MIgration Question

Discussion in 'Server Migration' started by Dipti, Jun 1, 2005.

  1. Dipti

    Dipti Guest

    Due to acquisitions/merger I am looking for the options to see how to join
    our domain to our parent company’s forest. We have windows 2000 domain with
    two domain controllers, 1 exchange 2000 server, SQL 2000, and Windows 2000
    NAS server for file server. We have a two way trust set up at this time with
    our parent company.

    We also have other sister companies which will be joining the parent
    company’s forest . They are also windows 2000 domain and similar set up as
    ours. We also have external trust set up with the sister companies for
    resource sharing.

    All domains needs to be able to keep their own group policy etc., when we
    join our parent company’s forest.

    What will be best way to accomplish this? Should we move each domain to
    windows 2003 domain and use AD renaming tool? How is ADMT2 will play out in
    this scenario? Please give me some guidance.
     
    Dipti, Jun 1, 2005
    #1
    1. Advertisements

  2. Hello,

    Thank you posting here.

    I found you have posted another post called Migration of two forests to one
    here. Do these two posts describe the same phenomenon?

    If so, I would give you my answers in one thread here and please ignore
    that post.

    Based on your description, I understand you want to join two sister domains
    into parent company's forest. If I have misunderstood, please feel free to
    let me know.

    Q1: Join two sister domains into parent company's forest and move all
    users, computers, groups.

    Depends on your real environment, the two sister domains should have their
    own different DNS names. Therefore, I suggest you perform the following
    plan to achieve the goal:

    Step1: create two trees under parent's company's forest, install two new
    Win2k3 DC called Domain3 and Domain4.
    ============================================================================
    ==============================

    For the convenience, we call one sister domain is Domain1 and the other is
    Domain2.

    For the structure of tree and forest, please refer to the following article
    and pay more attention to the figure 1.7:

    Active Directory Logical Structure
    http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/
    en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en
    -us/distrib/dsbb_act_uzlw.asp

    Step2: Then establish two way trusts between Domain1 and Domain3, Domain2
    and Domain4. Please refer the following article and establish trusts:
    ============================================================================
    ======================

    Between Win2k and Win2k3, on Win2k just as from Win2k to WinNT and on
    Win2k3 just as from Win2k3 to WinNT:

    How to establish trusts with a Windows NT-based domain in Windows 2000
    http://support.microsoft.com/default.aspx?scid=kb;en-us;308195

    HOW TO: Establish Trusts with a Windows NT-Based Domain in Windows Server
    2003

    Step 3: Use ADMT tool to migrate the resources from Domain1 to Domain3, and
    then Domain2 to Domain4.
    ============================================================================
    =======================

    You can download ADMT from the link below:
    Active Directory Migration Tool v.2.0
    http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-
    9817-8c9773c25c6c&DisplayLang=en

    About how to migrate from 2000 to 2003 by using ADMT just as migrate from
    2000 to 2003, please refer to:

    How to Use Active Directory Migration Tool Version 2 to Migrate from
    Windows 2000 to Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;326480

    During migration process, the Recommended Migration Order is listed below
    for your reference:
    1. Domain Global Group
    2. Domain Local Group
    3. User migration
    4. Computer migration

    Step 4: Remove the old win2k domains.
    ****************************************************************************
    ***8

    About the above migration plan, you know we need to change our original
    domain name. From your meaning, my understanding is that you want to keep
    the original domain names after migration. Am I right? If I am right,
    there are two methods can achieve the goal:

    Method 1: Rename Windows 2k3 domain name
    =================================
    1. Install win2k3 on the new server.
    2. Promote it to DC.
    3. Use the migration process to migrate user accounts etc..
    4. Install Exchange 2k3.
    5. Migrate Exchange information.

    NOTE: Don't install Exchange 2k3 before you change the domain name.

    Refer to KB articles:
    Windows Server 2003 Active Directory Domain Rename Tools
    http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

    Step-by-Step Guide to Implementing Domain Rename
    http://download.microsoft.com/download/c/f/c/cfcbff04-97ca-4fca-9e8c-3a9c90a
    2a2e2/Domain-Rename-Procedure.doc

    Method 2: Add a new server as a intermittent server
    ====================
    If you have another new server, you use migration process twice. It goes
    like this:
    NOTE: I assume the original domain name is ABC
    1. Install Windows 2k3 on a server name
    2. Promote it to DC named EFG.com
    3. Use migration process to migrate info from ABC to EFG.com
    4. Take all NT DC offline
    5. Install Win2k3 on original NT machine
    6. Promote it to DC called ABC.com
    7. Use migration process to migrate info from EFG.com to ABC.com

    Q2: Related the questions about you also want to migrate the files servers,
    you can use FSMT to migrate file server from one domain to another. We
    suggest you first migrate groups, users, computers by using ADMT and then
    migrate file server by using FSMT. For more references related FSMT,
    please refer to:

    Microsoft File Server Migration Toolkit FSMT Site:
    http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfsc.mspx

    Overview of the Microsoft File Server Migration Toolkit white paper of FSMT
    http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_over
    view.mspx

    Q3: For exchange servers we want to bring in a new exchange 2003 server and
    move information from exchange 2000 server from both forests to new
    exchange 2003 server.

    With regards to the Exchange migration, I recommend you post related
    questions to microsoft.public.exchange so that the exchange expert can
    provide more accurate information for you.

    HTH! Anything unclear, please feel free to let me know.

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
     
    Amanda Wang [MSFT], Jun 2, 2005
    #2
    1. Advertisements

  3. Dipti

    Dipti Guest

    Amanda,

    Thank yu very much for your reply. I have to read and understand all the
    steps involved and test everything. I will keep you posted on this project.
    Once again I sincerely appreciate your guidance.
    --
    Dipti


     
    Dipti, Jun 2, 2005
    #3
  4. Dipti

    Dipti Guest

    Hello Amanda,

    Here is some more info., on domain migration issue for your review .
    ____________
    My understanding is we are going to assume our parent company's domain name.

    Here is the scenario:

    Two sister domains in Houston. companyA has domain name companyA.com,
    comapnyB has domain name companyB.com. Both sister companies have external
    trust set up with each other at this time. Both sister companies also have
    two way trust set up with parent company which I will call companyC – with
    Forest name CompanyC and domain name CompanyCXX.com .

    CompanyA.com and CompanyB will join CompanyC forest. We will assume the name
    of CompanyCXX.com after joining that domain.

    Domain structure will be as follows:

    CompanyCXX.com
    !---Computers
    !--- Users
    !--- Builtin
    ! ----Monaco
    !-----Houston
    !—Users
    !---computers
    !—DCs (will have two DCs one for CompanyA other one for CompanyB)
    !—preferably one exchange server which will contain information from
    CompanyA and CompanyB



    Each OU (Monaco, Houston) represent one site which will be connected to each
    other via T1. Each site will have a DC and Exchange server, file server.
    Every one needs to be able to have access to file servers with appropriate
    NTFS /share rights. We need to be able to keep the group policy already set
    up for companyA.com and CompanyB.com after joining DomainCXX. For exchange
    server we need to have global address list, public folders available to
    everyone in case we can not consolidate to one exchange server.

    We do not want to create a separate tree CompanyA and CompanyB under
    CompanyC forest.

    --
    Dipti


     
    Dipti, Jun 2, 2005
    #4
  5. Hello,

    Glad to hear from you and thanks for your detailed information based on
    your scenario.

    First, please help me confirm my understanding: In physically, there are
    many sites under CompanyC, such as Monaco, Houston. In logically, they are
    OUs in AD. Now you want to migrate CompanyA domain and CompanyB to Houston
    OU in CompanyCXX domain.

    In AD, if you only want to migrate these two domain to Houston OU. During
    migrate by using ADMT, in every migration Wizard, such as Group account
    migration Wizard, User account migration Wizard and Computer account
    migration Wizard, there is an option will let you to choose which OU you
    want to migrate to (refer to the screen shot named Choose OU and this is
    the option in User account migration Wizard).

    HTH!

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
     
    Amanda Wang [MSFT], Jun 3, 2005
    #5
  6. Dipti

    Dipti Guest

    Sorry to bother you again. I wanted to clarify the steps I need to do for
    this migration process to work.

    1)Use the ADMT2 to migrate from windows 2000 to 2003. During migration
    process, I will be given option to choose the OU to migrate my domain. During
    migration my domain name will be changed to my parent company's domain
    name? That is what needs to happen for us, since we will be assuming our
    parent company's name. Is there any need to run rendom.exe afterwards?

    Migration order shold be :

    domain global group
    domain local group
    user migration
    computer migration

    Run FSMT for file server migration.

    Should I upgrade my existing exchange 2000 server to exchagne 2003 server
    before I use ADMT2. My understanding is exchange 2000 server can not work on
    windows server 2003 domain. So, I am assuming that I need to upgrade to
    exchange 2003 on windows 2000 server, then upgrade exchange server to windows
    2003 server. By the way exchange server is a member server.

    Thanks again for the help.



    --
    Dipti


     
    Dipti, Jun 8, 2005
    #6
  7. Hello,

    Glad to hear from you and thanks for your effort on this issue.

    Based on your concerns, I would give my reply separately:

    1) Use the ADMT2 to migrate from windows 2000 to 2003. During migration
    process, I will be given option to choose the OU to migrate my domain.
    During migration my domain name will be changed to my parent company's
    domain name? That is what needs to happen for us, since we will be assuming
    our parent company's name. Is there any need to run rendom.exe afterwards?

    A: Yes. During migration, your domain names will be changed to your parent
    company domain's name because after migration, the original domain should
    be removed and all the resources in old domain have been migrated to your
    parent company domain.

    2) Migration order should be:

    domain global group
    domain local group
    user migration
    computer migration

    Run FSMT for file server migration.

    A: The above steps are right.

    Should I upgrade my existing exchange 2000 server to exchange 2003 server
    before I use ADMT2. My understanding is exchange 2000 server can not work
    on windows server 2003 domain. So, I am assuming that I need to upgrade to
    exchange 2003 on windows 2000 server, then upgrade exchange server to
    windows 2003 server. By the way exchange server is a member server.

    A: For the questions related Exchange, please post them to
    Microsoft.public.exchange or Microsoft.public.exchange2000 to get the most
    professional and qualified support.

    HTH! If you have any other concerns related the original issue, please
    feel free to let me know.

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
    <>
    <>
    <>
     
    Amanda Wang [MSFT], Jun 9, 2005
    #7
  8. Dipti

    Dipti Guest

    Thanks now I can start my testing process.
    --
    Dipti


     
    Dipti, Jun 9, 2005
    #8
  9. Hi Dipti,

    If you have any other further questions related the issue, please feel free
    to let me know. I'm very glad to help you.

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
    <>
    <>
    <>
    <>
    <ZeztQc$>
     
    Amanda Wang [MSFT], Jun 10, 2005
    #9
  10. Dipti

    Dipti Guest

    Hello Amanda,

    This is Dipti Ray again.Sorry for not keeping touch with you so long.
    Finally I am now doing the test on migration related issues . I created two
    way trust between domains, created migration accounts on both domains, etc.(
    as per restructuring active directory domain between two forests doumentation
    from Microsoft). As per this documentation on page 498, "configuring the
    source and target domains for SID history migration", the following steps
    needs to happen:

    1) I need to create a local group in the soure domain to support auditing
    (done)
    2) Enable TCP/ip Client support on Source domain PDC emulator (done)
    3) enable auditing on both source(windows 2000) and target (2003) domain for
    Audit account management. (done).

    My question is "this auditing is turned on default domain controller Policy
    on domain controller ou. When I will migrate groups, user etc., I will be
    migrating them under the Houston OU. So Do I have to create a group policy
    for that OU and turn auditing on there only?

    I realize it has been a while since we discuss this issue. Please review my
    earlier posts to get the back round info. Thanks a lot.


    --
    Dipti


     
    Dipti, Aug 3, 2005
    #10
  11. Dipti

    Dipti Guest

    Just wanted to check ihow migration account need to be set up. If Ihave a two
    way trust set up between two domains and I create a migration account on
    source domain which has a delegated control on target domain "houston" OU, do
    I still need to set up a separate migration account set up on target domain?
    During my test porcess I did set up a separate migration account for target
    domain which is a member of domain admin group and started ADMT2 with this
    account. By membership of domain admin, this account should have all needed
    permission to administer the domain. But when I run Group account migration
    wizard under this account, I receive the error message "Could not verify
    auditing and tcpipclientsupport on domains. Will not be able to migate sid's.
    Access is denied. AS per article 322970, this message appears if the account
    being used does not have enough permission to do migration in one or both
    domain.

    Can you tell me how exactly this account needs to be set up. Thanks.
    --
    Dipti


     
    Dipti, Aug 3, 2005
    #11
  12. Hi Dipti,

    For some reasons,Amanda will no longer work with you at this issue and I
    will instead she.

    Regarding your error message , it may caused the group on the source domain
    was created as a global group instead of as a local group.Please delete it
    and re-create it.

    Detailed information please refer to following article:
    317846 ADMT: "Could Not Verify Auditing and TcpipClientSupport on Domains"
    http://support.microsoft.com/?id=317846

    Regarding the auditing policy, based on my experience, you should configure
    it to every OU you need to.

    Thanks for using Microsoft Newsgroup.

    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security


    --------------------
    | Thread-Topic: MIgration Question
    | thread-index: AcWYcPust1jEvLMDSMy6AdX8CuYUMw==
    | X-WBNR-Posting-Host: 65.213.142.103
    | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | References: <>
    <>
    <>
    <>
    <>
    <ZeztQc$>
    <>
    <>
    <>
    <>
    | Subject: RE: MIgration Question
    | Date: Wed, 3 Aug 2005 14:19:07 -0700
    | Lines: 321
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.migration
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windows.server.migration:11467
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | Just wanted to check ihow migration account need to be set up. If Ihave a
    two
    | way trust set up between two domains and I create a migration account on
    | source domain which has a delegated control on target domain "houston"
    OU, do
    | I still need to set up a separate migration account set up on target
    domain?
    | During my test porcess I did set up a separate migration account for
    target
    | domain which is a member of domain admin group and started ADMT2 with
    this
    | account. By membership of domain admin, this account should have all
    needed
    | permission to administer the domain. But when I run Group account
    migration
    | wizard under this account, I receive the error message "Could not verify
    | auditing and tcpipclientsupport on domains. Will not be able to migate
    sid's.
    | Access is denied. AS per article 322970, this message appears if the
    account
    | being used does not have enough permission to do migration in one or both
    | domain.
    |
    | Can you tell me how exactly this account needs to be set up. Thanks.
    | --
    | Dipti
    |
    |
    | "Amanda Wang [MSFT]" wrote:
    |
    | > Hi Dipti,
    | >
    | > If you have any other further questions related the issue, please feel
    free
    | > to let me know. I'm very glad to help you.
    | >
    | > Thanks & Regards
    | >
    | > Amanda Wang [MSFT]
    | >
    | > Microsoft Online Partner Support
    | >
    | > Get Secure! - www.microsoft.com/security
    | >
    | > ====================================================================
    | >
    | > When responding to posts, please "Reply to Group" via your newsreader
    so
    | > that others may learn and benefit from your issue.
    | >
    | > =====================================================================
    | >
    | > --------------------
    | > >Thread-Topic: MIgration Question
    | > >thread-index: AcVs8kHTFcpaBfdZRdO44XT8UZRU/g==
    | > >X-WBNR-Posting-Host: 65.213.142.103
    | > >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > >References: <>
    | > <>
    | > <>
    | > <>
    | > <>
    | > <ZeztQc$>
    | > <>
    | > <>
    | > >Subject: RE: MIgration Question
    | > >Date: Thu, 9 Jun 2005 05:53:39 -0700
    | > >Lines: 307
    | > >Message-ID: <>
    | > >MIME-Version: 1.0
    | > >Content-Type: text/plain;
    | > > charset="Utf-8"
    | > >Content-Transfer-Encoding: 7bit
    | > >X-Newsreader: Microsoft CDO for Windows 2000
    | > >Content-Class: urn:content-classes:message
    | > >Importance: normal
    | > >Priority: normal
    | > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > >Newsgroups: microsoft.public.windows.server.migration
    | > >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > >Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windows.server.migration:10569
    | > >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > >
    | > >Thanks now I can start my testing process.
    | > >--
    | > >Dipti
    | > >
    | > >
    | > >"Amanda Wang [MSFT]" wrote:
    | > >
    | > >> Hello,
    | > >>
    | > >> Glad to hear from you and thanks for your effort on this issue.
    | > >>
    | > >> Based on your concerns, I would give my reply separately:
    | > >>
    | > >> 1) Use the ADMT2 to migrate from windows 2000 to 2003. During
    migration
    | > >> process, I will be given option to choose the OU to migrate my
    domain.
    | > >> During migration my domain name will be changed to my parent
    company's
    | > >> domain name? That is what needs to happen for us, since we will be
    | > assuming
    | > >> our parent company's name. Is there any need to run rendom.exe
    | > afterwards?
    | > >>
    | > >> A: Yes. During migration, your domain names will be changed to your
    | > parent
    | > >> company domain's name because after migration, the original domain
    | > should
    | > >> be removed and all the resources in old domain have been migrated to
    | > your
    | > >> parent company domain.
    | > >>
    | > >> 2) Migration order should be:
    | > >>
    | > >> domain global group
    | > >> domain local group
    | > >> user migration
    | > >> computer migration
    | > >>
    | > >> Run FSMT for file server migration.
    | > >>
    | > >> A: The above steps are right.
    | > >>
    | > >> Should I upgrade my existing exchange 2000 server to exchange 2003
    | > server
    | > >> before I use ADMT2. My understanding is exchange 2000 server can not
    | > work
    | > >> on windows server 2003 domain. So, I am assuming that I need to
    upgrade
    | > to
    | > >> exchange 2003 on windows 2000 server, then upgrade exchange server
    to
    | > >> windows 2003 server. By the way exchange server is a member server.
    | > >>
    | > >> A: For the questions related Exchange, please post them to
    | > >> Microsoft.public.exchange or Microsoft.public.exchange2000 to get
    the
    | > most
    | > >> professional and qualified support.
    | > >>
    | > >> HTH! If you have any other concerns related the original issue,
    please
    | > >> feel free to let me know.
    | > >>
    | > >> Thanks & Regards
    | > >>
    | > >> Amanda Wang [MSFT]
    | > >>
    | > >> Microsoft Online Partner Support
    | > >>
    | > >> Get Secure! - www.microsoft.com/security
    | > >>
    | > >> ====================================================================
    | > >>
    | > >> When responding to posts, please "Reply to Group" via your
    newsreader so
    | > >> that others may learn and benefit from your issue.
    | > >>
    | > >> =====================================================================
    | > >>
    | > >> --------------------
    | > >> >Thread-Topic: MIgration Question
    | > >> >thread-index: AcVsX8Q76CkKp/OQRFmnnQ+IEwFWig==
    | > >> >X-WBNR-Posting-Host: 65.213.142.103
    | > >> >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > >> >References: <>
    | > >> <>
    | > >> <>
    | > >> <>
    | > >> <>
    | > >> <ZeztQc$>
    | > >> >Subject: RE: MIgration Question
    | > >> >Date: Wed, 8 Jun 2005 12:25:02 -0700
    | > >> >Lines: 334
    | > >> >Message-ID: <>
    | > >> >MIME-Version: 1.0
    | > >> >Content-Type: text/plain;
    | > >> > charset="Utf-8"
    | > >> >Content-Transfer-Encoding: 8bit
    | > >> >X-Newsreader: Microsoft CDO for Windows 2000
    | > >> >Content-Class: urn:content-classes:message
    | > >> >Importance: normal
    | > >> >Priority: normal
    | > >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > >> >Newsgroups: microsoft.public.windows.server.migration
    | > >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > >> >Xref: TK2MSFTNGXA01.phx.gbl
    | > microsoft.public.windows.server.migration:10559
    | > >> >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > >> >
    | > >> >Sorry to bother you again. I wanted to clarify the steps I need to
    do
    | > for
    | > >> >this migration process to work.
    | > >> >
    | > >> >1)Use the ADMT2 to migrate from windows 2000 to 2003. During
    migration
    | > >> >process, I will be given option to choose the OU to migrate my
    domain.
    | > >> During
    | > >> >migration my domain name will be changed to my parent company's
    domain
    | > >> >name? That is what needs to happen for us, since we will be
    assuming
    | > our
    | > >> >parent company's name. Is there any need to run rendom.exe
    afterwards?
    | > >> >
    | > >> >Migration order shold be :
    | > >> >
    | > >> >domain global group
    | > >> >domain local group
    | > >> >user migration
    | > >> >computer migration
    | > >> >
    | > >> >Run FSMT for file server migration.
    | > >> >
    | > >> >Should I upgrade my existing exchange 2000 server to exchagne 2003
    | > server
    | > >> >before I use ADMT2. My understanding is exchange 2000 server can
    not
    | > work
    | > >> on
    | > >> >windows server 2003 domain. So, I am assuming that I need to
    upgrade to
    | > >> >exchange 2003 on windows 2000 server, then upgrade exchange server
    to
    | > >> windows
    | > >> >2003 server. By the way exchange server is a member server.
    | > >> >
    | > >> >Thanks again for the help.
    | > >> >
    | > >> >
    | > >> >
    | > >> >--
    | > >> >Dipti
    | > >> >
    | > >> >
    | > >> >"Amanda Wang [MSFT]" wrote:
    | > >> >
    | > >> >> Hello,
    | > >> >>
    | > >> >> Thanks for your post.
    | > >> >>
    | > >> >> I understand your current concern is to make sure that all
    | > >> >> file/folder/share permissions are going to be carried over.
    | > >> >>
    | > >> >> Related the file's migration, we always use the FSMT tool to
    achieve
    | > the
    | > >> >> goal. At the same time, the permissions are also been
    transferred to
    | > >> new
    | > >> >> Win2k3 server. You can download it from here:
    | > >> >>
    | > >> >> Microsoft File Server Migration Toolkit 1.0
    | > >> >>
    | > >>
    | >
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-
    | > >> >> b595-66f462f5d87b&DisplayLang=en
    | > >> >>
    | > >> >> For more references related FSMT:
    | > >> >>
    | > >> >> Microsoft File Server Migration Toolkit FSMT Site:
    | > >> >>
    | > >>
    | >
    http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfsc.mspx
    | > >> >>
    | > >> >> Overview of the Microsoft File Server Migration Toolkit white
    paper
    | > of
    | > >> FSMT
    | > >> >>
    | > >>
    | >
    http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_over
    | > >> >> view.mspx
    | > >> >>
    | > >> >> Frequently Asked Questions About File Server Migration
    | > >> >>
    | > >>
    | >
    http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faqs
    | > >> >> .mspx
    | > >> >>
    | > >> >> HTH!
    | > >> >>
    | > >> >> Thanks & Regards
    | > >> >>
    | > >> >> Amanda Wang [MSFT]
    | > >> >>
    | > >> >> Microsoft Online Partner Support
    | > >> >>
    | > >> >> Get Secure! - www.microsoft.com/security
    | > >> >>
    | > >> >>
    ====================================================================
    | > >> >>
    | > >> >> When responding to posts, please "Reply to Group" via your
    newsreader
    | > so
    | > >> >> that others may learn and benefit from your issue.
    | > >> >>
    | > >> >>
    =====================================================================
    | > >> >>
    | > >> >> --------------------
    | > >> >> >Thread-Topic: MIgration Question
    | > >> >> >thread-index: AcVrb8wygNFBCuKOSNmJfLHen8s5Bg==
    | > >> >> >X-WBNR-Posting-Host: 65.213.142.103
    | > >> >> >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > >> >> >References:
    <>
    | > >> >> <>
    | > >> >> <>
    | > >> >> <>
    | > >> >> >Subject: RE: MIgration Question
    | > >> >> >Date: Tue, 7 Jun 2005 07:47:16 -0700
    | > >> >> >Lines: 308
    | > >> >> >Message-ID: <>
    | > >> >> >MIME-Version: 1.0
    | > >> >> >Content-Type: text/plain;
    | > >> >> > charset="Utf-8"
    | > >> >> >Content-Transfer-Encoding: 8bit
    | > >> >> >X-Newsreader: Microsoft CDO for Windows 2000
    | > >> >> >Content-Class: urn:content-classes:message
    | > >> >> >Importance: normal
    | > >> >> >Priority: normal
    | > >> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > >> >> >Newsgroups: microsoft.public.windows.server.migration
    | > >> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > >> >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > >> >> >Xref: TK2MSFTNGXA01.phx.gbl
    | > >> microsoft.public.windows.server.migration:10537
    | > >> >> >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > >> >> >
    | > >> >> >My concern at this point is to make sure that all
    file/folder/share
    | > >> >> >permission are going to carried over. Please confirm.
    | > >> >> >--
    | > >> >> >Dipti
    | > >> >> >
    | > >> >> >
    | > >> >> >"Amanda Wang [MSFT]" wrote:
    | > >> >> >
    | > >> >> >> Hello,
    | > >> >> >>
    | > >> >> >> Glad to hear from you and thanks for your detailed information
    | > based
    | > >> on
    | > >> >> >> your scenario.
    | > >> >> >>
    | > >> >> >> First, please help me confirm my understanding: In physically,
    | > there
    |
     
    Vincent Xu [MSFT], Aug 4, 2005
    #12
  13. Dipti

    Dipti Guest

    Thanks for your reply. If I offended Amanda for some reason, I apologize.
    Anyways, I checked the group type in source domain and it is local security
    group.

    Regarding the migration accounts, I have two accounts. one in source domain
    which is 2000 server and one for target domain which is 2003 server. Source
    domain migration account has delegated permission on target domain. I
    installed ADMT2 on Target domain(2003) and using ADMT with 2003 domain
    migration account credential. Is this the correct procedure?

    Thanks.
    --


    Dipti


     
    Dipti, Aug 4, 2005
    #13
  14. Hi Dipti,

    Amanda cannot be here because of her personal issue.

    Regarding your problem, I'm afraid there are lot of things to be checked,
    and they may be complex.

    1. The source domain must trust the target domain
    2. The user account that is running ADMTv2 had Administrator rights in the
    source domain
    3. The ADMT user account had delegated permissions to create user or group
    objects in the target container
    4. DNS (hostname) and NetBIOS name resolution between the domains was fine?
    5. checked for Dependencies of SID history Migration
    6. Success and failure auditing of account management for both source and
    target domains
    7. The
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\TcpipClientSupport
    registry key must be set to 1 on the source domain primary domain
    controller.
    8. restart the source domain primary domain controller after the registry
    configuration
    9. If the target domain is a Windows Server 2003 domain, Windows security
    requires user credentials with administrator rights in the target domain
    10. If the Domain Admins global group from the source domain was added to
    the Administrators local group in the target domain
    11. If the Domain Admins global group from the target domain was added to
    the Administrators local group in the source domain

    I think the description of the usage of ADMT is right.Please also refer to
    following articles:

    Active Directory Migration Tool Overview
    <http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt
    .asp>

    How to set up ADMT for Windows NT 4.0 to Windows 2000 migration
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

    Windows 2000 Active Directory Migration Tool
    <http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/w2ka
    dmt.mspx>

    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security


    --------------------
    | Thread-Topic: MIgration Question
    | thread-index: AcWY/V78I8Q4gMJaSH6ChmmMy3cThQ==
    | X-WBNR-Posting-Host: 65.213.142.103
    | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | References: <>
    <>
    <>
    <>
    <>
    <ZeztQc$>
    <>
    <>
    <>
    <>
    <>
    <>
    | Subject: RE: MIgration Question
    | Date: Thu, 4 Aug 2005 07:04:03 -0700
    | Lines: 319
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.migration
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windows.server.migration:11479
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | Thanks for your reply. If I offended Amanda for some reason, I apologize.
    | Anyways, I checked the group type in source domain and it is local
    security
    | group.
    |
    | Regarding the migration accounts, I have two accounts. one in source
    domain
    | which is 2000 server and one for target domain which is 2003 server.
    Source
    | domain migration account has delegated permission on target domain. I
    | installed ADMT2 on Target domain(2003) and using ADMT with 2003 domain
    | migration account credential. Is this the correct procedure?
    |
    | Thanks.
    | --
    |
    |
    | Dipti
    |
    |
    | "Vincent Xu [MSFT]" wrote:
    |
    | > Hi Dipti,
    | >
    | > For some reasons,Amanda will no longer work with you at this issue and
    I
    | > will instead she.
    | >
    | > Regarding your error message , it may caused the group on the source
    domain
    | > was created as a global group instead of as a local group.Please delete
    it
    | > and re-create it.
    | >
    | > Detailed information please refer to following article:
    | > 317846 ADMT: "Could Not Verify Auditing and TcpipClientSupport on
    Domains"
    | > http://support.microsoft.com/?id=317846
    | >
    | > Regarding the auditing policy, based on my experience, you should
    configure
    | > it to every OU you need to.
    | >
    | > Thanks for using Microsoft Newsgroup.
    | >
    | > Best regards,
    | >
    | > Vincent Xu
    | > Microsoft Online Partner Support
    | >
    | > Get Secure! - www.microsoft.com/security
    | >
    | >
    | > --------------------
    | > | Thread-Topic: MIgration Question
    | > | thread-index: AcWYcPust1jEvLMDSMy6AdX8CuYUMw==
    | > | X-WBNR-Posting-Host: 65.213.142.103
    | > | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | References: <>
    | > <>
    | > <>
    | > <>
    | > <>
    | > <ZeztQc$>
    | > <>
    | > <>
    | > <>
    | > <>
    | > | Subject: RE: MIgration Question
    | > | Date: Wed, 3 Aug 2005 14:19:07 -0700
    | > | Lines: 321
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | Newsgroups: microsoft.public.windows.server.migration
    | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | Xref: TK2MSFTNGXA01.phx.gbl
    | > microsoft.public.windows.server.migration:11467
    | > | X-Tomcat-NG: microsoft.public.windows.server.migration
    | > |
    | > | Just wanted to check ihow migration account need to be set up. If
    Ihave a
    | > two
    | > | way trust set up between two domains and I create a migration account
    on
    | > | source domain which has a delegated control on target domain
    "houston"
    | > OU, do
    | > | I still need to set up a separate migration account set up on target
    | > domain?
    | > | During my test porcess I did set up a separate migration account for
    | > target
    | > | domain which is a member of domain admin group and started ADMT2 with
    | > this
    | > | account. By membership of domain admin, this account should have all
    | > needed
    | > | permission to administer the domain. But when I run Group account
    | > migration
    | > | wizard under this account, I receive the error message "Could not
    verify
    | > | auditing and tcpipclientsupport on domains. Will not be able to
    migate
    | > sid's.
    | > | Access is denied. AS per article 322970, this message appears if the
    | > account
    | > | being used does not have enough permission to do migration in one or
    both
    | > | domain.
    | > |
    | > | Can you tell me how exactly this account needs to be set up. Thanks.
    | > | --
    | > | Dipti
    | > |
    | > |
    | > | "Amanda Wang [MSFT]" wrote:
    | > |
    | > | > Hi Dipti,
    | > | >
    | > | > If you have any other further questions related the issue, please
    feel
    | > free
    | > | > to let me know. I'm very glad to help you.
    | > | >
    | > | > Thanks & Regards
    | > | >
    | > | > Amanda Wang [MSFT]
    | > | >
    | > | > Microsoft Online Partner Support
    | > | >
    | > | > Get Secure! - www.microsoft.com/security
    | > | >
    | > | > ====================================================================
    | > | >
    | > | > When responding to posts, please "Reply to Group" via your
    newsreader
    | > so
    | > | > that others may learn and benefit from your issue.
    | > | >
    | > | >
    =====================================================================
    | > | >
    | > | > --------------------
    | > | > >Thread-Topic: MIgration Question
    | > | > >thread-index: AcVs8kHTFcpaBfdZRdO44XT8UZRU/g==
    | > | > >X-WBNR-Posting-Host: 65.213.142.103
    | > | > >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | > >References: <>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > <ZeztQc$>
    | > | > <>
    | > | > <>
    | > | > >Subject: RE: MIgration Question
    | > | > >Date: Thu, 9 Jun 2005 05:53:39 -0700
    | > | > >Lines: 307
    | > | > >Message-ID: <>
    | > | > >MIME-Version: 1.0
    | > | > >Content-Type: text/plain;
    | > | > > charset="Utf-8"
    | > | > >Content-Transfer-Encoding: 7bit
    | > | > >X-Newsreader: Microsoft CDO for Windows 2000
    | > | > >Content-Class: urn:content-classes:message
    | > | > >Importance: normal
    | > | > >Priority: normal
    | > | > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | > >Newsgroups: microsoft.public.windows.server.migration
    | > | > >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | > >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | > >Xref: TK2MSFTNGXA01.phx.gbl
    | > microsoft.public.windows.server.migration:10569
    | > | > >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > | > >
    | > | > >Thanks now I can start my testing process.
    | > | > >--
    | > | > >Dipti
    | > | > >
    | > | > >
    | > | > >"Amanda Wang [MSFT]" wrote:
    | > | > >
    | > | > >> Hello,
    | > | > >>
    | > | > >> Glad to hear from you and thanks for your effort on this issue.
    | > | > >>
    | > | > >> Based on your concerns, I would give my reply separately:
    | > | > >>
    | > | > >> 1) Use the ADMT2 to migrate from windows 2000 to 2003. During
    | > migration
    | > | > >> process, I will be given option to choose the OU to migrate my
    | > domain.
    | > | > >> During migration my domain name will be changed to my parent
    | > company's
    | > | > >> domain name? That is what needs to happen for us, since we will
    be
    | > | > assuming
    | > | > >> our parent company's name. Is there any need to run rendom.exe
    | > | > afterwards?
    | > | > >>
    | > | > >> A: Yes. During migration, your domain names will be changed to
    your
    | > | > parent
    | > | > >> company domain's name because after migration, the original
    domain
    | > | > should
    | > | > >> be removed and all the resources in old domain have been
    migrated to
    | > | > your
    | > | > >> parent company domain.
    | > | > >>
    | > | > >> 2) Migration order should be:
    | > | > >>
    | > | > >> domain global group
    | > | > >> domain local group
    | > | > >> user migration
    | > | > >> computer migration
    | > | > >>
    | > | > >> Run FSMT for file server migration.
    | > | > >>
    | > | > >> A: The above steps are right.
    | > | > >>
    | > | > >> Should I upgrade my existing exchange 2000 server to exchange
    2003
    | > | > server
    | > | > >> before I use ADMT2. My understanding is exchange 2000 server can
    not
    | > | > work
    | > | > >> on windows server 2003 domain. So, I am assuming that I need to
    | > upgrade
    | > | > to
    | > | > >> exchange 2003 on windows 2000 server, then upgrade exchange
    server
    | > to
    | > | > >> windows 2003 server. By the way exchange server is a member
    server.
    | > | > >>
    | > | > >> A: For the questions related Exchange, please post them to
    | > | > >> Microsoft.public.exchange or Microsoft.public.exchange2000 to
    get
    | > the
    | > | > most
    | > | > >> professional and qualified support.
    | > | > >>
    | > | > >> HTH! If you have any other concerns related the original issue,
    | > please
    | > | > >> feel free to let me know.
    | > | > >>
    | > | > >> Thanks & Regards
    | > | > >>
    | > | > >> Amanda Wang [MSFT]
    | > | > >>
    | > | > >> Microsoft Online Partner Support
    | > | > >>
    | > | > >> Get Secure! - www.microsoft.com/security
    | > | > >>
    | > | > >>
    ====================================================================
    | > | > >>
    | > | > >> When responding to posts, please "Reply to Group" via your
    | > newsreader so
    | > | > >> that others may learn and benefit from your issue.
    | > | > >>
    | > | > >>
    =====================================================================
    | > | > >>
    | > | > >> --------------------
    | > | > >> >Thread-Topic: MIgration Question
    | > | > >> >thread-index: AcVsX8Q76CkKp/OQRFmnnQ+IEwFWig==
    | > | > >> >X-WBNR-Posting-Host: 65.213.142.103
    | > | > >> >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | > >> >References:
    <>
    | > | > >> <>
    | > | > >> <>
    | > | > >> <>
    | > | > >> <>
    | > | > >> <ZeztQc$>
    | > | > >> >Subject: RE: MIgration Question
    | > | > >> >Date: Wed, 8 Jun 2005 12:25:02 -0700
    | > | > >> >Lines: 334
    | > | > >> >Message-ID: <>
    | > | > >> >MIME-Version: 1.0
    | > | > >> >Content-Type: text/plain;
    | > | > >> > charset="Utf-8"
    | > | > >> >Content-Transfer-Encoding: 8bit
    | > | > >> >X-Newsreader: Microsoft CDO for Windows 2000
    | > | > >> >Content-Class: urn:content-classes:message
    | > | > >> >Importance: normal
    | > | > >> >Priority: normal
    | > | > >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | > >> >Newsgroups: microsoft.public.windows.server.migration
    | > | > >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | > >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | > >> >Xref: TK2MSFTNGXA01.phx.gbl
    | > | > microsoft.public.windows.server.migration:10559
    | > | > >> >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > | > >> >
    | > | > >> >Sorry to bother you again. I wanted to clarify the steps I need
    to
    | > do
    | > | > for
    | > | > >> >this migration process to work.
    | > | > >> >
    | > | > >> >1)Use the ADMT2 to migrate from windows 2000 to 2003. During
    | > migration
    | > | > >> >process, I will be given option to choose the OU to migrate my
    | > domain.
    | > | > >> During
    | > | > >> >migration my domain name will be changed to my parent company's
    | > domain
    | > | > >> >name? That is what needs to happen for us, since we will be
    | > assuming
    | > | > our
    | > | > >> >parent company's name. Is there any need to run rendom.exe
    | > afterwards?
    | > | > >> >
    | > | > >> >Migration order shold be :
    | > | > >> >
    | > | > >> >domain global group
    | > | > >> >domain local group
    | > | > >> >user migration
    | > | > >> >computer migration
    | > | > >> >
    | > | > >> >Run FSMT for file server migration.
    | > | > >> >
    | > | > >> >Should I upgrade my existing exchange 2000 server to exchagne
    2003
    | > | > server
    | > | > >> >before I use ADMT2. My understanding is exchange 2000 server
    can
    | > not
    | > | > work
    | > | > >> on
    | > | > >> >windows server 2003 domain. So, I am assuming that I need to
    | > upgrade to
    | > | > >> >exchange 2003 on windows 2000 server, then upgrade exchange
    server
    | > to
    | > | > >> windows
    | > | > >> >2003 server. By the way exchange server is a member server.
    | > | > >> >
    | > | > >> >Thanks again for the help.
    | > | > >> >
    | > | > >> >
    |
     
    Vincent Xu [MSFT], Aug 5, 2005
    #14
  15. Dipti

    Dipti Guest

    Thanks.. I did get to resolve this issue now. During the testing, I did
    migrate a global group with SID history, migrated one user account. Do I now
    need to migrate the computer account then security translator? Also, I came
    across an article, which recommend to use trust migration wizard before
    starting user/group migration. Is this still necessary if I manually created
    two way external trust between forests?
    --
    Dipti


     
    Dipti, Aug 10, 2005
    #15
  16. Hi Dipti,

    Based on my experience, we recommend not to use trust migration wizard
    because some unexpect issue. So please manually create trust and then
    migration.

    By the way, our News Group Support is an issue based service, so for your
    situation, I recommend you open a new post if you have other questions and
    we can can help you on it in a more efficient manner.

    Thank you for understanding.

    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security


    --------------------
    | Thread-Topic: MIgration Question
    | thread-index: AcWd7y2cUq9MAZZQTxa5daUmVjpFhw==
    | X-WBNR-Posting-Host: 65.213.142.103
    | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | References: <>
    <>
    <>
    <>
    <>
    <ZeztQc$>
    <>
    <>
    <>
    <>
    <>
    <>
    <>
    <>
    | Subject: RE: MIgration Question
    | Date: Wed, 10 Aug 2005 14:05:03 -0700
    | Lines: 312
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.migration
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windows.server.migration:11582
    | X-Tomcat-NG: microsoft.public.windows.server.migration
    |
    | Thanks.. I did get to resolve this issue now. During the testing, I did
    | migrate a global group with SID history, migrated one user account. Do I
    now
    | need to migrate the computer account then security translator? Also, I
    came
    | across an article, which recommend to use trust migration wizard before
    | starting user/group migration. Is this still necessary if I manually
    created
    | two way external trust between forests?
    | --
    | Dipti
    |
    |
    | "Vincent Xu [MSFT]" wrote:
    |
    | > Hi Dipti,
    | >
    | > Amanda cannot be here because of her personal issue.
    | >
    | > Regarding your problem, I'm afraid there are lot of things to be
    checked,
    | > and they may be complex.
    | >
    | > 1. The source domain must trust the target domain
    | > 2. The user account that is running ADMTv2 had Administrator rights in
    the
    | > source domain
    | > 3. The ADMT user account had delegated permissions to create user or
    group
    | > objects in the target container
    | > 4. DNS (hostname) and NetBIOS name resolution between the domains was
    fine?
    | > 5. checked for Dependencies of SID history Migration
    | > 6. Success and failure auditing of account management for both source
    and
    | > target domains
    | > 7. The
    | >
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\TcpipClientSupport
    | > registry key must be set to 1 on the source domain primary domain
    | > controller.
    | > 8. restart the source domain primary domain controller after the
    registry
    | > configuration
    | > 9. If the target domain is a Windows Server 2003 domain, Windows
    security
    | > requires user credentials with administrator rights in the target domain
    | > 10. If the Domain Admins global group from the source domain was added
    to
    | > the Administrators local group in the target domain
    | > 11. If the Domain Admins global group from the target domain was added
    to
    | > the Administrators local group in the source domain
    | >
    | > I think the description of the usage of ADMT is right.Please also refer
    to
    | > following articles:
    | >
    | > Active Directory Migration Tool Overview
    | >
    <http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt
    | > .asp>
    | >
    | > How to set up ADMT for Windows NT 4.0 to Windows 2000 migration
    | > http://support.microsoft.com/default.aspx?scid=kb;en-us;260871
    | >
    | > Windows 2000 Active Directory Migration Tool
    | >
    <http://www.microsoft.com/technet/prodtechnol/windows2000serv/downloads/w2ka
    | > dmt.mspx>
    | >
    | > Best regards,
    | >
    | > Vincent Xu
    | > Microsoft Online Partner Support
    | >
    | > Get Secure! - www.microsoft.com/security
    | >
    | >
    | > --------------------
    | > | Thread-Topic: MIgration Question
    | > | thread-index: AcWY/V78I8Q4gMJaSH6ChmmMy3cThQ==
    | > | X-WBNR-Posting-Host: 65.213.142.103
    | > | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | References: <>
    | > <>
    | > <>
    | > <>
    | > <>
    | > <ZeztQc$>
    | > <>
    | > <>
    | > <>
    | > <>
    | > <>
    | > <>
    | > | Subject: RE: MIgration Question
    | > | Date: Thu, 4 Aug 2005 07:04:03 -0700
    | > | Lines: 319
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | Newsgroups: microsoft.public.windows.server.migration
    | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | Xref: TK2MSFTNGXA01.phx.gbl
    | > microsoft.public.windows.server.migration:11479
    | > | X-Tomcat-NG: microsoft.public.windows.server.migration
    | > |
    | > | Thanks for your reply. If I offended Amanda for some reason, I
    apologize.
    | > | Anyways, I checked the group type in source domain and it is local
    | > security
    | > | group.
    | > |
    | > | Regarding the migration accounts, I have two accounts. one in source
    | > domain
    | > | which is 2000 server and one for target domain which is 2003 server.
    | > Source
    | > | domain migration account has delegated permission on target domain. I
    | > | installed ADMT2 on Target domain(2003) and using ADMT with 2003
    domain
    | > | migration account credential. Is this the correct procedure?
    | > |
    | > | Thanks.
    | > | --
    | > |
    | > |
    | > | Dipti
    | > |
    | > |
    | > | "Vincent Xu [MSFT]" wrote:
    | > |
    | > | > Hi Dipti,
    | > | >
    | > | > For some reasons,Amanda will no longer work with you at this issue
    and
    | > I
    | > | > will instead she.
    | > | >
    | > | > Regarding your error message , it may caused the group on the
    source
    | > domain
    | > | > was created as a global group instead of as a local group.Please
    delete
    | > it
    | > | > and re-create it.
    | > | >
    | > | > Detailed information please refer to following article:
    | > | > 317846 ADMT: "Could Not Verify Auditing and TcpipClientSupport on
    | > Domains"
    | > | > http://support.microsoft.com/?id=317846
    | > | >
    | > | > Regarding the auditing policy, based on my experience, you should
    | > configure
    | > | > it to every OU you need to.
    | > | >
    | > | > Thanks for using Microsoft Newsgroup.
    | > | >
    | > | > Best regards,
    | > | >
    | > | > Vincent Xu
    | > | > Microsoft Online Partner Support
    | > | >
    | > | > Get Secure! - www.microsoft.com/security
    | > | >
    | > | >
    | > | > --------------------
    | > | > | Thread-Topic: MIgration Question
    | > | > | thread-index: AcWYcPust1jEvLMDSMy6AdX8CuYUMw==
    | > | > | X-WBNR-Posting-Host: 65.213.142.103
    | > | > | From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | > | References: <>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > <ZeztQc$>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > <>
    | > | > | Subject: RE: MIgration Question
    | > | > | Date: Wed, 3 Aug 2005 14:19:07 -0700
    | > | > | Lines: 321
    | > | > | Message-ID: <>
    | > | > | MIME-Version: 1.0
    | > | > | Content-Type: text/plain;
    | > | > | charset="Utf-8"
    | > | > | Content-Transfer-Encoding: 7bit
    | > | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | > | Content-Class: urn:content-classes:message
    | > | > | Importance: normal
    | > | > | Priority: normal
    | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | > | Newsgroups: microsoft.public.windows.server.migration
    | > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | > | Xref: TK2MSFTNGXA01.phx.gbl
    | > | > microsoft.public.windows.server.migration:11467
    | > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
    | > | > |
    | > | > | Just wanted to check ihow migration account need to be set up. If
    | > Ihave a
    | > | > two
    | > | > | way trust set up between two domains and I create a migration
    account
    | > on
    | > | > | source domain which has a delegated control on target domain
    | > "houston"
    | > | > OU, do
    | > | > | I still need to set up a separate migration account set up on
    target
    | > | > domain?
    | > | > | During my test porcess I did set up a separate migration account
    for
    | > | > target
    | > | > | domain which is a member of domain admin group and started ADMT2
    with
    | > | > this
    | > | > | account. By membership of domain admin, this account should have
    all
    | > | > needed
    | > | > | permission to administer the domain. But when I run Group account
    | > | > migration
    | > | > | wizard under this account, I receive the error message "Could not
    | > verify
    | > | > | auditing and tcpipclientsupport on domains. Will not be able to
    | > migate
    | > | > sid's.
    | > | > | Access is denied. AS per article 322970, this message appears if
    the
    | > | > account
    | > | > | being used does not have enough permission to do migration in one
    or
    | > both
    | > | > | domain.
    | > | > |
    | > | > | Can you tell me how exactly this account needs to be set up.
    Thanks.
    | > | > | --
    | > | > | Dipti
    | > | > |
    | > | > |
    | > | > | "Amanda Wang [MSFT]" wrote:
    | > | > |
    | > | > | > Hi Dipti,
    | > | > | >
    | > | > | > If you have any other further questions related the issue,
    please
    | > feel
    | > | > free
    | > | > | > to let me know. I'm very glad to help you.
    | > | > | >
    | > | > | > Thanks & Regards
    | > | > | >
    | > | > | > Amanda Wang [MSFT]
    | > | > | >
    | > | > | > Microsoft Online Partner Support
    | > | > | >
    | > | > | > Get Secure! - www.microsoft.com/security
    | > | > | >
    | > | > | >
    ====================================================================
    | > | > | >
    | > | > | > When responding to posts, please "Reply to Group" via your
    | > newsreader
    | > | > so
    | > | > | > that others may learn and benefit from your issue.
    | > | > | >
    | > | > | >
    | > =====================================================================
    | > | > | >
    | > | > | > --------------------
    | > | > | > >Thread-Topic: MIgration Question
    | > | > | > >thread-index: AcVs8kHTFcpaBfdZRdO44XT8UZRU/g==
    | > | > | > >X-WBNR-Posting-Host: 65.213.142.103
    | > | > | > >From: "=?Utf-8?B?RGlwdGk=?=" <>
    | > | > | > >References:
    <>
    | > | > | > <>
    | > | > | > <>
    | > | > | > <>
    | > | > | > <>
    | > | > | > <ZeztQc$>
    | > | > | > <>
    | > | > | > <>
    | > | > | > >Subject: RE: MIgration Question
    | > | > | > >Date: Thu, 9 Jun 2005 05:53:39 -0700
    | > | > | > >Lines: 307
    | > | > | > >Message-ID:
    <>
    | > | > | > >MIME-Version: 1.0
    | > | > | > >Content-Type: text/plain;
    | > | > | > > charset="Utf-8"
    | > | > | > >Content-Transfer-Encoding: 7bit
    | > | > | > >X-Newsreader: Microsoft CDO for Windows 2000
    | > | > | > >Content-Class: urn:content-classes:message
    | > | > | > >Importance: normal
    | > | > | > >Priority: normal
    | > | > | > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | > | > >Newsgroups: microsoft.public.windows.server.migration
    | > | > | > >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | > | > >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | > | > >Xref: TK2MSFTNGXA01.phx.gbl
    | > | > microsoft.public.windows.server.migration:10569
    | > | > | > >X-Tomcat-NG: microsoft.public.windows.server.migration
    | > | > | > >
    | > | > | > >Thanks now I can start my testing process.
    | > | > | > >--
    | > | > | > >Dipti
    | > | > | > >
    | > | > | > >
    | > | > | > >"Amanda Wang [MSFT]" wrote:
    | > | > | > >
    | > | > | > >> Hello,
    | > | > | > >>
    | > | > | > >> Glad to hear from you and thanks for your effort on this
    issue.
    | > | > | > >>
    | > | > | > >> Based on your concerns, I would give my reply separately:
    | > | > | > >>
    | > | > | > >> 1) Use the ADMT2 to migrate from windows 2000 to 2003.
    During
    | > | > migration
    | > | > | > >> process, I will be given option to choose the OU to migrate
    my
    | > | > domain.
    | > | > | > >> During migration my domain name will be changed to my parent
    | > | > company's
    | > | > | > >> domain name? That is what needs to happen for us, since we
    will
    | > be
    | > | > | > assuming
    | > | > | > >> our parent company's name. Is there any need to run
    rendom.exe
    | > | > | > afterwards?
    | > | > | > >>
    | > | > | > >> A: Yes. During migration, your domain names will be changed
    to
    | > your
    | > | > | > parent
    | > | > | > >> company domain's name because after migration, the original
    | > domain
    |
     
    Vincent Xu [MSFT], Aug 11, 2005
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.