RE: [ActiveDir] ADMT and Error 7422

[Haaker, Chris]

Title: ADMT and Error 7422

Frustrating … the destination RDN conflict appears to be a collision error with the OU’s I created for the MOVETREE. I created them on the RIDMaster’s so I wouldn’t have to await replication. So I created a newer source OU and moved the account in to it. I also found you don’t want to create the destination OU ahead of time, but rather let MOVETREE create it. Now I get even further along, but still another error:   ERROR: 0x54f An internal error occurred. MoveTree cross domain move failed. The extended error is 0000054F: SvcErr: DSID-031B02E2, problem 5003 (WILL_NOT_PERFORM), data 0   ERROR: 0x54f An internal error occurred. MoveTree cross domain move failed to move object CN=Bauerle\, Nicola,CN=b1741717-6b27-490f-a2ea-b0efef1edcd2,CN=b1741717-6b27-490f-a2ea-b0efef1edcd2,CN=LostAndFound,DC=kbc,DC=kaobrands,DC=net to container ou=move,ou=terminated,dc=kbe,dc=kaobrands,dc=net   When I look this one up in support it only references ADMT not being able to enter an all caps domain name in lower case, whereas in MOVETREE you can type the command this way. I have been typing my commands in all LC so I don’t think that is it … however, the netBios names are in all caps? I don’t think that matters though . . . my syntax specifies the FQDN . . .     Chris Haaker ITS Infrastructure x7841       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Tuesday, June 21, 2005 2:43 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422   Now I feel I am very close after making the RIDMasters the source and target DC’s. I get one more error but I cannot figure it out and the KB isn’t yielding anything. Any ideas anyone?   ReturnCode: 0x210a The replication operation failed due to a collision of object names. MoveTree check destination RDN conflict for object: ou=transfer,dc=kbc,dc=kaobrands,dc=net ReturnCode: 0x0 The operation completed successfully. MoveTree cross domain move check for object: OU=Transfer,DC=kbc,DC=kaobrands,DC=net ReturnCode: 0x0 The operation completed successfully. MoveTree cross domain move check for object: CN=Bauerle\, Nicola,OU=Transfer,DC=kbc,DC=kaobrands,DC=net ReturnCode: 0x0 The operation completed successfully. MoveTree check Duplicate SAM Account Name for object: CN=Bauerle\, Nicola,OU=Transfer,DC=kbc,DC=kaobrands,DC=net     Chris Haaker ITS Infrastructure x7841       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Tuesday, June 21, 2005 2:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422   I tried the temp OU method and got this error:   ReturnCode: 0x2012 The requested operation could not be performed because the directory service is not the master for that type of operation.   And upon some research found you have to run this from and to the RID master for each domain. On to try #2     Chris Haaker ITS Infrastructure x7841       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, June 21, 2005 1:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422   hmm - I thought it wasn't an issue to pass a user account to be moved, but after checking again, it looks like movetree will only work with OUs.   as your ou=cincinnati obviously contains objects that can't be moved successfully (e.g. global groups) and that you didn't say you want to move (from your first post I thought you only wanted to move the user account), I'd simply suggest to first create a TRANSFER OU in the same domain as your user and then move your user into that emtpy OU (e.g. via ADUC).  Then use MOVETREE (or ADMT) to move the user accross to the other domain.   Ofcourse, if you do want to move all objects within the OU, you can either first change the scope of the groups to something that permits moving them (e.g. to universal groups) - but this also requires that the group's new scope doesn't collide with how the group is used (e.g. a global group can't be member of another global group when converted to a UG)...   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Dienstag, 21. Juni 2005 19:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422 movetree /start /s kbc-dc4.kbc.kaobrands.net /d kbc-ukdc3.kbe.kaobrands.net /sdn ou=cincinnati,dc=kbc,dc=kaobrands,dc=net /ddn ou=germany,dc=kbe,dc-kaobrands,dc=net /u kbc\nbauerle /p 666nb666 /verbose     Chris Haaker ITS Infrastructure x7841       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, June 21, 2005 1:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422   can you post the exact movetree command syntax you used?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Dienstag, 21. Juni 2005 19:14 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422 So I have removed the umlaut. Still no dice. I tried movetree and the funny thing is I get a ton of these:   ERROR: 0x2132 Cross-domain move of account groups is not allowed. MoveTree object CN=ManufacturingX,OU=Cincinnati,DC=kbc,DC=kaobrands,DC=net failed the Cross Domain Move Check ERROR: 0x212d Can't move objects with memberships across domain boundaries as once moved, this would violate the membership conditions of the account group.  Remove the object from any account group memberships and retry. MoveTree cross domain move failed. The extended error is 0000212D: SvcErr: DSID-031B024E, problem 5003 (WILL_NOT_PERFORM), data 0   The only group showing on her “Member of” tab is Domain Users.   MnaufacturingX is a global group in the source domain.     Chris Haaker ITS Infrastructure x7841       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, June 20, 2005 4:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADMT and Error 7422   that would then be a move operation (which ADMT does support and I've used it successfully).   the special character (ö = o-Umlaut) could be the culprid, but it should be easy for you to figure it out - just rename the account appropriately (is the umlaut in the samAccountName, the CN or the DisplayName or...?)   Anyways, you could also try to move the account via commandline using MOVETREE   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Montag, 20. Juni 2005 22:03 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADMT and Error 7422 IT Pros- I am trying to migrate a user account from one child domain to another in the same forest. They are the only two child domains in an empty root configuration. I have tried to do this from a DC in the empty root, a DC in the source domain and a DC in the destination domain. Each time I get the same result (error 7422). Looking this up in the KB references migrating a locked out account or an account with the "user must reset password" flag set. I have unlocked, unchecked and reset passwords, allowed for synchronization, etc. I also ran netdiag and dcdiag on the destination DC. No errors were present. I also then demoted (waited 24 hours) and re-promoted the DC in the destination domain. I am still getting the 7422 error. I also noted the "Migrated Objects Table Does Not Sync" error in the ADMT readme file. I have removed all group memberships from her account (minus domain user) and this did not help either. Although the supplemental error I am getting is hr=8007054f Does anyone have any experience\advice on this error? The last thing is her name has an oumlot (sp?)(..) in it as it is German. Think that could do it? All the test account migrations worked . . . Thanks! Chris