Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ADMT 2.0 Computer migration issues

133 views
Skip to first unread message

Keith Geffert

unread,
Jul 31, 2003, 8:57:02 PM7/31/03
to
After reading many posts about computers migration issues I guess I'm
not alone. Were in the middle of migrating a NT4 to 2003 upgrade. Got
ADMT working well. We've migrated everything but the computer accounts.

The computer migrations all work except for the Last part, (according to
the DSTlog.txt says: failed to change domain affilation, ... unable to
locate or contact domain server.

However, joining the domain from the computer works without issue.

I've read the ADMT migration TID's and
http://support.microsoft.com/?id=316073, but they don't seem to be what
I'm seeing.

We renamed the NT4 domain to a different domain so we could keep our
original domain name. We then rejoin the workstations to this renamed
domain. Then we run ADMTv2 to migrate the comptuers to the new domain.
Everything so far has worked well, except the domain affilation at the
end of the computer migration.

There are no other servers, except the old NT4 system and the new Win2K3
server. No exchange, just file and print sharing.

I am not getting access denied messages, or credential errors.

Thanks,

Ming Chen (MSFT)

unread,
Jul 31, 2003, 9:31:23 PM7/31/03
to
Keith,

1. Check we are not renaming the machine account as part of the machine
account migration.

2. Check we have good NetBIOS (1B & 1C) and DNS name resolution to PDCE for
both NT4 & W2K domain on Target & ADMT machine.

- 180094 How to Write an LMHOSTS File for Domain Validation and Other Name

- - http://support.microsoft.com/?id=180094

- For test, you might want to put a LMHosts files on both Target & ADMT
machine, make sure we get good 1B & 1C entries on both machines.

I had run into this error before & it turns out to be a name resolution
issue.

Hope the information helped. Kindly post the result on this thread so we can
all try to help.

Sincerely,
Ming Chen, MCSE, MCSA, MCDBA, CNE
Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

"Keith Geffert" <kgef...@synpc.com> wrote in message
news:uI5nDe8V...@TK2MSFTNGP11.phx.gbl...

Keith Geffert

unread,
Jul 31, 2003, 11:20:50 PM7/31/03
to
1. We are definately not renaming machines for any part of the migration

2. I haven't touched the DNS that was setup during the inital active
directory installation.

Which domain does that error refer to? The source or target domain. It
really buggers me because it works fine manually. The ADMT machine is
the Win2K3 server.. IE the DC for the Forest.

Bennie Chen

unread,
Aug 1, 2003, 4:22:17 AM8/1/03
to
Hi Keith,

Based on my experience, it is very likely to be a name resolution issue
about the target domain.

Can you paste the log file here. Thank you!

Regards,
Bennie Chen
Product Support Services
Microsoft Corporation

Ming Chen (MSFT)

unread,
Aug 1, 2003, 11:23:39 AM8/1/03
to
Keith,

I had ran into issues in BOTH Source and Target.

The last session of DSTlog.txt on target machine should give the error code
as indicated by Bennie.

Kindly post the last session of the logs so we can all take a stab at the
error. (You can correlate it with the time you ran the ADMT.)

Sincerely,
Ming Chen, MCSE, MCSA, MCDBA, CNE
Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

"Keith Geffert" <kgef...@synpc.com> wrote in message

news:uKHnZu9...@TK2MSFTNGP09.phx.gbl...

Keith Geffert

unread,
Aug 1, 2003, 12:14:54 PM8/1/03
to
Here's a snippet

2003-07-31 13:51:00
2003-07-31 13:51:00 Active Directory Migration Tool, Starting...
2003-07-31 13:51:00 Starting Security Translator.
2003-07-31 13:51:00 Agent is running in local mode.
2003-07-31 13:51:00 Read 48 accounts from C:\Program
Files\OnePointDomainAgent\DCTCache.0082003-07-31 13:51:00
SecurityTranslation Files:Yes Shares:Yes LGroups:Yes
UserRights:Yes Printers:Yes Profiles:Yes RecycleBin:Yes
TranslationMode:Replace MYDOM_OLD mydomain.sch
2003-07-31 13:51:00 Starting
2003-07-31 13:51:00 Translating local machine.
2003-07-31 13:51:01 Skipping A:\, rc=21 The device is not ready.
2003-07-31 13:51:01 Skipping C:\. The volume does not support ACL based
security2003-07-31 13:51:01 Skipping D:\. D:\ is a CD-ROM drive.
2003-07-31 13:51:01 Processing shares on local machine.
2003-07-31 13:51:01 Processing printer security...
2003-07-31 13:51:01 Translating local groups.
2003-07-31 13:51:01 Translating user rights.
2003-07-31 13:51:01 ADMT only performs user rights translation in Append
mode.2003-07-31 13:51:01 Translating security on registry keys.
2003-07-31 13:52:12 This profile translation automatically switches from
replace mode to add mode if the user is currently logged on or if the
profile is in use for other reasons. In order to disable the switching,
you need to set the registry
HKLM\Software\Microsoft\ADMT\DisallowFallbackToAddInProfileTranslation
(REG_DWORD) to 1 on the ADMT machine.2003-07-31 13:52:12 ------Account
Detail---------
2003-07-31 13:52:12 The account detail section uses the following format:
AccountName(OwnerChanges, GroupChanges, DaclChanges,
SaclChanges).2003-07-31 13:52:12 -----------------------------
2003-07-31 13:52:12 47 users, 1 groups
2003-07-31 13:52:12 48 accounts selected. 48 resolved, 0 unresolved.
2003-07-31 13:52:12 Examined Changed Unchanged
2003-07-31 13:52:12 Files 0 0 0
2003-07-31 13:52:12 Dirs 0 0 0
2003-07-31 13:52:12 Shares 0 0 0
2003-07-31 13:52:12 Members 9 0 9
2003-07-31 13:52:12 User Rights 40 0 40
2003-07-31 13:52:12 Exchange Objects 0 0 0
2003-07-31 13:52:12 Containers 0 0 0
2003-07-31 13:52:12 DACLs 89019 0 89019
2003-07-31 13:52:13 SACLs 0 0 0
2003-07-31 13:52:13 Examined Changed No Target Not
Selected Unknown2003-07-31 13:52:13 Owners 89019
0 89019
0 02003-07-31 13:52:13 Groups 89019
0 89019
0 02003-07-31 13:52:13 DACEs 924711
0 924711
924711 02003-07-31 13:52:13 SACEs 0
0 0
0 02003-07-31 13:52:15 ERR3:7075 Failed to change
domain affiliation,
hr=8007054b The specified domain either does not exist or could not be
contacted.2003-07-31 13:52:15 Wrote result file C:\Program
Files\OnePointDomainAgent\LAB_7827859.result2003-07-31 13:52:15
Operation completed.

Ming Chen (MSFT)

unread,
Aug 1, 2003, 2:04:05 PM8/1/03
to
Keith,

This does look like a name resolution issue. I had the same exact code
before.

Can you double check the DNS we are pointing to have the correct DC SRV
records? (.MSDCS.DC._TCP_etc etc) Also put LMHosts of both Target & Source
just for test?

Ming Chen, MCSE, MCSA, MCDBA, CNE
Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================

This posting is provided AS IS with no warranties, and confers no rights.

"Keith Geffert" <kgef...@synpc.com> wrote in message
news:%237bx4fE...@TK2MSFTNGP11.phx.gbl...

Keith Geffert

unread,
Aug 1, 2003, 2:23:29 PM8/1/03
to
Ming,

All workstataions before migration are pointed to 172.16.0.2 which is
the new W2K3 AD server as primary DNS (no secondary dns)

THe DNS snapin shows the _msdcs.mydomain.sch folder, and a mydomain.sch
folder in the forward zone folder.

I did not add the target domain to the lmhosts file... just the
mydom_old domain.

Ming Chen (MSFT)

unread,
Aug 1, 2003, 8:44:12 PM8/1/03
to
Keith,

Just for test, can you add it for the source as well? Make sure you do have
"both" 1B & 1C for both domains.

Also, please make sure there is no machine already exist in the target
domain with the same name.

If this still does not work, we might need to do a Netmon trace and see what
is going on. (You might want to contact PSS if it gets to that point.)

Sincerely,


Ming Chen, MCSE, MCSA, MCDBA, CNE
Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

"Keith Geffert" <kgef...@synpc.com> wrote in message

news:OXHMwnFW...@tk2msftngp13.phx.gbl...

Bennie Chen

unread,
Aug 6, 2003, 8:14:06 AM8/6/03
to
Hi Keith,

How is the status of this issue now? Hope that the problem has been
resolved. If not, feel free to let us know.

Thank you for using Microsoft Newsgroup!

Patrik Koppanen

unread,
Sep 2, 2003, 10:36:11 AM9/2/03
to
All,

The issues we found causing this was:

1. The DHCP DNS scope was still set against wrong DNS server (correct
DNS servers must be used for location of service entries, etc =
changed DHCP DNS settings to point to correct DNS servers)

2. Make sure DHCP have DNS Domain is set for your regional AD domain
where the workstations will reside, e.g. adregional.ad.mydomain.com
(Make sure there is no static entry on the workstation, or if
required, make sure it's correct)

3. Make sure there workstation have no FIXED DNS settings, if so they
should be removed to let DHCP issue the correct DNS server (Name
server)
Before the migration starts make sure the affected workstations have
had their DHCP updated, chech DHCP lease time (One way is to lower the
DHCP scope to make sure the workstations updates their DHCP settings
on frequent basis during migration phase)

I hope this will help somebody out there.

Regards

Patrik

0 new messages