Solved

Active Directory Migration

Posted on 2007-03-21
4
2,892 Views
Last Modified: 2008-05-31
Hi

Im trying to do an Active Directory migration from one domain to another, these are differnet forests i.e. abc.com and 123.com. Here's whats been done, DNS it working with secondary zones setup for each server so they can handle dns requests. I have also created the trusts between the domains and validated each fine.

However ive installed the Active Directory Migration tool but when i got to move a user I get the following error in the log
2007-03-21 20:28:05 ERR2:7301 Failed to migrate source object 'CN=admin admin' to domain 'abc.com'. The target object could not be created. hr=0x80070005  Access is denied.

Can yoy help?
Thanks
0
Comment
Question by:kev8326
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 18767537
are you using crenetials from your domain or from the source domain?
0
 

Author Comment

by:kev8326
ID: 18769989
Hi

I believe that is where i was going wrong, i was putting in details of the target domain rather than the source. It appears i've moved forward and gained another stumbling block...

I get a message SID History for test1 cannot be updated because auditing is not enabled on abc.com.   rc=8536.\n  This operation requires that auditing be enabled for Success and Failure auditing of account management operations

I have enabled this in group policy and made sure that it has success and failures. this is done at the root of AD and there isnt anything to stop it propogating to other OU's.

Is there something ive missed?
thanks
0
 

Author Comment

by:kev8326
ID: 18771866
Hi

Somehow got it working, i also added the admin on domain A to the account operators group in Domain B and it started working. Does that sound like it was the isue?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18789872
deffinitely, you need to have the priviliges on the local domain :) Nice work mate!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question