Password Migration Wizzard, w2003 to w2003, ADMT v3

I get this error when try to migrate user password:
"Unable to establish a session with the password export server. The RPC
server is unavailable"

I'm rebuild a AAA domain, so i'm transfering users and computers to a BBB
domain, and then transfereing to a new AAA (that is for now in a different
network)

 

Hi Francisco ,

I'd like to suggest you check your steps about migrate password. Please
refer to the last part of following article:

326480 How to use Active Directory Migration Tool version 2 to migrate from
Windows 2000 to Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;326480



Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

 

Hello Vincent,

I know the MS article that you have sugested.
I'm trying to make the transfer from old AAA domain to a BBB domain and
finnaly to the new AAA domain.
The problem is the first migration between the old AAA to the BBB domain.
I only can migrate users using the option that generates new complex
passwords.
I have already make, the second migration of users (and the passwords) from
domain BBB to the new AAA, but with the complex passwords that have been
generated by the first migration process.

 

Hi,

As I said, please check the last part.

If you want to migrate user account with password.You can turn on
interforest password migration by installing a DLL that runs in the context
of LSA. By running in this protected context, passwords are shielded from
being viewed in cleartext, even by the operating system. The installation
of the DLL is protected by a secret key that is created by ADMT, and must
be installed by an administrator.

To install the password migration DLL: 1. Log on as an administrator or
equivalent to the computer on which ADMT is installed.
2. At a command prompt, run the ADMT KEY sourcedomainpath [* | password]
command to create the password export key file (.pes). In this example,
sourcedomain is the NetBIOS name of the source domain and path is the file
path where the key will be created. The path must be local, but can point
to removable media such as a floppy disk drive, ZIP drive, or writable CD
media. If you type the optional password at the end of the command, ADMT
protects the .pes file with the password. If you type the asterisk (*),
ADMT prompts for a password, and the system will not echo it as it is
typed.
3. Move the .pes file you created in step 2 to the designated Password
Export Server in the source domain. This can be any domain controller, but
make sure it has a fast, reliable link to the computer that is running
ADMT.
4. Install the Password Migration DLL on the Password Export Server by
running the Pwmig.exe tool. Pwmig.exe is located in the I386\ADMT folder on
the Windows Server 2003 installation media, or the folder to which you
downloaded ADMT from the Internet.
5. When you are prompted to do so, specify the path to the .pes file that
you created in step 2. This must be a local file path.
6. After the installation completes, you must restart the server.
7. If you are ready to migrate passwords, modify the following registry key
to have a DWORD value of 1. For maximum security, do not complete this step
until you are ready to migrate.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AllowPasswordExport

otherwise, you need to use generates new complex passwords option again.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------