+ Post New Thread
Results 1 to 4 of 4
Windows Thread, SID Migration W2k3 -> W2k3 in Technical; We are about to start a pretty major restructuring of our active directory by migrating to a new forest with ...
  1. #1

    Join Date
    Apr 2007
    Location
    Croydon
    Posts
    501
    Thank Post
    18
    Thanked 31 Times in 30 Posts
    Rep Power
    22

    Question SID Migration W2k3 -> W2k3

    We are about to start a pretty major restructuring of our active directory by migrating to a new forest with 2 child domains. In testing we've managed to migrate everything sucessfully. I thought i'd get a head start and migrate 1800 pupils accounts and various groups over the weekend using ADMT v3. I've setup a two-way trust and everything is communicating correctly, but when I come to migrate a group I can't migrate the SIDs to the target domain.

    I've got the two-way trust in place, made the registry change (TcpipClientSupport) on the source DC, created a domain local group (CURRICULUM$$$) on the source DC, the administrator account for the target domain is a member of the local administrators group in the source domain, the auditing of account managment (both sucess and failure) is enabled on both domains.

    What am I missing?

    The specific error I am getting is: Could not verify auditing and TcpipClientSupport on domains. Will not be able to migrate Sid's. The specified domain either does not exist or could not be contacted.

    If I choose not to migrate SIDs it works perfectly.

    Cheers

    Adam.

  2. #2

    Join Date
    Apr 2007
    Location
    Croydon
    Posts
    501
    Thank Post
    18
    Thanked 31 Times in 30 Posts
    Rep Power
    22
    I think i've fixed it!

    When creating the trust, I created a Forest Trust instead of an External Trust. Recreating the trust as an External Trust seems to have fixed the problem.

    Adam.

  3. #3
    thom's Avatar
    Join Date
    Jul 2005
    Location
    Bedford, East Anglia, UK
    Posts
    242
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    20

    Question I have the same problem

    I am also getting the error above but the trusts are already external.
    Apparently it is to do with the Administrator on the new 2003 Target domain does not have permissions on the NT4 target domain.

    How can I add the 2003 Administrator to the nt4 domain admin groups?

    More info
    • I'm just testing at the mo but am meant to be using for real at the weekend
    • I am using Microsoft Virtual PC to create a test environment
    • I have an NT4 (sp6a) PDC called NT4PDC in a domain called OLDDOMAIN
    • I have an 2003 DC called NEWDC in a domain called NEWDOMAIN
    • I have been following the ADMT v3 guide and have already esablished a 2 way external trust, done the TCPIP reg-hack and created the SOURCE$$$ group for auditing

    Thanks very much in advance guys

  4. #4
    thom's Avatar
    Join Date
    Jul 2005
    Location
    Bedford, East Anglia, UK
    Posts
    242
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    20

    Lightbulb I found my own solution

    I decided to engage my brain power and figure out my own solution

    This is what you need to do
    • On NT4PDC in OLDDOMAIN open User Manager
    • Create a new user called ntmigrator
    • Add ntmigrator to the Domain Admins group

    • On the DC of target domain (e.g. NEWDC in NEWDOMAIN) open AD Users & Computers
    • Open the Users OU and double click the Administrators group
    • Add OLDDOMAIN\ntmigrator as a member
    • Note - it will not work with the Builtin\domain admins group
    • Click Start > Control Panel > Administrative Tools > Domain Controller Security Policy
    • Double click on Local Policies and choose User Rights Assignment
    • Double click on the Allow log on locally policy.
    • Add the user account (OLDDOMAIN\ntmigrator)
    • Reboot NEWDC
    You can now log on to the new DC as ntmigrator and sucessfully run ADMT (Make sure you select OLDDOMAIN in the logon box)

SHARE:
+ Post New Thread

Similar Threads

  1. Sims on W2K3 64bit
    By skunk in forum MIS Systems
    Replies: 2
    Last Post: 18th August 2008, 10:35 AM
  2. Add cachepilot to w2k3 DNS
    By SimpleSi in forum *nix
    Replies: 3
    Last Post: 18th January 2008, 12:14 PM
  3. Some W2K3 SP2 problems
    By Geoff in forum Windows
    Replies: 0
    Last Post: 29th March 2007, 11:03 AM
  4. Repackaged hotfixes for W2k3 SP2
    By Geoff in forum Windows
    Replies: 4
    Last Post: 21st March 2007, 10:26 PM
  5. Vista in a W2k3 Domain
    By GrumbleDook in forum Windows Vista
    Replies: 4
    Last Post: 1st December 2006, 09:06 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •