hello,
i want to migrate all from a windows 2000 domain to windows server 2003 SP2.
it's not easy to follow admt guide.
note that, i don't have full control of the WIN2k03 domain - no domain admins.
below is how i configured my migration environment :
- the source and target domain are on the same subnet
- domain functional levels :
+ source domain/: windows 2000 native/windows 2000
+ target domain/forest : windows server 2003
- we installed the dew DC in Win2k03 - traget domain
- i configure WINS on the target domain as a replication partner with WINS
server in the source domain.
- configure conditional forwarding to our source domain and in the source
domain, i aded the target domain at the top of the list of forwarders.
- the group IT create the trust and disable SID Filering on all trusts.
-Configuring the Source and Target Domains for SID History Migration - YES
+ A local group used to audit SID history operations exists in the source
domain.
+ TCP/IP client support enabled on the source domain primary domain
controller (PDC) emulator,
+ Audit policies be enabled on the source and ….target domain.
- the IT Group Create a account for migration
+ this account is local administrator of all computer or server in the
win2K domain- source.
+ this account is local administrator of the DC on which ADMT is
installed in the win2K03 domain - target
+ this account has permission to read all users information in the windows
2K domain
+ failed to make this account domain administrator in the source (Win2K)
doamin
+ this account has delegated permission on an OU
- Install ADMT on the DC on the target domain
- create encryption key in the target domain
- install the PES ina domain controller in the source domain
- initialise ADMT ( twice)
- local service <-- read access on
HKLM/system/curentcontrolset/control/SecurePipeServers/Winreg for all
computers on the source domain.
- on an OU in the target domain
----- task performed as described in ADMT guide
- Migrate globals groups using include file
- migrate users - disabled
- migrate users profiles (twice)
- migrate compter
- migrate user
- migrate global groups
- destination OU for migration is a ressource OU
i move user to user OU and computer to Desktop Ou on which log on script are
configured.
-------- Problem
when i use a test account trough the steps above, the user does not access
some network share, those without everyone read.
i can see that SID History migrated for the account
Thx
kapajoe
|
Similar Threads
Linear Mode
