No announcement yet.

admt v3 woes

  • Filter
  • Time
  • Show
Clear All
new posts

  • admt v3 woes

    I knock and seek the door of wisemen or wisewomen that can help me with this:

    I ran a user migration using admt v3 and i get the message below.

    [Settings Section]
    Task: User Migration (12)
    ADMT Console
    User: DCENG\master
    Computer: (MORDOR)
    Domain: (DCENG)
    OS: Microsoft Windows Server 2003 5.2 (3790) Service Pack 1
    Source Domain
    Name: (ENGR_NT)
    DC: (SERVER10)
    OS: Windows 2000 Server 5.0 (2195) Service Pack 3
    Target Domain
    Name: (DCENG)
    DC: (ROHAN)
    OS: Windows Server 2003 5.2 (3790) Service Pack 1
    OU: LDAP:// /CN=Users,DC=dceng,DC=nt,DC=bash,DC=com
    Intra-Forest: Yes
    Update Rights: No
    Translate Roaming Profiles: No
    Fix group membership: Yes
    Conflict Option: Ignore
    Source Disable Option: Leave source account
    Source Expiration: Do not expire source account
    Target Disable Option: Set target same as source
    Migrate groups: No
    Migrate service accounts: Yes

    [Object Migration Section]
    2005-12-07 10:02:38 Starting Account Replicator.
    2005-12-07 10:02:38 Removing CN=aabar (LDAP://,OU=Disabled Users,DC=engrnt,DC=nt,DC=bash,DC=com) from the global groups it is a member of :
    2005-12-07 10:02:38 ERR2:7422 Failed to move source object 'CN=aabar'. hr=0x80070774 Could not find the domain controller for this domain.
    2005-12-07 10:02:38 Operation completed.


    here's the summary of the enivronment.

    server10 is a windows 2000 sp3 DC - domain level : native

    mordor is a windows 2003 sp1 member server, but signed with domain admin access - domain level :windows 2003 domain.

    server10 is an old server and finally the upgrade has begun.

    both servers server as child servers to so we are in the same forest.

    now, originally i ran into problems on admt that mordor did not have enough privileges to migrate user accounts. So i had to create a domain local group on server10, i added domain admin from dceng in there. Gave the new domain local group full access to the ou of users that reside on engrnt (server10's domain). I did this because I could not add domain admin accounts from dceng to engrnt's domain admin group.

    so i've gotten past the permission problem. Now it says it cannot find the domain controller? i don't understand. I can connect to engrnt domain from dceng domain ADUC. I can even manage it. How can I not find it?

    additionally, i don't know if this is related. We are having problems with server10 (engrnt) contacting the global catalog server at I am not sure if this is related to the process.

    I know its a lot of info, but i'm hoping the wisemen and women on here can shed some light
    Last edited by roguecoolman; 14th December 2005, 01:36.

  • #2
    Re: admt v3 woes


    the error you get suggests communications problems.
    It could be that you have a problem with comm to the RID Master (unless you are running ADMT on it .

    Have a look at:



    • #3
      Re: admt v3 woes

      its really strange but i cannot isolate the communication problems.

      i've read through the articles and everything is on check.

      both domain controllers can ping each other, resolve one another by dns name.

      infact i can even manage each other active directory through ADUC, so they have the right permissions.

      i'm not sure whats resulting in a communication problem i have.


      • #4
        Re: admt v3 woes

        LDAP://,OU=Disabled Users,DC=engrnt,DC=nt,DC=bash,DC=com
        If this string has not been altered, it looks like you are trying to move an object from "" domain with a DN "CN=aabar,OU=Disabled Users,DC=engrnt,DC=nt,DC=bash,DC=com".

        "CN=aabar,OU=Disabled Users,DC=engrnt,DC=nt,DC=bash,DC=com" normally would be a DN of object in domain and not
        I would tend to think that you have not configured correctly the source and target domains...
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"


        • #5
          Re: admt v3 woes

          oh haha no i was trying trying to make the output info anonymous so iwouldn't be showing ppl my actual data.

          but now that the cat is out of the bag

          but thats not the problem. that path is correct.
          i'll edit my post.