Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Password Migration encryption key

Posted on 2009-05-18
4
Medium Priority
?
1,259 Views
Last Modified: 2012-05-07
I am trying to do an AD migration to another domain.  I am trying to create the encryption key for the password migration.  I am using ADMT v3.  Here is what I have typed that keeps getting errors.

at command line:


admt key /option:create/sourcedomain:a.local/keyfile:c:\\migration/keypassword:xxxxx

can someone please tell me why this is not working and what I need to do to correct this problem?
0
Comment
Question by:PC4N6
  • 2
4 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24418036
need more info:

What is your domain 2000, 2003 or 2008?
Have you installed the PE service yet?
Have you checked that ADMT 3 is the correct version for your domain?
What do you find in the event logs, but more importantly, what is the error your experiencing?
0
 

Author Comment

by:PC4N6
ID: 24420555
it is a 2003 domain...I am trying to install the PE service, but I can't create the encryption key...yes v3 is what I need...never gets to the event logs b/c I cant get the key set.  I get an error in the command line that says the syntax is wrong, but I am doing it exactly like the microsoft manual says...
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 2000 total points
ID: 24427762
have you verified the trust setup is working before starting?

I found this:
At a command prompt, run the ADMT KEY sourcedomainpath [* | password] command to create the password export key file (.pes). In this example, sourcedomain is the NetBIOS name of the source domain and path is the file path where the key will be created. The path must be local, but can point to removable media such as a floppy disk drive, ZIP drive, or writable CD media. If you type the optional password at the end of the command, ADMT protects the .pes file with the password. If you type the asterisk (*), ADMT prompts for a password, and the system will not echo it as it is typed.

Just wondering if you've tried the * option?
0
 

Expert Comment

by:imjohnwu
ID: 24523962
Install the ADMT v3.1 on a member server on the Target Domain.  After running the command, copy the encryption key file to a Domain Controller on the Source Domain and where the PES program called "pwdmig" is executed from.

Note the spaces are replace with "^"

C:\Windows\system32>admt^key^/option:create^/sourcedomain:lc^/keyfile:"c:\key\pes_encryption_key"^/keypassword:Pa$$w0rd

The password export server encryption key for domain 'lc' was successfully creat
ed and saved to 'c:\key\pes_encryption_key.pes'.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question