| Author | Messages | |
lagreca
Posts:0
 | | 03/08/2006 10:37 AM |
| I got ADMT running in a test environment, but now have a few problems.
Problem #1
When I use the wizard to migrate a computer from the source domain to
the target, I then have the same machine account in both domains.
Making it impossible for the target domain to access the shares of the
workstation in the source domain. I have experienced this problem,
and found it documented here:
http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm
> 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02
>
> When you attempt to access a child domain controller from the parent domain, you receive:
>
> Logon Failure: The target account name is incorrect.
>
> This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain.
>
> To resolve the problem, rename one of the computers.
>
> NOTE: If the computer no longer exists, delete it's machine account.
If I delete the the newly migrated computer from the target domain, I
can then access the shares on the workstation in the source domain.
Anyone have an idea of how I can get around this limitation? I don't
think it is possible to remove the workstation from the source domain
yet, as it hasn't had the agent dispatched to it to change its domain
ownership.
Problem #2
Even though I have already added the opposite Domain Admins group to
the local Administrator group of each machine, I don't appear to have
admin rights across the trust between domains.
One example is that the target domain cannot access the Admin$ share
of the workstation in the source domain.
If I go to the source domain workstation and add the administrator of
the target domain to the local Administrator group of the workstation,
I can then access the Admin$ share and dispatch the ADMT agent to the
workstation.
Since this is not practical in a widespread migration, I need to
figure out how to get administrative privileges across the trust
between domains.
Thanks.
Joe
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| deji
Posts:150
| | 03/08/2006 11:09 AM |
| For #1, you are apparently not migrating with SIDHistory. If you have a
problem with SIDHistory and don't want to use it, then you will have to wait
until you have migrated everything and repermissioned the resources before
you can access resources.
For #2, try http://www.akomolafe.com/TechStuff/Scripts/tabid/63/Default.aspx
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Joe Lagreca
Sent: Wed 3/8/2006 2:35 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] ADMT v3 implementation questions
I got ADMT running in a test environment, but now have a few problems.
Problem #1
When I use the wizard to migrate a computer from the source domain to
the target, I then have the same machine account in both domains.
Making it impossible for the target domain to access the shares of the
workstation in the source domain. I have experienced this problem,
and found it documented here:
http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm
> 4655 » Logon Failure error when accessing a child domain controller from
the parent domain? 08-Jan-02
>
> When you attempt to access a child domain controller from the parent
domain, you receive:
>
> Logon Failure: The target account name is incorrect.
>
> This error will occur if a computer in the parent domain has the same
computer name as a computer in the child domain.
>
> To resolve the problem, rename one of the computers.
>
> NOTE: If the computer no longer exists, delete it's machine account.
If I delete the the newly migrated computer from the target domain, I
can then access the shares on the workstation in the source domain.
Anyone have an idea of how I can get around this limitation? I don't
think it is possible to remove the workstation from the source domain
yet, as it hasn't had the agent dispatched to it to change its domain
ownership.
Problem #2
Even though I have already added the opposite Domain Admins group to
the local Administrator group of each machine, I don't appear to have
admin rights across the trust between domains.
One example is that the target domain cannot access the Admin$ share
of the workstation in the source domain.
If I go to the source domain workstation and add the administrator of
the target domain to the local Administrator group of the workstation,
I can then access the Admin$ share and dispatch the ADMT agent to the
workstation.
Since this is not practical in a widespread migration, I need to
figure out how to get administrative privileges across the trust
between domains.
Thanks.
Joe
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| lagreca
Posts:0
| | 03/09/2006 10:32 AM |
| My problems seemed to have been solved by simply logging in as the
Administrator from the source domain, on the target domain. Then I
was able to access all shares in the source domain, as well as run the
ADMT agent with no problems.
I am trying to finish up my ADMT v3.0 migration document to help
others who are running into problems. I will let you all know when it
is ready.
Thanks for the help.
Joe
On 3/8/06, Joe Lagreca wrote:
> I got ADMT running in a test environment, but now have a few problems.
>
> Problem #1
>
> When I use the wizard to migrate a computer from the source domain to
> the target, I then have the same machine account in both domains.
> Making it impossible for the target domain to access the shares of the
> workstation in the source domain. I have experienced this problem,
> and found it documented here:
>
> http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm
>
> > 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02
> >
> > When you attempt to access a child domain controller from the parent domain, you receive:
> >
> > Logon Failure: The target account name is incorrect.
> >
> > This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain.
> >
> > To resolve the problem, rename one of the computers.
> >
> > NOTE: If the computer no longer exists, delete it's machine account.
>
>
> If I delete the the newly migrated computer from the target domain, I
> can then access the shares on the workstation in the source domain.
> Anyone have an idea of how I can get around this limitation? I don't
> think it is possible to remove the workstation from the source domain
> yet, as it hasn't had the agent dispatched to it to change its domain
> ownership.
>
> Problem #2
>
> Even though I have already added the opposite Domain Admins group to
> the local Administrator group of each machine, I don't appear to have
> admin rights across the trust between domains.
>
> One example is that the target domain cannot access the Admin$ share
> of the workstation in the source domain.
>
> If I go to the source domain workstation and add the administrator of
> the target domain to the local Administrator group of the workstation,
> I can then access the Admin$ share and dispatch the ADMT agent to the
> workstation.
>
> Since this is not practical in a widespread migration, I need to
> figure out how to get administrative privileges across the trust
> between domains.
>
> Thanks.
>
> Joe
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|