[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ADMT - migrating users from old to new domain. Groups not being associated when on new domain

Posted on 2015-01-24
9
Medium Priority
?
688 Views
Last Modified: 2015-01-30
hi guys,

I've set up an ADMT server and have done the following:

1. Set up trust between source and target.
2. set up auditing on both source and target
3. Disabled sid history filtering.

I have migrated groups from the source to the target and ensured I selected the 'migrate SID'...option also.

When I migrate a user from the source, it goes to the target. However, it doesn't have any of the groups associated to it on the source in the target. I've attached the ADMT log file also.

Thanks for helping

Yashy
log-from-ADMT.txt
0
Comment
Question by:Yashy
  • 5
  • 3
9 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40568185
When you were going through the User Migration Wizard did you make sure to check "fix Users Group Membership"?

Take a look at the below link to ensure that all of the steps are similar and that you have not missed anything.

Migrating User with ADMT

Will.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40568248
Yes I have done all of that also.

It is strange though why it migrates groups, users separately, but it won't migrate the actual groups associated to that user.

Could it be permissions related at all?
0
 
LVL 1

Author Comment

by:Yashy
ID: 40568292
Okay, one issue that I do see. When I go to the built-in Administrators on the source domain, I added the target_domain\administrator account and it only shows it as a SID rather than a normal logo.

And I get the following:

"Some of the objects names cannot be shown in their user-friendly form.
This can happen if the object is from an external domain and that domain is
not available to translate the object's name"
Administrators.jpg
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40568388
From logs it seems that you are using windows 2000 source domain which is not supported scenario

The source and target domains must be at Windows Server 2003 domain functional level or higher to run ADMT 3.2
https://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx
http://www.microsoft.com/en-in/download/confirmation.aspx?id=19188

Also I have checked that "fix group membership" is also selected, however it is not working as expected

Either you introduce 2003 \ 2008 \ 2008 R2 ADC in existing source domain (you might have) and demote windows 2000 DC, then raise domain functional level to windows 2003 at least
OR
If you already have windows 2003 DC in target domain, you can download ADMT 3.0 (deprecated version) and then migrate accounts
You will not get ADMT 3.0 from official MS source, you need to google to download older version
0
 
LVL 1

Author Comment

by:Yashy
ID: 40568416
Thank you for writing back.

We literally migrated all of the company with a Windows 2000 source domain to a Windows 2008 R2 target, but using ADMT 3.1.

If I did do that, can I just uninstall 3.2 and install it on the same server without having to reconfigure anything?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40568428
ADMT 3.1 will work, however you need to install it on 2008 member server (non R2)

The PES tool version is not changed (3.1), so you can just generate new PES file from 2008 server and install it on 2000 source DC

Check below article for more info
http://blogs.technet.com/b/askds/archive/2009/10/26/using-admt-3-1-to-migrate-to-windows-server-2008-r2-domains.aspx
0
 
LVL 1

Author Comment

by:Yashy
ID: 40568725
I did it again and even though the PES etc and user migration itself works. the groups are not becoming associated to the user on the target domain.

This is using version 3.1 of ADMT.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40568903
I hope you installed ADMT 3.1 on 2008 server only
After you install new ADMT, you need to remigrate all groups again because this new database is empty and it do not contain previous ADMT group migration data
remigrate all groups in merge mode
Ensure you will remigrate them with sid history as well
Then try to migrate users with "Fix users group membership" along with sid history, it will work
0
 
LVL 1

Author Comment

by:Yashy
ID: 40579418
It worked after I installed 3.1:)

Thanks again
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question