Migration using ADMT

[ping]

Hi,


I am new in ADMT. I am testing the ADMT for an upcoming migration
exercise.

Currently there are 2 domain in different forest. One Windows 2K domain
and another Win2003 domain. When I try to use the ADMT's User Account
Migration Wizard, the DNS of the source domain could not be resolved. I
installed ADMT on target migration domain DC.


Currently both domain have DNS server running on the DC(pointed back
using 127.0.0.1). Do I need to modify the DNS server of target domain
to point to the source domain(dynamic update is enabled)?

Thanks.

 

[Ace Fekay [MVP]]

In

Hi,


I am new in ADMT. I am testing the ADMT for an upcoming migration
exercise.

Currently there are 2 domain in different forest. One Windows 2K
domain and another Win2003 domain. When I try to use the ADMT's User
Account Migration Wizard, the DNS of the source domain could not be
resolved. I installed ADMT on target migration domain DC.


Currently both domain have DNS server running on the DC(pointed back
using 127.0.0.1). Do I need to modify the DNS server of target domain
to point to the source domain(dynamic update is enabled)?

Thanks.

ADMT uses NetBIOS resolution. As long as the forests are on the same subnet,
it should work by broadcasts.

As for the loopback (127.0.0.1), I would suggest to use the actual IP
address of the DNS server, which is itself in this case. What I've done in
past migrations, is create a secondary zone of each other's zone on each
other's DNS servers to faciliate coexistance between the two infrastructures
for DNS resolution, but for ADMT it's not necessary as long as NetBIOS name
resolution is supported between the source and target domains.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

Hi,


I am new in ADMT. I am testing the ADMT for an upcoming migration
exercise.

Currently there are 2 domain in different forest. One Windows 2K
domain and another Win2003 domain. When I try to use the ADMT's User
Account Migration Wizard, the DNS of the source domain could not be
resolved. I installed ADMT on target migration domain DC.


Currently both domain have DNS server running on the DC(pointed back
using 127.0.0.1). Do I need to modify the DNS server of target domain
to point to the source domain(dynamic update is enabled)?

Thanks.

Use the DNS management console on the Win2k3, right click on the server
name, choose properties, select the Forwarders tab, under DNS domain click
"Add", type in the DNS name of the Win2k domain, then add the IP of the
Win2k DNS server.

 

[ping]

Hi,

source domain: mossod.sln
target domain: topwork.pop

I am now able to use ADMT account migration. I have some problem with
the password migration(pwdmig) though.

I have added the registry key TcpipClientSupport and assigned value 1
to source domain DC(win2k - MOS).

I have ran ADMT KEY command in the target domain DC and save the
password key to floppy. I proceed to install pwdimg DLL package in
source domain(MOS) and ran the ADMT account migration in target domain
to migrate username with password. 2 way transitive trust has already
been created earlier.

I got this message "Unable to establish a session with password export
server. Everyone is not a member of the Pre-Windows 2000 Compatible
Access group in target domain 'topwork.pop' "

I have run the command:
net localgroup "pre-windows 2000 compatible devices" "anonymous logon"
/add
on the Win2003 Server which is the target domain.

Please help. For ADMT, should we run it in target domain DC(logon to
source domain)? I got an error unable to logon interactively.

thanks

 

[ping]

Hi,
I think I missed out this. How to make sure verify this?

In the Active Directory Users and Computers snap-in, verify permissions
on the PES server object. The PES requires that the “Pre-Windows
2000 Compatible Access” group has “Read All
Properties” rights on the following object:
CN=Server,CN=System,DC=<domain_name>

 

[Ace Fekay [MVP]]

In

Hi,
I think I missed out this. How to make sure verify this?

In the Active Directory Users and Computers snap-in, verify
permissions on the PES server object. The PES requires that the
“Pre-Windows 2000 Compatible Access” group has
“Read All Properties” rights on the following object:
CN=Server,CN=System,DC=<domain_name>

You can use ADSI Edit to check or set this command. Are you familiar with
ADSI Edit?

As for running ADMT from source or target, I would run it from the target.
After creating the trust, make sure you've added the Domain Users group to
the Domain Local Group to each other's domain, as well as the Domain
Administrators Group to the Domain Local Administrators group to each
other's domain.

Ace