yes... that is a solution (don't forget to clean it when not needed anymore!). however, when using ADMT it will not be possible to migrate domain admins with sid history. ADMT will prevent that As most of the times the domain admins group of an NT4 domain is populated will al kinds of accounts, do not migrate the membership of the domain admins group in the source to the target Jorge
________________________________ From: [EMAIL PROTECTED] on behalf of Sitton Glen E Sent: Wed 2006-01-11 20:33 To: [email protected] Subject: RE: [ActiveDir] NT and AD Permissions Hi Chandra, When you migrated the NT4 domain-admin account to your AD domain, did you keep "sidHistory"? If the new AD domain-admin account has the sidHistory of the old NT4 domain-admin account, it should have no trouble exercising 'domain-admin' rights in the NT4 domain. It will, in effect, be masquerading as the NT4 domain-admin. Look at the security token of your AD domain-admin account and see if the SID of the old NT4 domain-admin account is in there. If not, that's your problem. You need to migrate with sidHistory. - G ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chandra Burra Sent: Wednesday, January 11, 2006 12:32 PM To: [email protected] Subject: Re: [ActiveDir] NT and AD Permissions yes it is.......and it was also domain admin in old NT domain. On 1/11/06, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote: is that account member of the Domain Admins in AD? jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Chandra Burra Sent: Wed 2006-01-11 18:41 To: [email protected] Subject: [ActiveDir] NT and AD Permissions Hi, we have a NT domain and a new 2003 AD domain....Migrated a domain admin account, but after migration, that account can not connect to admin shares like C$ or D$...... is there any quick fix.. I have the Domain Admins group on AD as a member of Local Administrators group on the NT Domain...is there something i am missing?? Thanks in advance... Regards, Chandra This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
