Solved

Password Migration encryption key

Posted on 2009-05-18
4
1,208 Views
Last Modified: 2012-05-07
I am trying to do an AD migration to another domain.  I am trying to create the encryption key for the password migration.  I am using ADMT v3.  Here is what I have typed that keeps getting errors.

at command line:


admt key /option:create/sourcedomain:a.local/keyfile:c:\\migration/keypassword:xxxxx

can someone please tell me why this is not working and what I need to do to correct this problem?
0
Comment
Question by:PC4N6
  • 2
4 Comments
 
LVL 23

Expert Comment

by:debuggerau
Comment Utility
need more info:

What is your domain 2000, 2003 or 2008?
Have you installed the PE service yet?
Have you checked that ADMT 3 is the correct version for your domain?
What do you find in the event logs, but more importantly, what is the error your experiencing?
0
 

Author Comment

by:PC4N6
Comment Utility
it is a 2003 domain...I am trying to install the PE service, but I can't create the encryption key...yes v3 is what I need...never gets to the event logs b/c I cant get the key set.  I get an error in the command line that says the syntax is wrong, but I am doing it exactly like the microsoft manual says...
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
Comment Utility
have you verified the trust setup is working before starting?

I found this:
At a command prompt, run the ADMT KEY sourcedomainpath [* | password] command to create the password export key file (.pes). In this example, sourcedomain is the NetBIOS name of the source domain and path is the file path where the key will be created. The path must be local, but can point to removable media such as a floppy disk drive, ZIP drive, or writable CD media. If you type the optional password at the end of the command, ADMT protects the .pes file with the password. If you type the asterisk (*), ADMT prompts for a password, and the system will not echo it as it is typed.

Just wondering if you've tried the * option?
0
 

Expert Comment

by:imjohnwu
Comment Utility
Install the ADMT v3.1 on a member server on the Target Domain.  After running the command, copy the encryption key file to a Domain Controller on the Source Domain and where the PES program called "pwdmig" is executed from.

Note the spaces are replace with "^"

C:\Windows\system32>admt^key^/option:create^/sourcedomain:lc^/keyfile:"c:\key\pes_encryption_key"^/keypassword:Pa$$w0rd

The password export server encryption key for domain 'lc' was successfully creat
ed and saved to 'c:\key\pes_encryption_key.pes'.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now