movetree error 0x54f

H

H Cant

I am in the process of moving users from a child domain (ie
child.domain.com) into the parent domain (ie domain.com) and am having mixed
results. Many users migrate without any problems at all, whilst others
refuse to budge

The error I get from the problem accounts is as follows:
ERROR: 0x54f An internal error occurred.

MoveTree cross domain move failed. The extended error is 0000054F: SvcErr:
DSID-031B02E2, problem 5003 (WILL_NOT_PERFORM), data 0
I have found that all the accounts that refuse to migrate have a lockouttime
value of 0, whilst those that are happy to move have a value of <not set>.

The environment is all Windows 2000 SP4 (ie source + destination domains as
well as the computer where the movetree command is being issued from) and
running in native mode; the movetree command is being issued from the parent
domain by an enterprise administrator.

I have been googling this issue relentlessly for a few days now, and haven't
found a solution - is anyone able to shed any light on this problem for me?

Regards
Hamish Cant
MCSE, MCP+!
 
H

Herb Martin

Have you verified what accountlockout=0 means?

It means that account will never be locked out due to
bad passwords.
 
H

Herb Martin

The error I get from the problem accounts is as follows:
ERROR: 0x54f An internal error occurred.
Click to expand...

I don't know the error in question but have your considered
ADMTv2 for the move -- or do you have some specific
reason for using MoveTree (technically it should work and
it may even be able to handle one or two cases that ADMT
cannot.)

Lockout or not would seem to have no major effect on such
moves -- unless it is in fact some bug.
 
D

Dmitri Gavrilov [MSFT]

You nailed the problem -- lockoutTime prevents the xdom move. ADMT would get
the same error. The fix will be in SP5. Is this is blocking you, you can ask
for a private build that fixes this problem. Call PSS and say that you are
getting this error. You can quite these numbers: WinSE 98274,
SOX040503700056, SOX040510700092. I see that the fix was checked in ~3 weeks
ago, but I cannot tell if they've built a qfe with this fix.

--
Dmitri Gavrilov
SDE, DS Admin eXperience

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
J

Joe Richards [MVP]

Nope, it just means an account was once locked and then got unlocked either with
a successful logon or someone cleared the lockout.
 
C

Cary Shultz [A.D. MVP]

I see that Joe R supplied the answer. I was trying to push the poster into
finding the answer on what that meant and then how to fix it...Looks like
Dmitri did that!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



Herb Martin said:
Have you verified what accountlockout=0 means?
Click to expand...

It means that account will never be locked out due to
bad passwords.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Click to expand...
 
H

H Cant

Thanks for all the replies, it looks like I'm getting closer to a resolution
of this issue

Dmitri
Thank you for the info
I will chase this down with Microsoft PSS and see if they can arrange a
'fix' for us

Cary re: lockoutime
lockouttime=0 means that the account has been locked out and then unlocked
by the admin
I'm not aware of an accountlockout value

Herb re: ADMT
I used MoveTree because its the simplest tool for moving OUs and groups
between domains in the same forest
It mostly works very well, except for the issues I'm facing at the moment

Thanks again,
Hamish Cant
MCSE, MCP+I
 
H

H Cant

Followup information:

There is a hotfix for this issue which is only available by request
The relevant KB article is 841819 (http://support.microsoft.com/kb/841819)
Please note that although the workaraound described in the article is the
very problem we were encountering, the hotfix does resolve the cross
domain/lockouttime problem

Thanks for everyone's assistance

Regards
Hamish Cant
MCSE, MCP+I
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Movetree error 1
Movetree 4
movetree errors out 2
Movetree error 2
MoveTree 0
problem 5003 (WILL_NOT_PERFORM) 0
Transfer Schema failing with weird error 1
Seize Domain Naming Master 2

Top