Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ADMT v3 password migration Unable to establish a session with the password server. Either ther currently logged on user...

Posted on 2007-11-28
2
Medium Priority
?
7,009 Views
Last Modified: 2011-08-18
Trying to configure SID migration from the source AD 2000 DC (Child Domain) to the target AD 2003 DC (Root Domain)

Thus far...
- I have setup the trusts and I'm able to verify the trusts bothways
-I can ping the DC's eachway with the NETBios name and FQDN
-I installed PES on the Source 2000 DC
-I was able to create the PES key using "admt key /option:create /sourcedomain: SourceDomain
/keyfile:KeyFilePath"
-

During the User account Migration Wizard I get this error..

Unable to establish a session with the password export server. Either the currently logged on user does not have sufficient permissions to call the Password Export Server or the account that the Password Export Server Service is runing under (PES is using the admin account from the Target domain) does not have sufficent permissions on the target domain controller. Verify that the logged on user is a member of the Administrator group in the source domain and that the Password Export Service account can change password of user accounts in the target domain.


So, how does one make an admin account in the Target Domain a member of the Domain Admins group of the source domain or vise versa? I don't see an option of adding accounts from these two trusted domains. Is it possibly due to the source domain being a child of a root forest? Does the trusts have to be between the two root domains?
0
Comment
Question by:andersenks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 2000 total points
ID: 20372262
The group scope means you can only add accounts from say the current domain - e.g. domain local groups.

In order to make an account an admin, make it a member of builtin\administrators on the target DC which will effectively make it domain admin.

I'm typing this from memory, its been a little while since my last admt but that i think is what you need to know...
0
 

Author Comment

by:andersenks
ID: 20376548
ahhh.. that was it... I was looking everywhere to give the domains right to each other

Need to add the admin account to the "Builtin" Administrators  Security Group.

Thanks Jimbo.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question