ERR3:7075 Failed to change domain affiliation

Discussion in 'Server Migration' started by Keith Borgmann, Jul 8, 2004.

  1. I installed ADMT 2 following the instructions in KB325851
    and migration of users and groups from NT4 SP6a to W2K3
    seems to work fine. However, migrating computers is
    something else entirely.

    We are running the two domains side by side and I intend
    to move the computers and accounts one department at a
    time. Right now, I'm just testing with one test computer
    and one test user account. All my PCs are running W2K
    SP3 or higher or XP Pro SP1 and most have an NTFS.

    Every time I test the migration of a computer from the NT
    domain to the 2K3 domain, I get the following error:

    ERR3:7075 Failed to change domain affiliation,
    hr=8007054b The specified domain either does not exist
    or could not be contacted.

    If I actually perform the migration, I get the same error.

    I keep reading the same responses to similar problems
    telling the person to log onto the target DC as the
    source domain admin. I assume that means I logon as
    SOURCEDOMAIN\administrator, use the appropriate password,
    and keep the actual domain as the TARGETDOMAIN. Or am I
    supposed to log onto the target DC but change the domain
    to SOURCEDOMAIN? Regardless, it doesn't seem to work
    properly either way.

    The other response I keep seeing is to put the target
    domain administrator into the source domain's Domain
    Admins group. The only problem with that is I can find
    no way to do this. When I go into the NT4 user manager,
    Domain Admins is a global group whose members must come
    from the members of the NT domain.

    I can add the target domain administrator to the
    Administrators group (a local group) in the NT domain,
    but that does me no good since it is the Domain Admins
    group that is part of the local Administrators group on
    each PC. In desperation, I added the
    TARGETDOMAIN\Administrator to the local administrator's
    group on the test machine I am attempting to migrate.
    Again, I get the same error.

    Regardless of what I do, the machine does not fully
    migrate to the target domain. If I look in Control Panel-
    still appears to be in the source domain.

    I would appreciate any suggestions.
     
    Keith Borgmann, Jul 8, 2004
    #1
    1. Advertisements

  2. Hi Keith,

    Thanks for your posting here.

    Below is the information from the article of 325851.

    1. Add the Domain Admins global group from the source domain to the
    Administrators local group in the target domain.
    2. Add the Domain Admins global group from the target domain to the
    Administrators local group in the source domain.

    Please note that it is add the Domain Admins global group to the
    Administrators local group. I recommend that you refer to the article to
    check if you have done all the requirements for ADMT.

    HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration
    http://support.microsoft.com/?id=325851

    In addition, please check if the name resolution works properly on the
    client computer. You can try to point your NT PDC and client computer to NT
    DNS and create a secondary zone on Windows 2003 DNS for the NT domain. You
    can also point your NT PDC and Windows 2003 DC to the same WINS server.

    If you still get the error when perform computer migration in real mode,
    please post with migration.log and dctlog.txt.

    Have a nice day!

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 9, 2004
    #2
    1. Advertisements

  3. It seems the answer is that I have to change all
    computers in our NT4 domain to use the new DNS in the
    W2K3 domain. Prior to implementing the W2K3 domain and
    DNS, we used external DNS supplied by our ISP. Internal
    resolution of names was done using WINS. Our W2K3 DNS is
    set up to forward to the external DNS from our ISP.
     
    Keith Borgmann, Jul 9, 2004
    #3
  4. Hi Keith,

    In general, this could be a name resolution issue. You can try to set the
    client to use the same DNS server as the settings on your target domain
    controller if you do not have DNS server in NT domain. In addition, you can
    also point the NT domain and Windows 2003 domain to the same WINS server.

    Best regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 12, 2004
    #4
  5. As I stated in my previous post, it seems it is necessary
    to make the new W2K3 DNS the primary DNS on client
    machines prior to migration if one is using external
    DNSs. All machines (including the new W2K3 DC are
    configured to use my old NT4 WINS. WINS just doesn't
    resolve this issue.

    I found I also get the same exact errors if the client
    machine is not set to register with a DNS. I have a few
    machines that will not migrate until I turn that feature
    on under the advanced DNS settings for the TCP/IP
    protocol under the network connection. I realize by
    default it IS set to register, but it was deliberately
    turned off on a few machines. Now, if only I could find
    the registry setting to tweak so I don't have to visit
    all those machines.
     
    Keith Borgmann, Jul 12, 2004
    #5
  6. Hi Keith,

    The key thing is the DC can find the relevant record from DNS. That is how
    the name resolution works. If you use the DHCP to assign dynamic IP address
    to clients, you can set "Automatically update DHCP client information in
    DNS", and enable dynamic update on DNS server.

    Reference:

    HOW TO: Configure DNS Dynamic Update in Windows 2000
    http://support.microsoft.com/?id=317590

    Wish it helps

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Jul 13, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.