Password Migration Wizzard, w2003 to w2003, ADMT v3

Discussion in 'Server Migration' started by Francisco Vaz, May 17, 2006.

  1. I get this error when try to migrate user password:
    "Unable to establish a session with the password export server. The RPC
    server is unavailable"

    I'm rebuild a AAA domain, so i'm transfering users and computers to a BBB
    domain, and then transfereing to a new AAA (that is for now in a different
    network)
     
    Francisco Vaz, May 17, 2006
    #1
    1. Advertisements

  2. Hi Francisco ,

    I'd like to suggest you check your steps about migrate password. Please
    refer to the last part of following article:

    326480 How to use Active Directory Migration Tool version 2 to migrate from
    Windows 2000 to Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;326480



    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], May 18, 2006
    #2
    1. Advertisements

  3. Hello Vincent,

    I know the MS article that you have sugested.
    I'm trying to make the transfer from old AAA domain to a BBB domain and
    finnaly to the new AAA domain.
    The problem is the first migration between the old AAA to the BBB domain.
    I only can migrate users using the option that generates new complex
    passwords.
    I have already make, the second migration of users (and the passwords) from
    domain BBB to the new AAA, but with the complex passwords that have been
    generated by the first migration process.
     
    Francisco Vaz, May 18, 2006
    #3
  4. Hi,

    As I said, please check the last part.

    If you want to migrate user account with password.You can turn on
    interforest password migration by installing a DLL that runs in the context
    of LSA. By running in this protected context, passwords are shielded from
    being viewed in cleartext, even by the operating system. The installation
    of the DLL is protected by a secret key that is created by ADMT, and must
    be installed by an administrator.

    To install the password migration DLL: 1. Log on as an administrator or
    equivalent to the computer on which ADMT is installed.
    2. At a command prompt, run the ADMT KEY sourcedomainpath [* | password]
    command to create the password export key file (.pes). In this example,
    sourcedomain is the NetBIOS name of the source domain and path is the file
    path where the key will be created. The path must be local, but can point
    to removable media such as a floppy disk drive, ZIP drive, or writable CD
    media. If you type the optional password at the end of the command, ADMT
    protects the .pes file with the password. If you type the asterisk (*),
    ADMT prompts for a password, and the system will not echo it as it is
    typed.
    3. Move the .pes file you created in step 2 to the designated Password
    Export Server in the source domain. This can be any domain controller, but
    make sure it has a fast, reliable link to the computer that is running
    ADMT.
    4. Install the Password Migration DLL on the Password Export Server by
    running the Pwmig.exe tool. Pwmig.exe is located in the I386\ADMT folder on
    the Windows Server 2003 installation media, or the folder to which you
    downloaded ADMT from the Internet.
    5. When you are prompted to do so, specify the path to the .pes file that
    you created in step 2. This must be a local file path.
    6. After the installation completes, you must restart the server.
    7. If you are ready to migrate passwords, modify the following registry key
    to have a DWORD value of 1. For maximum security, do not complete this step
    until you are ready to migrate.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AllowPasswordExport

    otherwise, you need to use generates new complex passwords option again.

    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], May 19, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.