hi,
here is what i do :
- Preparing the Source and Target Domains
o Create two-way trust between cas.mea.nfowg.com and tnsad.com
o Disable SID Filtering
- Establishing Migration Accounts for the Migration – in the target domain
√ is local administrator (or domain administrator) credentials in the source
domain
√ has Delegated permission on the user, group, and computer OUs in the
target domain with the extended right to migrate SID history on the user OU.
√ is a local administrator on the computer in the target domain on which
ADMT is installed ( Dc in the target domain)
√ is local administrator of the workstations
o has delegated permissions on target OU
-Configuring the Source and Target Domains for SID History Migration
o A local group used to audit SID history operations exists in the source
domain.
o TCP/IP client support must be enabled on the source domain primary domain
controller (PDC) emulator.
o Audit policies must be enabled.
-Configuring the Target Domain OU Structure for Administration
-Installing ADMT in the Target Domain
-Identifying Service Accounts for Your Migration
-Create the encryption key
-Configure the PES service on a domain controller in cas.mea.nfowg.com, the
source domain.
finally, after my test, migrated user can not access shares in the source
domain.
i can used asedit and see that an entry exist for SID History.
what's wrong?
Patrice
|
Similar Threads
Linear Mode
