Probelm with ADMT agent not installing 1

[draco55]

Hello all,

I have a problem using ADMT to migrate computer accounts.
I'm able to move groups, users, and the computer accounts
themselves but the client agents will not install. All I
get in the logs is "Access is denied". I double check the
trust and the source domain's admin group includes the
target's domain admin group. Liked I said before I'm able
to move the computer account itself but without the agent
installing I still have to manually join the client
computer to the new domain, and create user profiles on
the client for the new domain, then move the users
previous profile to the new. All this manual labor kind
of defeats the purpose of using the ADMT in the first
place. I wonder if any of you have seen this problem
before and know of a solution. Any comments of
suggestions will be appreciated. Thanks.

 

[Mike555]

Most likely the DNS settings on these computers need to be updated. Are these computers looking to the IP address of the old server for their DNS settings, when infact the old server is either offline or has its DHCP service stopped?

If I were a betting man, I'd bet this is what your problem is.

--
Mike

 

[Mike555]

After thinking about this some more, I've changed my mind.

The problem is probably not with your DNS settings as I originally posted. It's probably that your client computers need to have their LMHOSTS files updated. Appologized if I originally misguided you.

--
Mike

 

[draco55]

If I'm not mistaken, the source domain PDC was using the target domain DNS. I did not set the client computers LMHOSTS file to point to the target domain DC, but I did set their DNS to point to the target domain DC. I believe that my problem is a permissions configuration somewhere. I read somewhere in this forum that I need to make sure that Everyone is in the local "Pre-Windows 2000 Compatible Access" group in the target domain, and to try to log in as the domain administrator of the source domain in the target domain before I run the ADMT tool to move computer accounts. I'm not sure about the later but I will give it a try. I will try your suggestion, but my only reservation about updating the LMHOST file is that I have 350 clients to migrate by the end of next week. Do you know of a quick and practical way to update LMHOST files in client computers remotely? Thanks.

 

[Mike555]

Correct - Everyone must be in the Pre-Windows 2000 Compatible Access group in the target domain. You can set this by typing the following 2 commands at the destination server's command prompt:

Net Localgroup "Pre-Windows 2000 Compatible Access" Everyone /Add

Net Localgroup "Pre-Windows 2000 Compatible Access" "Anonymous Logon" /Add

Give this a try and see if this solves the problem.

--
Mike

 

[draco55]

Below is a copy of the agent log. I do not know why it
says that it can not find the computer, the client can
see and access files on both the source PDC and the
Target DC.

2004-09-14 10:22:41 Created account input file for remote
agents: DCTCache.003
2004-09-14 10:22:41 Installing agent on 1 servers
2004-09-14 10:22:41 The Active Directory Migration Tool
Agent will be installed on \\VLAD
2004-09-14 10:22:41 WRN1:7290 Processor architecture for
machine \\VLAD is unknown, Error accessing registry key
SYSTEM\CurrentControlSet\Control\Session
Manager\Environment rc=5 Access is denied.
2004-09-14 10:22:41 ERR2:7006 Failed to install agent on
\\VLAD, rc=5 Access is denied.
2004-09-14 10:22:41 ERR2:7005 Failed to launch agent on
\\VLAD, hr=80070005 Access is denied.
2004-09-14 10:22:42 All agents are installed. The
dispatcher is finished.

 

[Mike555]

Does this computer show up in Active Directory users and computers in the target domain after this process occurs?

--
Mike

 

[draco55]

Yes. Some else pointed out that I need to log in as a domain administrator of the source domain for the agent to work. I did just that and the agent worked just fine but it did not reboot. No big deal about it. My issue now is that when I migrate users it will not migrate their user rights. I selected to use the same user rights from the source domain. It will migrate the user account, but when I try to access servers in the source domain it ask me for a user name a password, and I have to use the source domain credentials. Which settings do I need to select to allow the migrated accounts to still be able to access server shares in the source domain.

 

[Mike555]

As long as the computer accounts show in Active Directory Users and Computers you should be ok. If any of these computers have problems connecting to the network after they show up in AD Users and Computers, for good measure you can right-click the computer account and select Reset Account.

In regards to credentials - That's a good question and unfortunately I don't know the answer. I recently migrated an SBS 4.5 network to SBS 2003, and I had to recreate all the shares and share permissions. I'm not sure if that is also the case with non-sbs Server 2003.

--
Mike

 

[draco55]

Ok, thanks. I guess I will have to experiment some more.

 

[mufka]

Login to the new DC with the account from the old DC (select the old domain as well). Then run ADMT.