Rob, The account that you use to dispatch the agent needs to be an administrator on the workstation (at the very least they need access to the hidden shares and the registry) or you get the access denied error. You'll also need rights over the w2k3 domain to create the computer accounts during the migration. You also need the Remote Registry service to be running
>From what I recall we created a Domain Admin account in the source domain (nt4), then granted it rights over the AD in the target domain (w2k). hth Dave > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Farr, Rob UKCA > Sent: 05 December 2003 13:14 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Computer account migration > > > Hi Dave > I know what you are saying and I was hoping this was the case > as the ADMT2 tool has a very admin friendly GUI. I get as far > as despatching the agents no problem, but then the agent > fails to install with access denied > > Question > 1. I am doing the migration from the w2k3 ad server and > drilling into the NT4 domain for the machine account > migration, it denies access when the agent is trying to > install. I have run the tool with the "run as" command and > have used the NT4 domain admin account but still fails at the > same point of installing the agent Is there something I am > missing? 2. Should I logon to the w2k3 ad dc as the NT4 > admin account? > > Over..... > > -----Original Message----- > From: Thornley, Dave H [mailto:[EMAIL PROTECTED] > Sent: 05 December 2003 11:58 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Computer account migration > > Hi Rob, > > Perhaps I've missed something, but why don't you use ADMT to > migrate the machines? > > It has a two stage process where the machine accounts are > migrated first of all, then an agent is dispatched to the > workstations which changes the domain affiliation, translates > any ACLs on the machine that refer to the old domain and > reboots the workstation. > > We've done hundreds of machines like this with very few > problems. Cheers > > dave > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Farr, Rob > > UKCA > > Sent: 05 December 2003 10:59 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Computer account migration > > > > > > Thanks for this Lee! > > I will give it a go ASAP. > > > > Could I use this tool say once I have used ADMT2? > > What I mean is, if I use admt2 to migrate the machine account names > > from the NT4 domain it will put them in the ad domain as > there is over > > 250 to do. Then can I use netdom to join the machines themselves to > > the ad domain? > > > > Rob > > > > -----Original Message----- > > From: Grocott Lee BC GB [mailto:[EMAIL PROTECTED] > > Sent: 05 December 2003 09:53 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Computer account migration > > > > Hi! > > You can use netdom quite easily to remotely remove an NT client from > > its currnet domain and rejoin it to a new domain. > > For example, migrating an NT4 client from an NT4 domain to an AD > > domain. > > > > Netdom is in the Windows 2000 resource kit. Make sure you use the > > most recent version you can find, as earlier versions don't support > > the JOIN method :-/ > > > > You can use an almost identical syntax for both the REMOVE and JOIN > > commands: > > > > Netdom.exe REMOVE ComputerName /domain:DomainName /userd:DomainUser > > /passwordd:DomainUserPassword /usero:LocalUser > > /passwordO:LocalUserPassword > > > > ComputerName = The computer's name you wish to connect to (no > > backslashes!) DomainName = Your AD domain's name DomainUser = A user > > name on the AD which has sufficient rights to join the domain > > DomainUserPassword = Password for the domain user account > LocalUser = > > An account which has local administrator rights on the > remote machine > > (ComputerName) LocalUserPassword = Password for the local admin > > account > > > > This will remove the machine from it's domain. > > To rejoin it to the new domain, use almost the same syntax: > > > > Netdom.exe JOIN ComputerName /domain:DomainName /userd:DomainUser > > /passwordd:DomainUserPassword /usero:LocalUser > > /passwordO:LocalUserPassword > > > > Hope this helps! Please ask away if you have any questions.... it > > works fine here. > > > > Cheers, > > > > Lee > > > > -----Original Message----- > > From: Farr, Rob UKCA [mailto:[EMAIL PROTECTED] > > Sent: 04 December 2003 16:46 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Computer account migration > > > > Tony, > > Thanks for this, this is what I am trying to find out really, how do > > you use the netdom tool and where do u get it, I guess its from a > > resource kit? I can migrate the computer accounts from the > NT4 domain > > to w2k3 AD, e.g it basically creates the account for me, but then I > > need to actually make sure that specific computer is joined to the > > domain when you look in network identification > > > > Can you please point me in the right direction if netdom is the > > answer? > > > > Thanks > > > > Rob > > > > -----Original Message----- > > From: Tony Murray [mailto:[EMAIL PROTECTED] > > Sent: 04 December 2003 14:22 > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] Computer account migration > > > > Not sure why you would want to migrate the computer accounts. > > Why not simply create the new computer object in your OU > of choice in > > AD and then use NetDom to remotely join the computers to the new > > domain? > > > > Tony > > > > ---------- Original Message ---------------------------------- > > Wrom: BOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONE > > Reply-To: [EMAIL PROTECTED] > > Date: Thu, 4 Dec 2003 08:07:11 -0600 > > > > Hi > > Once computer accounts have been migrated using ADMT2 for NT4 to > > Windows 2003 AD, is there an easy way to make sure the computers > > migrated actually join the new domain rather than having to > physically > > visit each machine with admin rights and force the machine > to join the > > new domain? > > > > Or does the computer migration process do this? > > > > Thanks > > > > Rob > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
