|
I've finally checked my notes on this and my initial
thought was correct (but the online description of movetree's
syntax doesn't make it very clear): you can move a user-object directly
(i.e. you don't have to first move it to a different OU)
also, I've just checked your pasted command in greater
detail => you've added a user account with password with the /u + /p option
(looks like the samaccount name of Nicola Bauerle...) => this option is used
to run movetree with alternate credentials, NOT to set the password of the user
in the target domain (this is moved along with the object). As the user
doesn't have any adminsitrative rights in the target, this could very well be
your culprit
to continue, check out if this command works for you to
move the account from the "cincinnati" OU (in the KBC domain) to the "germany"
OU (in the KBE domain)
movetree /check
/s RIDFSMO_SOURCEDOM /d RIDFSMO_TARGETDOM /sdn CN="Bauerle\, Nicola",ou=
=> use the "" for the CN as the name has a space in
it...
if everything works, do the same with
/start
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris Sent: Dienstag, 21. Juni 2005 21:01 To: [email protected] Subject: RE: [ActiveDir] ADMT and Error 7422 Frustrating
the
destination RDN conflict appears to be a collision error with the OUs I created
for the MOVETREE. I created them on the RIDMasters so I wouldnt have to await
replication. So I created a newer source OU and moved the account in to it. I
also found you dont want to create the destination OU ahead of time, but rather
let MOVETREE create it. Now I get even further along, but still another
error: ERROR: 0x54f
An internal error occurred. MoveTree cross
domain move failed. The extended error is 0000054F: SvcErr: DSID-031B02E2,
problem 5003 (WILL_NOT_PERFORM), data 0 ERROR: 0x54f
An internal error occurred. MoveTree cross
domain move failed to move object CN=Bauerle\,
Nicola,CN=b1741717-6b27-490f-a2ea-b0efef1edcd2,CN=b1741717-6b27-490f-a2ea-b0efef1edcd2,CN=LostAndFound,DC=kbc,DC=kaobrands,DC=net
to container
ou=move,ou=terminated,dc=kbe,dc=kaobrands,dc=net When I look this one
up in support it only references ADMT not being able to enter an all caps domain
name in lower case, whereas in MOVETREE you can type the command this way. I
have been typing my commands in all LC so I dont think that is it
however,
the netBios names are in all caps? I dont think that matters though . . . my
syntax specifies the FQDN . . . Chris
Haaker ITS
Infrastructure x7841 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Now I feel I am very
close after making the RIDMasters the source and target DCs. I get one more
error but I cannot figure it out and the KB isnt yielding anything. Any ideas
anyone? ReturnCode: 0x210a
The replication operation failed
due to a collision of object names. MoveTree check
destination RDN conflict for object:
ou=transfer,dc=kbc,dc=kaobrands,dc=net ReturnCode: 0x0 The
operation completed successfully. MoveTree cross domain
move check for object: OU=Transfer,DC=kbc,DC=kaobrands,DC=net
ReturnCode: 0x0 The
operation completed successfully. MoveTree cross domain
move check for object: CN=Bauerle\,
Nicola,OU=Transfer,DC=kbc,DC=kaobrands,DC=net ReturnCode: 0x0 The
operation completed successfully. MoveTree check
Duplicate SAM Account Name for object: CN=Bauerle\,
Nicola,OU=Transfer,DC=kbc,DC=kaobrands,DC=net Chris
Haaker ITS
Infrastructure x7841 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of I tried the temp OU
method and got this error: ReturnCode: 0x2012
The requested operation could not be performed because the directory service is
not the master for that type of operation. And upon some
research found you have to run this from and to the RID master for each domain.
On to try #2 Chris
Haaker ITS
Infrastructure x7841 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Grillenmeier,
Guido hmm - I thought it
wasn't an issue to pass a user account to be moved, but after checking again, it
looks like movetree will only work with OUs. as your
ou=cincinnati
obviously contains
objects that can't be moved successfully (e.g. global groups) and that you
didn't say you want to move (from your first post I thought you only wanted to
move the user account), I'd simply suggest to first create a TRANSFER OU in the
same domain as your user and then move your user into that emtpy OU
(e.g. via ADUC). Then use MOVETREE (or ADMT) to move the user accross to
the other domain. Ofcourse, if you do
want to move all objects within the OU, you can either first change the scope of
the groups to something that permits moving them (e.g. to universal groups) -
but this also requires that the group's new scope doesn't collide with how the
group is used (e.g. a global group can't be member of another global group when
converted to a UG)... /Guido From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of movetree /start /s
kbc-dc4.kbc.kaobrands.net /d kbc-ukdc3.kbe.kaobrands.net /sdn ou= Chris
Haaker ITS
Infrastructure x7841 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Grillenmeier,
Guido can you post the
exact movetree command syntax you used? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of So I have removed the
umlaut. Still no dice. I tried movetree and the funny thing is I get a ton of
these: ERROR: 0x2132
Cross-domain move of account groups is not allowed. MoveTree object
CN=ManufacturingX,OU= ERROR: 0x212d Can't
move objects with memberships across domain boundaries as once moved, this would
violate the membership conditions of the account group. Remove the object
from any account group memberships and retry. MoveTree cross domain
move failed. The extended error is 0000212D: SvcErr: DSID-031B024E, problem 5003
(WILL_NOT_PERFORM), data 0 The only group showing
on her Member of tab is Domain Users. MnaufacturingX is a
global group in the source domain. Chris
Haaker ITS
Infrastructure x7841 From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Grillenmeier,
Guido that would then be a
move operation (which ADMT does support and I've used it
successfully). the special character
(ö = o-Umlaut) could be the culprid, but it should be easy for you to figure it
out - just rename the account appropriately (is the umlaut in the
samAccountName, the CN or the DisplayName or...?) Anyways, you could
also try to move the account via commandline using
MOVETREE /Guido From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of IT
Pros- I
am trying to migrate a user account from one child domain to another in the same
forest. They are the only two child domains in an empty root configuration. I
have tried to do this from a DC in the empty root, a DC in the source domain and
a DC in the destination domain. Each time I get the same result (error 7422).
Looking this up in the KB references migrating a locked out account or an
account with the "user must reset password" flag set. I have unlocked, unchecked
and reset passwords, allowed for synchronization, etc. I also ran netdiag and
dcdiag on the destination DC. No errors were present. I also then demoted
(waited 24 hours) and re-promoted the DC in the destination domain. I am still
getting the 7422 error. I
also noted the "Migrated Objects Table Does Not Sync" error in the ADMT readme
file. I have removed all group memberships from her account (minus domain user)
and this did not help either. Although the supplemental error I am getting is
hr=8007054f Does anyone have any experience\advice on this
error? The
last thing is her name has an oumlot (sp?)(..) in it as it is
German. Think that could do it? All the test account migrations worked . .
. Thanks! Chris |
Title: ADMT and Error 7422
- RE: [ActiveDir] ADMT and Error 7422 Haaker, Chris
- RE: [ActiveDir] ADMT and Error 7422 Haaker, Chris
- RE: [ActiveDir] ADMT and Error 7422 Haaker, Chris
- RE: [ActiveDir] ADMT and Error 7422 Grillenmeier, Guido
