Solved

Using ADMT to Migrate User Accounts from Windows 2000 AD Domain to a Windows 2008 Domain

Posted on 2008-10-28
3
1,282 Views
Last Modified: 2010-04-21
Hi Experts,

I created a lab environment to start working on a server migration project.  My goal is to move the user accounts from a Windows 2000 AD Server to a Windows 2008 AD Server.  I have information overload from Google, but I did not find any web page that has steps 1 through 100 that show you exactly how to do this.

I believe that what I need to do is run MS's ADMT and then figure out the rest of the process.  

What I've done so far is:
Convert our existing AD server to a VM
Created a new VM with Windows 2008 - I also installed AD services and ran DC Promo.  This also confgured DNS
On each server, I then created Secondary zones on each server

So far I think I'm on the right track...

Now when I run MS ADMT, it states that my Admin account on 2008 does not have access to the 2000 Admin account (not using the verbatim error message).  

Can anyone explain to me verbatim what to do to enable trusts between both servers?  Or am I going about this totally wrong?

Thanks!
0
Comment
Question by:byd2k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 350 total points
ID: 22825978
AD migrations require that a trust relationship be in place. You need to configure an external trust from the 2000 domain to the 2008 domain, and vice versa.

The procedures to do so are described here: http://technet.microsoft.com/en-us/library/cc738617.aspx
0
 

Author Comment

by:byd2k
ID: 22831156
Thanks for your reply.

On the Windows 2000 server, I ended up getting to step 4 where you have to enter in the other domain name.

Windows comes back with the error:  

AD cannot verify the trust.

The error returned was:  The security database on the server does not have a computer account for this workstation trust relationship.

I tried to do as the instructions state, but I can't add this server as a computer on the other server because the trust isn't setup correctly.  ;)

I upped the points.

Thanks again,
byd2k
0
 

Author Closing Comment

by:byd2k
ID: 31510827
Thanks for your help.  The instructions were pretty generic.  What I actually had to do was this process, however from the Windows 2008 side.  When I configured the server from the 2008 side for trust, it populated the trusts in Windows 2000.  For some reason I could not follow the instructions verbatim.

Thanks again,
Byd2k
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
.dn property wont validate - Powershell 2 23
NTP time source for DC 3 53
DC with error SChannel ID 36888 3 48
SSSD - Automatic kerberos ticket initialization 1 18
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question