No announcement yet.

Can't Add admins to Enterprise Admins in Forest.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't Add admins to Enterprise Admins in Forest.

    Hello All,
    This is my first post and i hope I'll find the help I need. I have a 2k domain called and I'm prepping a migration process to 2003. The domain name must be changed to instead of After some research, i found out that the only way to migrate users, groups, computer is to create a new domain, establish two-way trust and to use ADMT to transfer user and groups between forests.

    i transferred the DNS domain to the new DNS server / so that the new DC can resolve DC in old domain and computer names. I did all necessary prep required by ADMT and i was able to transfer users and groups maintaining their SIDs.

    The problem that i have is that i can't get ADMT to migrate computers. ADMT comes back with:
    "Failed - Can't browse \\computer01\Admin$ - Access Denied"
    Obviously this is a secuirty issue. So I added to the local administrators groups on computer01 and ran ADMT again and this time it worked. Now i realize that i got a security issue between both domains. The trust relationship between the two domains seems to be working. I can browse UNC from server01 /old domain to UNC server02 / new domain no problem and i can create, delete and modify files on each end.

    After some reading, i figured that i need to Add each domain's administrator as an Enterprise admin member in the other domain. From DC, dsa.msc > Enterprise Admins: when i try to add, i don't see as a location option. I tried from the other side and it didn't work too !!!!

    Is this a DNS issue? I'm stuck on this one and need some help. I appreciate any help.
    Last edited by realshock; 15th July 2008, 21:36.

  • #2
    Re: Can't Add admins to Enterprise Admins in Forest.

    Enterprise Admins group (when at least at W2K native mode) is a universal group and can not contain accounts from other forests.

    If I remember ADMT docs, you need to add the account that is performing the migration to BUILTIN\Administrators group. It's all there in ADMT docs.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: Can't Add admins to Enterprise Admins in Forest.

      I had the same problem and was able to resolve it. You have to create a Domain Local group, add the administrator from the other forest and then add the Domain Local group to the Enterprise admins group.