ADMT V3 access denied for pasword migration with PES. (win2k3)

I am trying to migrate my users from our old domain to a new one. The reason I want to do this rather then setup the new domain from scratch is time basicly. I can bring the user objects accross fine but when I try and import the passwords I get an access denied error.

I have started the PES service on the source DC and I have the two way trust in place and functioning. I have also made the required registry entries to the source DC. After serveral reboots, I am still getting the access denied message.

Much thanks in advance!
LVL 12
Who is Participating?
I would rather migrate as well.  Is the PES service running with a source account that has admin rights on both domains?  Where are you getting the access denied in the log during the migration?
Ron MalmsteadInformation Services ManagerCommented:
domain password policies derived from group policy, must match from the source to destination domains.  If you have 8 character minimum on the destination domain, and your users all have 4 and 5 character passwords it won't work.  Test this by creating a user account, choosing a password that conforms to the policy on the new domain....try to migrate it.

Also, you should be logging into the DC on the NEW domain to run admt 3,using the admt account you setup,...which should also be a member of administrators in the old domain....
I've been testing this ready for a domain migration.  I'm running the PES service using the credentials of an account in the TARGET domain.  The account is a member of the domain admins group in the target domain, and the target domain/domain admins group is a member of the administrators group on the source domain controller.

I've disabled the complex password requirement in the target domain, because I suspect most of the passwords in the source domain wouldn't meet the requirements, in which case the password wouldn't be migrated.
bhnmiAuthor Commented:
I installed ADMT as the administrator on both domains, I did not asign an account to ADMT. I added the administrator from the the new domain to the admin group of the old domain and now I am getting acces. I am going to test it a couple of times.
bhnmiAuthor Commented:
Got, I had to give the user in target domain admin rights in source. Duh!! slap myself for that one! thanks a bunch!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.