ncradmin
asked on
ADMT and Home Drives
Experts,
I've tested migrating users to another forest\domain as well as their SID histroy. The process log does not show any errors. However, when I log into the new domain with their accounts the home drive is not mapping. It only maps up to the \\corp-fs2\users but if log back into the old domain it maps all the way through . The test file server has not yet been moved to the new domain which is what I thought was the purpose for migrating SID History. Thanks.
I've tested migrating users to another forest\domain as well as their SID histroy. The process log does not show any errors. However, when I log into the new domain with their accounts the home drive is not mapping. It only maps up to the \\corp-fs2\users but if log back into the old domain it maps all the way through . The test file server has not yet been moved to the new domain which is what I thought was the purpose for migrating SID History. Thanks.
Jay_Jay70
i dont beleive this will work until your old server is completely migrated, SID history migration is good, but not fault proof - i ran across similar issues so pulled all mys ervers across and sped up the migration big time
ASKER
Hey Jay Jay, if I do that, what is the purpose of the SID Migration? So you suggest moving the file server over using ADMT as well? then moving the Users? I ran accross a article which I will try. Have you seen this before?See below...
"On PDC run:
NETDOM TRUST trusting_domain_name /Domain:trusted_domain_nam
/EnableSIDHistory Valid only for an outbound, forest trust. Specifying "yes"
allows users migrated to the trusted forest from any other forest, to use SID history to access resources in this forest. This should be done only if the trusted forest administrators can be trusted enough to specify SIDs of this forest in the SID history attribute of their users appropriately. Specifying "no" would disable the ability of the migrated users in the trusted forest to use SID history to access resources in this forest. Specifying
/EnableSIDHistory without yes or no will display the current state"
"On PDC run:
NETDOM TRUST trusting_domain_name /Domain:trusted_domain_nam
/EnableSIDHistory Valid only for an outbound, forest trust. Specifying "yes"
allows users migrated to the trusted forest from any other forest, to use SID history to access resources in this forest. This should be done only if the trusted forest administrators can be trusted enough to specify SIDs of this forest in the SID history attribute of their users appropriately. Specifying "no" would disable the ability of the migrated users in the trusted forest to use SID history to access resources in this forest. Specifying
/EnableSIDHistory without yes or no will display the current state"
hmm to be honest mate, i cant remember if i had to run that command when i did mine....im struggling to remember - it looks familiar and if that came from the ADMT manual, then yes, i ran it, if not then im not so sure
How big is your environment - my experience with this exact path was only about 80 users so it may be a bit callous of me to say one thing without looking at your scenario first :)
How big is your environment - my experience with this exact path was only about 80 users so it may be a bit callous of me to say one thing without looking at your scenario first :)
ASKER
I have about 750 users...the server is where the home drive and department share drives reside. When I look at the users property on the target domain after the migration it is pointing to the correct path such as \\corp-fs2\users\cgomez...
Clyde
Clyde
hey mate,
maybe look at changing that path to \\corp-fs2.domain.name
i wonder if its needs a FQDN to push it through all the way
maybe look at changing that path to \\corp-fs2.domain.name
i wonder if its needs a FQDN to push it through all the way
ASKER
I remember you mentioning something about FQDN on my other post...I'll try that. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I also found this:
http://technet2.microsoft.com/windowsserver/en/library/31915de7-ff58-4f26-a8ec-450ffca759121033.mspx?mfr=true
I'll be back in a few...
http://technet2.microsoft.com/windowsserver/en/library/31915de7-ff58-4f26-a8ec-450ffca759121033.mspx?mfr=true
I'll be back in a few...
hmmmmm i havent read that before but seen parts of it....SID history is a pig - wait till you get password migrations happening, i headbutted a wall...
ASKER
I got the pwdmig working OK...It's just this..After is email...We did look into Quest migrator as you suggested...Expensive but necessary.
hmmmm my argument is if you have enough knowledge (which you obviously do by a long shot), then you can almost everything you can with Quest with windows tools - it just does the work for you .....its just a matter of fiddling through some of the crap like this :)
ASKER
GOT IT! Finally...Maybe, jut needed a good night sleep....Here is what I did and I did not see this anywhere on the ADMT manual and swear I RTFM'd it several times...First I installed netdom.exe on the target DC which is a Windows 2003 running native. Using the command line netdom, I enabled SID history and disabled SID quarantine...Below are the exact command lines I used:
C:\>netdom trust nbg_domain /domain:national /enablesidhistory:yes /usero:admini
strator /passwordo:***
Enabling SID history for this trust.
The command completed successfully.
C:\>netdom trust nbg_domain /domain:national /quarantine:no /usero:administrator
/passwordo:***
Setting the trust to not filter SIDs.
The command completed successfully.
I logged into the target domain and was able to map my home drive from the source domain. I tested this with several users as well and they are working correctly. What I don't understand is that prior to netdom, the ADMT log showed me that the migrated accounts moved without any errors as well as showing that SIDs where mirgrated...
Jay Jay, let me know where I can find that the exchange migration utility...Thanks.
Clyde Gomez
C:\>netdom trust nbg_domain /domain:national /enablesidhistory:yes /usero:admini
strator /passwordo:***
Enabling SID history for this trust.
The command completed successfully.
C:\>netdom trust nbg_domain /domain:national /quarantine:no /usero:administrator
/passwordo:***
Setting the trust to not filter SIDs.
The command completed successfully.
I logged into the target domain and was able to map my home drive from the source domain. I tested this with several users as well and they are working correctly. What I don't understand is that prior to netdom, the ADMT log showed me that the migrated accounts moved without any errors as well as showing that SIDs where mirgrated...
Jay Jay, let me know where I can find that the exchange migration utility...Thanks.
Clyde Gomez
wow - nice work mate, thats fantastic! I didnt have to do that with my setup im sure - are you using the latest version of ADMT??? coz it sure as hell doesnt say that in the manual...
Exchange Migrations arent my forte :) it would probably grow legs and kick at you if i got involved with that one....i have done it with exmerge for small businesses, and mdaemone to exchange 07 migration manually (dont ask) and thats about it - i can Ask Kieran to give a hand if you like?
Exchange Migrations arent my forte :) it would probably grow legs and kick at you if i got involved with that one....i have done it with exmerge for small businesses, and mdaemone to exchange 07 migration manually (dont ask) and thats about it - i can Ask Kieran to give a hand if you like?
ASKER
I am using ADMT 3.0.
Sure Jay! that would be awesome...I am actually reading some articles about exchange migration wizard and in the process of setting up a new exchange 2003 server....I think the challenging part will be the mail routing..
Sure Jay! that would be awesome...I am actually reading some articles about exchange migration wizard and in the process of setting up a new exchange 2003 server....I think the challenging part will be the mail routing..
yah same version as i used....odd! maybe there was something different in our domain setups before migration - mine was an inherited bucket of ***&^(^ :)
Ill email Kieran now and get his advice, he is good with this stuff :)
James
Ill email Kieran now and get his advice, he is good with this stuff :)
James
Perhaps I am going blind, but what problems are there with Exchange here?
ASKER
Wow, you guys are fast...Hey Kieran...I just wanted to know if I use the Exchange Migration Wizard to migrated mailboxes interorg, how can I make sure that the messages are routed correctly to the new exchange...What type of connector do i need to setup? Because both exchange servers will still be existent and when someone sends an email to cgomez@rentnational.com it will to go to the source...what can I setup to forward the emails to the other exchange accross the forest? Thanks.;