Solved

Password Migration encryption key

Posted on 2009-05-18
4
1,214 Views
Last Modified: 2012-05-07
I am trying to do an AD migration to another domain.  I am trying to create the encryption key for the password migration.  I am using ADMT v3.  Here is what I have typed that keeps getting errors.

at command line:


admt key /option:create/sourcedomain:a.local/keyfile:c:\\migration/keypassword:xxxxx

can someone please tell me why this is not working and what I need to do to correct this problem?
0
Comment
Question by:PC4N6
  • 2
4 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24418036
need more info:

What is your domain 2000, 2003 or 2008?
Have you installed the PE service yet?
Have you checked that ADMT 3 is the correct version for your domain?
What do you find in the event logs, but more importantly, what is the error your experiencing?
0
 

Author Comment

by:PC4N6
ID: 24420555
it is a 2003 domain...I am trying to install the PE service, but I can't create the encryption key...yes v3 is what I need...never gets to the event logs b/c I cant get the key set.  I get an error in the command line that says the syntax is wrong, but I am doing it exactly like the microsoft manual says...
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24427762
have you verified the trust setup is working before starting?

I found this:
At a command prompt, run the ADMT KEY sourcedomainpath [* | password] command to create the password export key file (.pes). In this example, sourcedomain is the NetBIOS name of the source domain and path is the file path where the key will be created. The path must be local, but can point to removable media such as a floppy disk drive, ZIP drive, or writable CD media. If you type the optional password at the end of the command, ADMT protects the .pes file with the password. If you type the asterisk (*), ADMT prompts for a password, and the system will not echo it as it is typed.

Just wondering if you've tried the * option?
0
 

Expert Comment

by:imjohnwu
ID: 24523962
Install the ADMT v3.1 on a member server on the Target Domain.  After running the command, copy the encryption key file to a Domain Controller on the Source Domain and where the PES program called "pwdmig" is executed from.

Note the spaces are replace with "^"

C:\Windows\system32>admt^key^/option:create^/sourcedomain:lc^/keyfile:"c:\key\pes_encryption_key"^/keypassword:Pa$$w0rd

The password export server encryption key for domain 'lc' was successfully creat
ed and saved to 'c:\key\pes_encryption_key.pes'.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now