For #1, you are apparently not migrating with SIDHistory. If you have a problem with SIDHistory and don't want to use it, then you will have to wait until you have migrated everything and repermissioned the resources before you can access resources. For #2, try http://www.akomolafe.com/TechStuff/Scripts/tabid/63/Default.aspx Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Joe Lagreca Sent: Wed 3/8/2006 2:35 PM To: [email protected] Subject: [ActiveDir] ADMT v3 implementation questions I got ADMT running in a test environment, but now have a few problems. Problem #1 When I use the wizard to migrate a computer from the source domain to the target, I then have the same machine account in both domains. Making it impossible for the target domain to access the shares of the workstation in the source domain. I have experienced this problem, and found it documented here: http://www.jsifaq.com/SUBJ/tip4600/rh4655.htm > 4655 » Logon Failure error when accessing a child domain controller from the parent domain? 08-Jan-02 > > When you attempt to access a child domain controller from the parent domain, you receive: > > Logon Failure: The target account name is incorrect. > > This error will occur if a computer in the parent domain has the same computer name as a computer in the child domain. > > To resolve the problem, rename one of the computers. > > NOTE: If the computer no longer exists, delete it's machine account. If I delete the the newly migrated computer from the target domain, I can then access the shares on the workstation in the source domain. Anyone have an idea of how I can get around this limitation? I don't think it is possible to remove the workstation from the source domain yet, as it hasn't had the agent dispatched to it to change its domain ownership. Problem #2 Even though I have already added the opposite Domain Admins group to the local Administrator group of each machine, I don't appear to have admin rights across the trust between domains. One example is that the target domain cannot access the Admin$ share of the workstation in the source domain. If I go to the source domain workstation and add the administrator of the target domain to the local Administrator group of the workstation, I can then access the Admin$ share and dispatch the ADMT agent to the workstation. Since this is not practical in a widespread migration, I need to figure out how to get administrative privileges across the trust between domains. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
