Solved

Password Migration encryption key

Posted on 2009-05-18
4
1,224 Views
Last Modified: 2012-05-07
I am trying to do an AD migration to another domain.  I am trying to create the encryption key for the password migration.  I am using ADMT v3.  Here is what I have typed that keeps getting errors.

at command line:


admt key /option:create/sourcedomain:a.local/keyfile:c:\\migration/keypassword:xxxxx

can someone please tell me why this is not working and what I need to do to correct this problem?
0
Comment
Question by:PC4N6
  • 2
4 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24418036
need more info:

What is your domain 2000, 2003 or 2008?
Have you installed the PE service yet?
Have you checked that ADMT 3 is the correct version for your domain?
What do you find in the event logs, but more importantly, what is the error your experiencing?
0
 

Author Comment

by:PC4N6
ID: 24420555
it is a 2003 domain...I am trying to install the PE service, but I can't create the encryption key...yes v3 is what I need...never gets to the event logs b/c I cant get the key set.  I get an error in the command line that says the syntax is wrong, but I am doing it exactly like the microsoft manual says...
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24427762
have you verified the trust setup is working before starting?

I found this:
At a command prompt, run the ADMT KEY sourcedomainpath [* | password] command to create the password export key file (.pes). In this example, sourcedomain is the NetBIOS name of the source domain and path is the file path where the key will be created. The path must be local, but can point to removable media such as a floppy disk drive, ZIP drive, or writable CD media. If you type the optional password at the end of the command, ADMT protects the .pes file with the password. If you type the asterisk (*), ADMT prompts for a password, and the system will not echo it as it is typed.

Just wondering if you've tried the * option?
0
 

Expert Comment

by:imjohnwu
ID: 24523962
Install the ADMT v3.1 on a member server on the Target Domain.  After running the command, copy the encryption key file to a Domain Controller on the Source Domain and where the PES program called "pwdmig" is executed from.

Note the spaces are replace with "^"

C:\Windows\system32>admt^key^/option:create^/sourcedomain:lc^/keyfile:"c:\key\pes_encryption_key"^/keypassword:Pa$$w0rd

The password export server encryption key for domain 'lc' was successfully creat
ed and saved to 'c:\key\pes_encryption_key.pes'.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question