I'm officially pulling my hair out on this one... I'm hoping someone can be me some enlightenment
At Easter we're moving our network to W2k8, on brand-spanking new servers. Our current network has 3 DCs - a W2k server as the FSMO holder, a W2k3 and a W2k3R2 box. Previously the network was CC3, and the reminisce of RM's schema updates, etc. remains. So I've decided to do a ADMT move to a new W2k8 only forest.
I've got the new infrastructure setup virtually at the moment so I can test methods for the final move. ADMT is installed on the target DC, PES on the source DC, the necessary registry changes applied, a trust created (...that APPEARED to work...), source admins added to the target admins group, and visa versa, PES certificate done & installed.
Come to test the PES move, and the ADMT can't talk to the PES move. Come to try to move a computer, won't have that either as it won't connect to ADMIN$.
Back to basics with netdom to verify the trust, and behold - "Access Denied". After much head scratching (and curse words), I enable AllowNT4Crypto, thinking that's it, and re-create the trust, which again appear to create fine, but netdom doesn't like it.
I've even done the unthinkable and Googled it... and still no clue... either I'm missing something blatantly obvious here, or...
I'm sorry this is a side-issue but I have to ask: So what?
It's just a package object class and few attributes isn't it? They're not going to do anything e.g. package objects won't appear out of nowhere, create a new OU or computer and they won't get any rmCom2000-Wotsit attribs.