Migrating Passwords

Discussion in 'Server Migration' started by Greg Zygadlo, Aug 17, 2004.

  1. Greg Zygadlo

    Greg Zygadlo Guest

    I'm working on my A/D Migration in a VPC test environment, but everytime I
    goto migrate the passwords I get the good old access Denied message.

    I have up ADMT according to MS Knowledgebase Articles # 325851 and 832221
    and everytime I get this error. I need to be able to migrate the passwords.

    Has anybody run across this in their testing?

    Thanks
     
    Greg Zygadlo, Aug 17, 2004
    #1
    1. Advertisements

  2. Greg Zygadlo

    Feng Mao Guest

    Hi Greg,

    Thank you for posting!

    As you want to migrate password, you must install Active Directory
    Migration Tool (ADMT) Password Migration on the Password Export Server
    (PES).

    The migrate password feature introduces the concept of a Password Export
    Server (PES) that can host several support DLLs, which can be any backup
    domain controller (BDC), or the primary domain controller (PDC) in the
    source domain.

    To enable support for password migration:

    Part I: Target Domain
    ---------------------

    Complete the following steps on the domain controller in the target domain
    on which you installed ADMT:


    1. Insert a 3.5-inch disk into the floppy disk.

    2. Open a command prompt, and then change to the directory on which you
    installed ADMT. By default, this is the %SystemRoot%\Program Files\ folder.

    3. Type the following command to create the encryption key to be used
    during the migration of the user account passwords

    "admt key <SourceDomainName><FloppyDrive> [*/password] " (without the
    quotation marks) where:


    - The admt command is the name of the executable program.

    - The key command specifies the generation of an encryption key.

    - <SourceDomainName> is the NetBIOS name of the domain that contains the
    passwords that you want to migrate.

    - <FloppyDrive> is the drive letter of the floppy disk drive where the
    encryption key will be written, such as:

    A

    -or-

    A:

    - [*/password] is optional; if you use it, you can encrypt the key with a
    password. You can either type the password or you can type "*" (without the
    quotation marks) to receive a prompt for a password that is not displayed
    on the screen. If you type a password, you need to use it when you complete
    the setup in the source domain.

    NOTE: For security reasons, providing a password is recommended.


    Part II: Source Domain
    ----------------------

    Complete the following steps on the PES in the source domain:


    1. Double-click the Pwdmig.exe file that is located in the \i386 folder on
    the Windows Server 2003 CD-ROM.

    2. Insert the the 3.5-inch disk that you created when you receive the
    following message:

    Please insert the floppy into the floppy disk containing the password
    encryption key for this source domain. Click OK to continue.

    3. Type the password when you are prompted, and then click OK.

    4. Click Next.

    5. Click Finish.

    6. Click Start, click Run, type regedit, and then click OK.

    7. Locate the AllowPasswordExport registry value in the following registry
    key:

    HKLM\System\CurrentControlSet\Control\LSA

    8. Double-click AllowPasswordExport.

    9. Change the value "0" to "1", and then click OK.

    10. Restart the computer for the settings to take effect.


    For additional information, you may read the below article from the
    Microsoft Knowledge base:

    326480 How to Use Active Directory Migration Tool Version 2 to Migrate from
    http://support.microsoft.com/?id=326480

    Have a nice day!

    Thanks & Regards,

    Feng Mao [MSFT], MCSE
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.



    --------------------
    | From: "Greg Zygadlo" <>
    | Subject: Migrating Passwords
    | Date: Tue, 17 Aug 2004 07:30:39 -0400
    | Lines: 11
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
    | Message-ID: <>
    | Newsgroups: microsoft.public.windows.server.migration
    | NNTP-Posting-Host: 12.96.85.55
    | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
    | Xref: cpmsftngxa06.phx.gbl microsoft.public.windows.server.migration:13109
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | I'm working on my A/D Migration in a VPC test environment, but everytime I
    | goto migrate the passwords I get the good old access Denied message.
    |
    | I have up ADMT according to MS Knowledgebase Articles # 325851 and 832221
    | and everytime I get this error. I need to be able to migrate the
    passwords.
    |
    | Has anybody run across this in their testing?
    |
    | Thanks
    |
    |
    |
     
    Feng Mao, Aug 18, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.