migrating from 2003 to another 2003

Discussion in 'Server Migration' started by imerico sacha, May 4, 2005.

  1. hi to all, i realy need hepl. i need to migrate user between 2 windows server
    2003 domains. When i try to migrate only the users (With ADMTv2) all is ok.
    but when i tray to migrate the password i cant. i tryed to install the
    password export server on the source server. but when i try to contact it it
    say Acces denied. I configured the PES like the documentation i found on the
    microsoft site, but still dont work.

    can you helpme ?

    PS sorry for my english
     
    imerico sacha, May 4, 2005
    #1
    1. Advertisements

  2. Hello,

    Thanks for your post.

    I understand when you try to migrate the password and contact the .pes
    file, it says Access Denied. If I have misunderstood, please feel free to
    let me know.

    Based on my experience, I suggest you logon to the win2k3 server with the
    admin privilege on both domains and refer to the following instructions to
    mgirate accounts:

    To enable support for password migration:

    Part I: Target Domain
    ---------------------

    Complete the following steps on the domain controller in the target domain
    on which you installed ADMT:

    1. Insert a 3.5-inch disk into the floppy disk.

    2. Open a command prompt, and then change to the directory on which you
    installed ADMT. By default, this is the %SystemRoot%\Program Files\ folder.

    3. Type the following command to create the encryption key to be used
    during the migration of the user account passwords

    "admt key <SourceDomainName><FloppyDrive> [*/password]" (without the
    quotation marks) where:

    - The admt command is the name of the executable program.
    - The key command specifies the generation of an encryption key.
    - <SourceDomainName> is the NetBIOS name of the domain that contains the
    passwords that you want to migrate.
    - <FloppyDrive> is the drive letter of the floppy disk drive where the
    encryption key will be written.
    - [*/password] is optional; if you use it, you can encrypt the key with a
    password. You can either type the password or you can type "*" (without the
    quotation marks) to receive a prompt for a password that is not displayed
    on the screen. If you type a password, you need to use it when you complete
    the setup in the source domain.

    Part II: Source Domain
    ----------------------

    Complete the following steps on the PES in the source domain:

    1. Double-click the Pwdmig.exe file that is located in the \i386 folder on
    the Windows Server 2003 CD-ROM.

    2. Insert the 3.5-inch disk that you created when you receive the following
    message:

    Please insert the floppy into the floppy disk containing the password
    encryption key for this source domain. Click OK to continue.

    3. Type the password when you are prompted, and then click OK.

    4. Click Next.

    5. Click Finish.

    6. Click Start, click Run, type regedit, and then click OK.

    7. Locate the AllowPasswordExport registry value in the following registry
    key:

    HKLM\System\CurrentControlSet\Control\LSA

    8. Double-click AllowPasswordExport.

    9. Change the value "0" to "1", and then click OK.

    10. Restart the computer for the settings to take effect.

    The password migration solution in ADMT was designed to provide a secure
    general solution to password migration. Here are the key features of this
    solution:

    !$ The password export server (PES) works on Windows NT 4.0 domain
    controllers (including systems that have SYSKEY installed), on Windows 2000
    domain controllers, and on Windows Server 2003 domain controllers.

    For more references:

    How to Troubleshoot Inter-Forest Password Migration with ADMTv2
    http://support.microsoft.com/default.aspx?scid=kb;en-us;322981

    HTH!

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
     
    Amanda Wang [MSFT], May 5, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.