Windows 2003 >> Windows 2008 R2 - ADMT Domain Migration, SID History

I am trying to migrate a windows 2003 domain to a windows 2008 domain. I have created the trust relationship
and can successfully migrate user accounts, however when i try to migrate the sid history it always fails with the following
error message:

Could not verify auditing and tcpip client support on domains, Will not be able to migrate the SID's
..Access is Denied

I have done the follwoing:

1. Added the tcpipclient support=1 option into the registry of the source domain controller

2. Enabled Management auditing in the on the dc's gpos (both domains)

Yet, still i get the same problem. I have these directions that i am not sure if i understand correctly:




To delegate the MigrateSidHistory extended right on a Microsoft Windows Server domain controller or on a computer that has the Windows Server 2003 Administration Tools pack installed, follow these steps:

Click Start, click Administrative Tools, and then clickActive Directory Users and Computers.

Right-click the name of the domain that you want to delegate the MigrateSidHistory extended right from, and then click Delegate Control to open the Delegation of Control Wizard window.

Click Next, click Add, enter the name of the user or group that you wish to add in the Select Users, Computers, or Groups dialog box, click OK, and then click Next.

Click to select theCreate a custom task to delegateoption, and then click Next.

Make sure that the This folder, existing objects in this folder, and creation of new objects in this folder option is selected, and then click Next.
Make sure that the Generaloption is selected, click Migrate SID History in the Permissions list, and then click Next.
Verify that the information is correct, and then click Finish.

If the target domain is a Windows Server 2003 domain, Windows security requires user credentials with the delegated MigratesIDHistory extended right or administrator rights in the target domain.
No sID to be migrated may exist in the target forest, either as a primary sID or as an sIDHistory attribute of another object.

I got this from: http://support.microsoft.com/kb/322970

I dont think i understand how to setup the delegation? Do i delegate "SID HIstory" to the administrator account? on both domains?
LVL 6
castellansolutionsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AwinishCommented:
The error is mostly permission error.
The ID you are using must be member of administrators,enterprise admin & domain admin group in both the domains.
I hope you are using ADMT V3.1
https://blogs.technet.com/askds/archive/2009/05/22/admt-3-1-and-windows-server-2008-r2.aspx 
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.