ADMT Access Denied on resources in source domain

Discussion in 'Active Directory' started by Nathan Boddam-Whetham, Feb 15, 2008.

  1. Hello, I've read through the ADMTv3 guidance notes and information on Technet
    and have setup ADMT to migrate between two forests, I've been test migrating
    users and groups but am not able to access shares in the source domain, with
    a migrated account in the target domain even though sidHistory is enabled.

    I've set it up as follows:

    -Created a two way trust between the source and target domains
    -Created a group <source domain netbios name>$$$ on source domain
    -Enabled account auditing on both domains
    -Added the registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\TcpipClientSupport\TcpipClientSupport
    REG_DWORD set to 1 to source domain controller which is the PDC emulator and
    rebooted
    -I’ve confirmed that sidhistory is enabled and sidfiltering is disabled
    using netdom
    -I’ve setup a share test$ on a server in the old domain with group test
    having modify rights, created a test account test added it to the group and
    migrated the user using sidhistory.
    -Confirmed no errors with migration
    -Confirmed original account sid is in the sidhistory of the target account
    using ldp
    -Confirmed that date and time is less than 5 minutes difference in both
    domains
    -Can browse the netlogon share of HHGROUPPLC when logged on with the account
    in the target domain on a server in the target domain.

    I've tried migrating the group first, and the user with the group but no
    luck, does anyone have any ideas about where to start looking for issues?

    Regards,

    Nathan
     
    Nathan Boddam-Whetham, Feb 15, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.