[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3529
  • Last Modified:

ADMT v2 Computer Migration - User Profile corrupted/No permissions...? Wtf?

Greetings!

I am using the Active Directory Migration Tool v2 (ADMT) to migrate from a NT4 domain to a Win2003 domain.  I have already migrated User Accounts and Passwords, and now am migrating Computer Accounts.  Here's the problem:

I tried testing the ADMT Computer Migration on two machines: a laptop and my workstation.  (Both WINDOWS XP PRO Sp2 w/ Firewall disabled)

- The laptop went without a hitch... I did the migration, it installed the ADMT Agent, rebooted... and when I logged into the laptop with my user account on the new domain, I had my old User Profile sitting in front of me and life was good!  :)

- I did the same thing on my Workstation, but it did not go so smoothly!  I did the migration, it installed the ADMT Agent, rebooted... but when I logged in with my user account on the new domain (same as laptop), it gave the typical "cannot load profile" error (when you don't have permissions for profile) and logged me into a Temporary User Profile.  

What the heck?

I checked the permissions on the profile (C:\Documents and Settings\Bob) and they checked out ok:
OldDomain\Bob - Full Control
NewDomain\Bob - Full Control
System - Full Control
Computer\Administrator - Full Control

Ownership:
Computer\Administrator - Full Control

What the....?

I checked out the profile path in the registry under HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList\(SID)\ and both user accounts are pointing to the right directory: C:\Documents and Settings\Bob

I am at a loss.  If I had to take a wild guess, it would be that winXp can't resolve the SID of the old domain (or the new domain?) fast enough to allow me access to the profile...?

By the way, I have a two-way trust setup between both the old domain and new domain.

Please help!

Thanks :)
0
techleet
Asked:
techleet
  • 3
  • 2
1 Solution
 
mkbeanCommented:
When migrating computer accounts you should attempt to run the Security Translation portion of ADMT which will re-ACL everything to the new account.

Brian
0
 
techleetAuthor Commented:
Brian,

Where is the Security Translation?  How do you run it?
0
 
mkbeanCommented:
I don't have the documentation with me but the Security Translation is part of ADMT.  When you right click it to choose a migration (IE...Users, Groups) you should see Security Translation.  I will look for my documentation on using it.

Brian
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
binary_1001010Commented:
i believe he was talking about the SID check box.
0
 
mkbeanCommented:
Security Translation is an actual migration process just like you can migrate users and or groups.  


Brian
0
 
techleetAuthor Commented:
Interesting.  If this was the solution, why then would some machines be fine with the migration but my machine not be?  I have migrated 38 machines now, and so far it is only my workstation that is experiencing this problem.  :(
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now