Hi Rob, I think you'll find the account needs to be in the Admins group in the target domain and the admins group on the workstations. I don't believe you need admin rights in the old domain (although it probably wouldn't hurt!).
Cheers dave > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Farr, Rob UKCA > Sent: 08 December 2003 10:48 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Computer account migration > > > I have made sure that the admin account from the ad domain is > in both domains local administrators group, will try to add > manually though too > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: 05 December 2003 18:41 > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Computer account migration > > Can you take one of the machines that's failing and manually > change domains > - just to ensure that there's no problem? > > I'm wondering if the account which is being used needs to > have both rights to the client machine in the old domain AND > rights to add machines to the new domain. Now that I think > about it, that's a very likely cause. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Farr, Rob UKCA [mailto:[EMAIL PROTECTED] > > Sent: Friday, December 05, 2003 9:30 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Computer account migration > > > > > > Roger > > I have done this just now, and get completed with errors When I look > > in the dispatch log everything is ok and it basically > states that "all > > agents are installed, the dispatcher is finished" > > > > When I check the log on the remote machine's c drive under > > c:\windows\temp\dctlog I get the following > > > > 2003-12-05 14:19:06 > > 2003-12-05 14:19:06 Active Directory Migration Tool, Starting... > > 2003-12-05 14:19:13 ERR3:7075 Failed to change domain affiliation, > > hr=8007054b The specified domain either does not exist or > > could not be > > contacted. > > 2003-12-05 14:19:13 Wrote result file C:\Program > > Files\OnePointDomainAgent\UKCA-LX-6191340216781.result > > 2003-12-05 14:19:13 Operation completed. > > > > When looking for the result file I don't see it > > > > When I chose the migration options I made sure this time > that I didn't > > tick any of the options and just tried a simple migration > > > > I also had a look on technet for the above error but couldn't find > > anything > > > > Any pointers Roger? > > > > Thanks > > > > Rob > > > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 05 December 2003 13:59 > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Computer account migration > > > > That definitely sounds like a rights issue on the source > domain side. > > > > I'd definitely try logging in as an account on the source > domain with > > sufficient credentials to install software on the client machines. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Farr, Rob UKCA [mailto:[EMAIL PROTECTED] > > > Sent: Friday, December 05, 2003 8:14 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] Computer account migration > > > > > > > > > Hi Dave > > > I know what you are saying and I was hoping this was the > > case as the > > > ADMT2 tool has a very admin friendly GUI. > > > I get as far as despatching the agents no problem, but then > > the agent > > > fails to install with access denied > > > > > > Question > > > 1. I am doing the migration from the w2k3 ad server and > > drilling into > > > the > > > NT4 domain for the machine account migration, it denies > access when > > > the agent is trying to install. I have run the tool with > > the "run as" > > > command and have used the NT4 domain admin account but > > still fails at > > > the same point of installing the agent Is there something I am > > > missing? > > > 2. Should I logon to the w2k3 ad dc as the NT4 admin account? > > > > > > Over..... > > > > > > -----Original Message----- > > > From: Thornley, Dave H [mailto:[EMAIL PROTECTED] > > > Sent: 05 December 2003 11:58 > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] Computer account migration > > > > > > Hi Rob, > > > > > > Perhaps I've missed something, but why don't you use ADMT > > to migrate > > > the machines? > > > > > > It has a two stage process where the machine accounts are migrated > > > first of all, then an agent is dispatched to the > workstations which > > > changes the domain affiliation, translates any ACLs on > the machine > > > that refer to the old domain and reboots the workstation. > > > > > > We've done hundreds of machines like this with very few problems. > > > Cheers > > > > > > dave > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Farr, Rob > > > > UKCA > > > > Sent: 05 December 2003 10:59 > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [ActiveDir] Computer account migration > > > > > > > > > > > > Thanks for this Lee! > > > > I will give it a go ASAP. > > > > > > > > Could I use this tool say once I have used ADMT2? > > > > What I mean is, if I use admt2 to migrate the machine > > account names > > > > from the NT4 domain it will put them in the ad domain as > > > there is over > > > > 250 to do. Then can I use netdom to join the machines > > themselves to > > > > the ad domain? > > > > > > > > Rob > > > > > > > > -----Original Message----- > > > > From: Grocott Lee BC GB [mailto:[EMAIL PROTECTED] > > > > Sent: 05 December 2003 09:53 > > > > To: '[EMAIL PROTECTED]' > > > > Subject: RE: [ActiveDir] Computer account migration > > > > > > > > Hi! > > > > You can use netdom quite easily to remotely remove an NT > > > client from > > > > its currnet domain and rejoin it to a new domain. > > > > For example, migrating an NT4 client from an NT4 > domain to an AD > > > > domain. > > > > > > > > Netdom is in the Windows 2000 resource kit. Make sure > > you use the > > > > most recent version you can find, as earlier versions > > don't support > > > > the JOIN method :-/ > > > > > > > > You can use an almost identical syntax for both the > > REMOVE and JOIN > > > > commands: > > > > > > > > Netdom.exe REMOVE ComputerName /domain:DomainName > > /userd:DomainUser > > > > /passwordd:DomainUserPassword /usero:LocalUser > > > > /passwordO:LocalUserPassword > > > > > > > > ComputerName = The computer's name you wish to connect to (no > > > > backslashes!) DomainName = Your AD domain's name DomainUser > > > = A user > > > > name on the AD which has sufficient rights to join the domain > > > > DomainUserPassword = Password for the domain user account > > > LocalUser = > > > > An account which has local administrator rights on the > > > remote machine > > > > (ComputerName) LocalUserPassword = Password for the local admin > > > > account > > > > > > > > This will remove the machine from it's domain. > > > > To rejoin it to the new domain, use almost the same syntax: > > > > > > > > Netdom.exe JOIN ComputerName /domain:DomainName > /userd:DomainUser > > > > /passwordd:DomainUserPassword /usero:LocalUser > > > > /passwordO:LocalUserPassword > > > > > > > > Hope this helps! Please ask away if you have any > > questions.... it > > > > works fine here. > > > > > > > > Cheers, > > > > > > > > Lee > > > > > > > > -----Original Message----- > > > > From: Farr, Rob UKCA [mailto:[EMAIL PROTECTED] > > > > Sent: 04 December 2003 16:46 > > > > To: [EMAIL PROTECTED] > > > > Subject: RE: [ActiveDir] Computer account migration > > > > > > > > Tony, > > > > Thanks for this, this is what I am trying to find out > > > really, how do > > > > you use the netdom tool and where do u get it, I guess > its from a > > > > resource kit? I can migrate the computer accounts from the > > > NT4 domain > > > > to w2k3 AD, e.g it basically creates the account for me, > > but then I > > > > need to actually make sure that specific computer is > > joined to the > > > > domain when you look in network identification > > > > > > > > Can you please point me in the right direction if netdom is the > > > > answer? > > > > > > > > Thanks > > > > > > > > Rob > > > > > > > > -----Original Message----- > > > > From: Tony Murray [mailto:[EMAIL PROTECTED] > > > > Sent: 04 December 2003 14:22 > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [ActiveDir] Computer account migration > > > > > > > > Not sure why you would want to migrate the computer accounts. > > > > Why not simply create the new computer object in your OU > > > of choice in > > > > AD and then use NetDom to remotely join the computers to the new > > > > domain? > > > > > > > > Tony > > > > > > > > ---------- Original Message ---------------------------------- > > > > Wrom: BOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONE > > > > Reply-To: [EMAIL PROTECTED] > > > > Date: Thu, 4 Dec 2003 08:07:11 -0600 > > > > > > > > Hi > > > > Once computer accounts have been migrated using ADMT2 for NT4 to > > > > Windows 2003 AD, is there an easy way to make sure the > computers > > > > migrated actually join the new domain rather than having to > > > physically > > > > visit each machine with admin rights and force the machine > > > to join the > > > > new domain? > > > > > > > > Or does the computer migration process do this? > > > > > > > > Thanks > > > > > > > > Rob > > > > > > > > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > > > http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > > > http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > List info : > > > > http://www.activedir.org/mail_list.htm > > > > List FAQ : http://www.activedir.org/list_faq.htm > > > > List archive: > > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > > http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
