Hi Tom
Is it possible to put secondary zones for the new forest on the old forest
DNS servers - so instead of double forwarding (to bind and back) clients
can look up the new domain directly. In our migration we did it both ways.
The servers in the new forest contain secondaries for the old forest and
the servers in the old forest contain secondaries for the new forest - thus
either DNS configuration in the interim stage can see all AD records on
both sides.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
202-230-2983
[EMAIL PROTECTED]
|---------+---------------------------------->
| | Tom Kern |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org |
| | |
| | |
| | 12/28/2005 09:39 AM EST|
| | Please respond to |
| | ActiveDir |
|---------+---------------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: activedirectory <[email protected]>
|
| cc: (bcc: James Day/Contractor/NPS)
|
| Subject: [ActiveDir] Migration issues(OT)
|
>------------------------------------------------------------------------------------------------------------------------------|
I'm running Quest's AD Migration Manager and some workstations are
experiencing issues post migration.
Their login scripts don't run(legacy not GPO scripts) and hence their drive
mappings don't work.
This is sporadic as some users are fine.
The only thing these non working users have in common is that they all log
a event id 1000-
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 12/28/2005
Time: 7:28:49 AM
User: NT AUTHORITY\SYSTEM
Computer: OP5041534335
Description:
Windows cannot obtain the domain controller name for your computer network.
Return value (59).
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
>From eventid.net, this seems to indicate network connectivity issues but I
don't think that applies here. Many users in the sam location are fine and
all workstations are standard images, i,e; indentical.
The background is as follows- we are migrating from a win2k native mode
forest to a win2k3 FFL win2k3 forest using Quest ADMM.
The servers and user machines are all double ACL'ed and sid history is
enabled(sid filtering disabled).
The users have access to their old profiles.
The only thing I think could be an issue is DNS.
When the client is moved, he points to the DNS in the target forest. This
AD intergrated DNS server forwards anything it dosen't know to a BIND 9
server which conditionally forwards to the source domain if a query is made
for something there.
As it stands, all users/workstations have been migrated(copied) but some
servers still remain in the source domain as we are in an interim stage
right now.
Any help or ideas would be great.
Thanks a lot!
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
