• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3330
  • Last Modified:

ADMT Update User Rights option

What kind of rights is migrated when you select Update User Rights option in ADMT? I am having an error message when I use this option when migrating users with ADMT 3.0. Here are the error: ERR2:7228 Error updating user rights for CN=UserName, rc=-2147024891  Access is denied.

I want to know what kind of rights is migrated so I can take a clear decision if I can skip this option during my migration process.
0
SysAdmWin
Asked:
SysAdmWin
1 Solution
 
brent_caskeyCommented:
Hello SysAdmWin,

It looks like you can safely ignore that error message. See the following MS KB for reference: http://support.microsoft.com/kb/929268

Regards,

brent_caskey
0
 
SysAdmWinAuthor Commented:
It's not the same thing. My error message is Access Denied and I'm not migrating from NT 4, I'm migrating from a child Windows 2000 Domain to my main Windows 2003 Domain. Noboby can tell my exactly what this option does exactly???
0
 
FADVMSAdminCommented:
I am having this same exact issue (well not me personally, but a colleague).  It works for me.

In my scenario, I'm migrating from one child domain to another child domain in the same forest.  I am a domain administrator in both child domains.  I can migrate by using this "update user rights" option without issue.

My colleague however is delegated rights to specific OUs/Objects in both domains.  I'm trying to have them do migrations without being a full domain administrator.  (Maybe this is my first issue?).  I can't for the life of me find specific information citing the need to be a domain admin.

At any rate, I don't fully understand this user rights option.  From my knowledge of user rights, they apply to specific local machines (i.e. via local security policy, or GPO).  These rights/privileges are stored locally on machines.  The ADMT tool only has access to the server ADMT is installed on, and the DCs involved in the migration.  Lastly user rights are most often provided via groups.  

With all that said I don't see how these users could possibly have *any* types of user rights on the DCs themselves, so I don't see how this option is even useful.  Am I completely missing something?
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now