ADMT 3.0 Computer mig - Failed to change domain affiliation when changing computer name via include

Discussion in 'Server Migration' started by Ignaurus13, Jun 23, 2006.

  1. Ignaurus13

    Ignaurus13 Guest

    Hello,

    I am not able to change domain affiliation when I perform ADMT v3 computer
    migration using an include file that has a comuter name change. If I dont
    use an include file and dont change the computer name, it works fine


    Here are the events from the agen log:
    2006-06-23 03:25:47 Changed computer name to MIG-XP-CLIENT
    2006-06-23 03:25:48 ERR3:7075 Failed to change domain affiliation,
    hr=800708ad The user name could not be found.
    2006-06-23 03:25:48 Changed computer name to XP-CLIENT
    2006-06-23 03:25:48 Wrote result file
    C:\WINDOWS\OnePointDomainAgent\000013_XP-CLIENT.result


    Here is my include csv
    SourceName,TargetRDN,TargetSAM
    XP-CLIENT,"CN=MIG-XP-CLIENT",MIG-XP-CLIENT

    Any Suggestions?

    Thanks,
    Iggy
     
    Ignaurus13, Jun 23, 2006
    #1
    1. Advertisements

  2. Hi,

    Would you please attach the entire admt log?

    Thanks.


    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Jun 23, 2006
    #2
    1. Advertisements

  3. Ignaurus13

    Ignaurus13 Guest

    Attached is the ADMT log.
    Sometimes I get:
    hr=800708ad The user name could not be found.

    others I get:
    hr=800706fb The security database on the server does not have a computer
    account for this workstation trust relationship.


    The lab consists of one subnet and no firewalls. T was originally trying it
    in a lap that was a replica of production with the same results.


    Are their any other ADMT v3 logs on the client I should be looking for? Is
    there a DTCLOG.TXT? The ADMT log on mentions
    C:\WINDOWS\OnePointDomainAgent\000013_XP-CLIENT.result, but I can't find it.

    Also, read a lot of the newgroups entries and it blames either DNS sever
    used or ADMT v2 in test mode. ADMT V3 has not test mode, right?


    Also I have a one way trust that allows me to migrate users and leverage
    SIDHistory. There isnt an prerequisite for a 2way trust in the ADMT
    documentation. Also, the documentation troubleshooting section states to
    manually add the workstation to the domain if ADMT fails.


    [Settings Section]
    Task: Computer Migration (13)
    ADMT Console
    User: ADTARGET01\Administrator
    Computer: ADT01-MIG01.ADTARGET01.TEST (ADT01-MIG01)
    Domain: ADTARGET01.TEST (ADTARGET01)
    OS: Microsoft Windows Server 2003 5.2 (3790) Service Pack 1
    Source Domain
    Name: ADSOURCE01.TEST (ADSOURCE01)
    DC: ADS01-DC01.ADSOURCE01.TEST (ADS01-DC01)
    OS: Windows Server 2003 5.2 (3790) Service Pack 1
    OU:
    Target Domain
    Name: ADTARGET01.TEST (ADTARGET01)
    DC: ADT01-DC01.ADTARGET01.TEST (ADT01-DC01)
    OS: Windows Server 2003 5.2 (3790) Service Pack 1
    OU: LDAP://ADTARGET01.TEST/CN=Computers,DC=ADTARGET01,DC=TEST
    Intra-Forest: No
    Translate Option: Replace
    Translate Files: Yes
    Translate Local Groups: Yes
    Translate Printers: Yes
    Translate Registry: Yes
    Translate Rights: Yes
    Translate Shares: Yes
    Translate User Profiles: Yes
    Conflict Option: Ignore
    Perform Pre-check Only: No

    [Object Migration Section]
    2006-06-23 03:19:03 Starting Account Replicator.
    2006-06-23 03:19:05 CN=MIG-XP-CLIENT - Created
    2006-06-23 03:19:09 - Set password for CN=MIG-XP-CLIENT.
    2006-06-23 03:19:09 Operation completed.

    [Agent Dispatch Section]
    2006-06-23 03:19:37 Read 3 accounts from the database that were previously
    migrated from the domain 'ADSOURCE01.TEST' to the domain 'ADTARGET01.TEST'.
    2006-06-23 03:19:38 Created account input file for remote agents:
    Accounts000013.txt
    2006-06-23 03:19:38 Installing agent on 1 servers

    2006-06-23 03:19:38 The Active Directory Migration Tool Agent will be
    installed on XP-Client.ADSOURCE01.TEST
    2006-06-23 03:20:45 ERR2:7863 Could not determine whether you have
    administrator privileges on the computer 'XP-Client.ADSOURCE01.TEST'. The
    remote procedure call failed and did not execute. (0x800706bf)
    2006-06-23 03:24:05 Started job: XP-Client.ADSOURCE01.TEST 000013_XP-CLIENT
    {DEDF5D84-D6EF-4F48-AA0A-DC5C775F56FD}


    [Agent Summary Section]
    ***** Start of Pre-check Summary *****
    Machine Name Status Message
    XP-Client.ADSOURCE01.TEST Passed
    ***** End of Pre-check Summary *****
    ***** Start of Agent Operation Summary *****
    For more information about operations that completed with warnings or
    errors, refer to the Agent Details section.
    Machine Name Status Message
    XP-Client.ADSOURCE01.TEST Completed with Errors
    ***** End of Agent Operation Summary *****
    ***** Start of Post-check Summary *****
    Machine Name Status Message
    XP-Client.ADSOURCE01.TEST Not Started
    ***** End of Post-check Summary *****

    [Agent Details Section]

    Details for XP-Client.ADSOURCE01.TEST
    ?Local Machine
    Computer: xp-client.ADSOURCE01.TEST (XP-CLIENT)
    Domain: ADSOURCE01.TEST (ADSOURCE01)
    OS: Microsoft Windows XP 5.1 (2600) Service Pack 2
    2006-06-23 03:24:03 Starting Security Translator.
    2006-06-23 03:24:03 Agent is running in local mode.
    2006-06-23 03:24:03 Read 3 accounts from
    C:\WINDOWS\OnePointDomainAgent\Accounts000013.txt
    2006-06-23 03:24:03 SecurityTranslation Files:Yes Shares:Yes LGroups:Yes
    UserRights:Yes Printers:Yes Profiles:Yes RecycleBin:Yes
    TranslationMode:Replace ADSOURCE01.TEST ADTARGET01.TEST
    2006-06-23 03:24:03 Starting
    2006-06-23 03:24:03 Translating local machine.
    2006-06-23 03:24:04 Skipping A:\, rc=21 The device is not ready.
    2006-06-23 03:24:04 Processing C:\
    2006-06-23 03:24:41 Processing recycle bin files and folders on C:\.
    2006-06-23 03:24:41 Examining: S-1-5-21-1409082233-492894223-842925246-500
    2006-06-23 03:24:41 Examining: S-1-5-21-3161335116-2213386633-3635169926-500
    2006-06-23 03:24:41 Skipping D:\. D:\ is a CD-ROM drive.
    2006-06-23 03:24:41 Processing shares on local machine.
    2006-06-23 03:24:41 Processing printer security...
    2006-06-23 03:24:41 Translating local groups.
    2006-06-23 03:24:41 Translating user rights.
    2006-06-23 03:24:41 ADMT only performs user rights translation in Append
    mode.
    2006-06-23 03:24:41 Translating security on registry keys.
    2006-06-23 03:25:38 ERR3:7330 Failed to open registry key
    HKEY_USERS\S-1-5-21-110014542-4250238548-2683485846-500\Software\Classes,
    rc=87 The parameter is incorrect.
    2006-06-23 03:25:38 This profile translation automatically switches from
    replace mode to add mode if the user is currently logged on or if the
    profile is in use for other reasons. In order to disable the switching, you
    need to set the registry
    HKLM\Software\Microsoft\ADMT\DisallowFallbackToAddInProfileTranslation
    (REG_DWORD) to 1 on the ADMT machine.
    2006-06-23 03:25:38 Translating user profile, source account='UserNo1',
    target account='UserNo1'
    2006-06-23 03:25:47 WRN1:7644 Unable to translate Microsoft Installer
    related registry keys from 'S-1-5-21-2750958425-3276501084-2773286462-1109'
    to 'S-1-5-21-2507220796-3330475737-2179702394-1113'. rc=3 The system cannot
    find the path specified.
    2006-06-23 03:25:47 ------Account Detail---------
    2006-06-23 03:25:47 The account detail section uses the following format:
    AccountName(OwnerChanges, GroupChanges, DaclChanges, SaclChanges).
    2006-06-23 03:25:47 UserNo1 (0, 0, 30, 0)
    2006-06-23 03:25:47 -----------------------------
    2006-06-23 03:25:47 2 users, 1 groups
    2006-06-23 03:25:47 3 accounts selected. 3 resolved, 0 unresolved.
    2006-06-23 03:25:47 Examined Changed Unchanged
    2006-06-23 03:25:47 Files 24690 0 24690
    2006-06-23 03:25:47 Dirs 1729 0 1729
    2006-06-23 03:25:47 Shares 0 0 0
    2006-06-23 03:25:47 Members 9 0 9
    2006-06-23 03:25:47 User Rights 67 0 67
    2006-06-23 03:25:47 Exchange Objects 0 0 0
    2006-06-23 03:25:47 Containers 0 0 0
    2006-06-23 03:25:47 DACLs 179702 15 179687
    2006-06-23 03:25:47 SACLs 0 0 0
    2006-06-23 03:25:47 Examined Changed No Target Not
    Selected Unknown
    2006-06-23 03:25:47 Owners 179705 0 179705
    0 0
    2006-06-23 03:25:47 Groups 179705 0 179705
    0 0
    2006-06-23 03:25:47 DACEs 1464726 30 1464696
    1464696 0
    2006-06-23 03:25:47 SACEs 0 0 0
    0 0
    2006-06-23 03:25:47 Changed computer name to MIG-XP-CLIENT
    2006-06-23 03:25:48 ERR3:7075 Failed to change domain affiliation,
    hr=800708ad The user name could not be found.
    2006-06-23 03:25:48 Changed computer name to XP-CLIENT
    2006-06-23 03:25:48 Wrote result file
    C:\WINDOWS\OnePointDomainAgent\000013_XP-CLIENT.result
    2006-06-23 03:25:48 Operation completed.
     
    Ignaurus13, Jun 23, 2006
    #3
  4. Hi,

    I have following suggestions:

    1. Make sure the "NTLM security support provider" service is started -

    2. Check if the RPC service is started. If not, start it and then test
    the problem again.
    3. Verify
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService]"68"="netlogon.dl
    l"
    4. Make sure that the Client for Microsoft Networks and "File and Printer
    sharing for Microsoft Networks" are installed and enabled.
    5. If that all checks out remove and reinstall "Client for Microsoft
    Networks"

    Thanks.

    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Jun 26, 2006
    #4
  5. Ignaurus13

    Ignaurus13 Guest

    It was the include file,....targetsam for computers needed the $

    Thanks for your help.

     
    Ignaurus13, Jun 26, 2006
    #5
  6. Oops! I provided this suggestion in another thread. :)

    Glad to see it works.


    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Jun 27, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.