable to log in using the source domain Admin account; the
error was that the source domain was "not available".

But how can it be "not available" when there is two-way trust and each
domain's Domain Admin's global group is a member of the other's
Administrators local group?

The Event Log has a NETLOGON event 5719: "No Windows NT or Windows 2000
Domain Controller is available for domain SOURCEDOMAIN. The following
error occurred: There are currently no logon servers available to
service the logon request" (in fact I see that error logged quite
often).

jim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ADMT Problems 1
ADMT v3 Access is Denied 2
Permissions Issue During NT4 to AD migration 3
ADMT Question 1
Questions about ADMT 1
ADMT error when migrating SIDHistory 0
Migration with ADMT 1
Security Translation using ADMT 2

Top