No announcement yet.

ADMT v3.1

  • Filter
  • Time
  • Show
Clear All
new posts

  • ADMT v3.1

    I'm trying to migrate to a new 2008 domain from 2003. I've run ADMTv3.1 to migrate a test user account and test computer account. I'm running into an issue where the ADMT agent adds the computer account to the target domain, but does not join the computer to the new domain. The log file returns the follwoing error:
    ERR3:7075 Failed to change domain affiliation, hr=80070035 The network path was not found.

    The complete log file is list below
    [Settings Section]
    Task: Computer Migration (13)
    ADMT Console
    User: TargetDomain\Administrator
    Computer: DC.TargetDomain.local (DC)
    Domain: TargetDomain.local (TargetDomain)
    OS: Windows Server (R) 2008 Enterprise 6.0 (6001) Service Pack 1
    Source Domain
    Name: SorceDomain.local (SorceDomain)
    DC: DC.SorceDomain.local (DC)
    OS: Windows Server 2003 5.2 (3790) Service Pack 1
    Target Domain
    Name: TargetDomain.local (TargetDomain)
    DC: DC.TargetDomain.local (DC)
    OS: Windows ServerŪ 2008 Enterprise 6.0 (6001) Service Pack 1
    OU: ldap://TargetDomain.local/CN=Compute...omain,DC=local
    Intra-Forest: No
    Translate Option: Replace
    Translate Files: Yes
    Translate Local Groups: Yes
    Translate Printers: Yes
    Translate Registry: Yes
    Translate Rights: Yes
    Translate Shares: Yes
    Translate User Profiles: No
    Conflict Option: Merge, rights = No, members = No, move objects = No
    Perform Pre-check Only: No
    [Object Migration Section]
    2009-01-03 22:05:05 Starting Account Replicator.
    2009-01-03 22:05:06 CN=Computer - Created
    2009-01-03 22:05:06 - Set password for CN=Computer.
    2009-01-03 22:05:06 Operation completed.
    [Agent Dispatch Section]
    2009-01-03 22:05:10 Read 2 accounts from the database that were previously migrated from the domain 'SorceDomain.local' to the domain 'TargetDomain.local'.
    2009-01-03 22:05:11 Created account input file for remote agents: Accounts000013.txt
    2009-01-03 22:05:11 Installing agent on 1 servers

    2009-01-03 22:05:11 The Active Directory Migration Tool Agent will be installed on Computer.SorceDomain.local
    2009-01-03 22:05:51 Started job: Computer.SorceDomain.local 000013_Computer {8D5F10A3-AF59-4ABE-B658-5FD9E6C18035}

    [Agent Summary Section]
    ***** Start of Pre-check Summary *****
    Machine Name Status Message
    Computer.SorceDomain.local Passed
    ***** End of Pre-check Summary *****
    ***** Start of Agent Operation Summary *****
    For more information about operations that completed with warnings or errors, refer to the Agent Details section.
    Machine Name Status Message
    Computer.SorceDomain.local Completed with Errors
    ***** End of Agent Operation Summary *****
    ***** Start of Post-check Summary *****
    Machine Name Status Message
    Computer.SorceDomain.local Not Started
    ***** End of Post-check Summary *****
    [Agent Details Section]
    Details for Computer.SorceDomain.local
    Local Machine
    Computer: Computer.SorceDomain.local (Computer)
    Domain: SorceDomain.local (SorceDomain)
    OS: Microsoft Windows XP 5.1 (2600) Service Pack 2
    2009-01-03 22:19:03 Starting Security Translator.
    2009-01-03 22:19:03 Agent is running in local mode.
    2009-01-03 22:19:03 Read 2 accounts from C:\WINDOWS\OnePointDomainAgent\Accounts000013.txt
    2009-01-03 22:19:03 SecurityTranslation Files:Yes Shares:Yes LGroups:Yes UserRights:Yes Printers:Yes TranslationMode:Replace SorceDomain.local TargetDomain.local
    2009-01-03 22:19:03 Starting
    2009-01-03 22:19:03 Translating local machine.
    2009-01-03 22:19:05 Skipping A:\, rc=21 The device is not ready.
    2009-01-03 22:19:05 Processing C:\
    2009-01-03 22:20:17 Skipping D:\. D:\ is a CD-ROM drive.
    2009-01-03 22:20:17 Processing shares on local machine.
    2009-01-03 22:20:17 Processing printer security...
    2009-01-03 22:20:17 Translating local groups.
    2009-01-03 22:20:17 Translating user rights.
    2009-01-03 22:20:17 ADMT only performs user rights translation in Append mode.
    2009-01-03 22:20:17 Translating security on registry keys.
    2009-01-03 22:22:07 ------Account Detail---------
    2009-01-03 22:22:07 The account detail section uses the following format: AccountName(OwnerChanges, GroupChanges, DaclChanges, SaclChanges).
    2009-01-03 22:22:07 migrate (1159, 0, 3101, 0)
    2009-01-03 22:22:07 -----------------------------
    2009-01-03 22:22:07 2 users, 0 groups
    2009-01-03 22:22:07 2 accounts selected. 2 resolved, 0 unresolved.
    2009-01-03 22:22:07 Examined Changed Unchanged
    2009-01-03 22:22:07 Files 34450 129 34321
    2009-01-03 22:22:07 Dirs 3393 94 3299
    2009-01-03 22:22:07 Shares 1 0 1
    2009-01-03 22:22:07 Members 10 0 10
    2009-01-03 22:22:07 User Rights 60 0 60
    2009-01-03 22:22:07 Exchange Objects 0 0 0
    2009-01-03 22:22:07 Containers 0 0 0
    2009-01-03 22:22:07 DACLs 216067 1702 214365
    2009-01-03 22:22:08 SACLs 2 0 2
    2009-01-03 22:22:08 Examined Changed No Target Not Selected Unknown
    2009-01-03 22:22:08 Owners 216068 1159 214909 0 0
    2009-01-03 22:22:08 Groups 216068 0 216068 0 0
    2009-01-03 22:22:08 DACEs 1706681 3101 1703580 1703580 0
    2009-01-03 22:22:08 SACEs 4 0 4 4 0
    2009-01-03 22:22:29 ERR3:7075 Failed to change domain affiliation, hr=80070035 The network path was not found.
    2009-01-03 22:22:29 Wrote result file C:\WINDOWS\OnePointDomainAgent\000013_Computer.res ult
    2009-01-03 22:22:29 Operation completed.


  • #2
    Re: ADMT v3.1

    It looks like a DNS resolve issue.
    I assume your test machine looks at one (or more) of the DCs in SourceDomain.local. All you have to do is:

    Option I - Set forwarding from the DNS server which is configured at clients to the DNS servers of TargetDomain.local (You can use conditional forwarding for this zone only)

    Option II - Create a stub zone for TargetDomain.local on the DNS server which is configured at clients.

    That would resolve your issue.


    • #3
      Re: ADMT v3.1

      Could the DNS issue be because I have the target domain and source domain on the same subnet(192.168.2.x)?


      • #4
        Re: ADMT v3.1

        No, it shouldn't be a problem at all.

        I went over your post again. When you wrote targetdomain.local and sourcedomain.local - is that the actual names?

        Are the two domains resides in the same forest, or is it two seperate domains?

        If you type nslookup targetdomain.local on the test machine, do you get the addresses of the Domain Controllers of targetdomain.local?


        • #5
          Re: ADMT v3.1

          no...those are not the actual domains.

          Source is - delawaretribe.local and target is dcd.local

          The domains are in seperate forests.

          Nslookup on the test machine does return the adresses of the domain controler in the target domain.

          Another note of interest, I deleted the secondary dns zone for target domain from the soruce domain and created a conditional forward from source domain to the target domain, and tied again, still the same issue.

          All of the client PCs on the network can see the target domain.


          • #6
            Re: ADMT v3.1

            Let me see if I completly understand your environment:

            * Your client machine is configured to use the DNS server which is the DC of Sourcedomain.local

            * The DC of Sourcedomain.local contains the zone for sourcedomain.local and the forwards requests of targetdomain.local to one or more of the DCs of targetdomain.local.

            * The test machine you are using is unable to resolve targetdomain.local

            * Other machines are configured with the same DNS server as your test machine, and can resolve targetdomain.local?


            • #7
              Re: ADMT v3.1

              almost correct. The test machine and all others can resolve targetdomain.local.


              • #8
                Re: ADMT v3.1

                OK... First, make sure trust relations between the two domains are in place and valid.

                Can you try configuring the DNS servers of TargetDomain.Local on your test machine and run the ADMT again.

                Another thing you might want to test is if you're able to access \\targetdomain.local\sysvol from your test machine.

                If that's doesn't help, try joining the machine manually (just for the test) and see if you get an error message.

                Post back with your test results.



                • #9
                  Re: ADMT v3.1

                  The trusts appear to be functioning correctly as I can access resources in each domain from the other machines and users in the other domain.

                  I tried configuring static DNS from targetdomain.local and migrating, same error.

                  I am unable to access \\TargetDomain.local\sysvol from the test machine. I get an error message about not having permissions. It doesn't matter what account I'm logged in with on the test machine, it gives me the same error message. I am able to access \\TargetDomain.local\sysvol from other machines in the source domain.

                  When I try to manually join the test machine to the target domain, I get an error message that the network path is unavailable.


                  • #10
                    Re: ADMT v3.1

                    Originally posted by [email protected] View Post
                    I am able to access \\TargetDomain.local\sysvol from other machines in the source domain.
                    So it is just the test machine that is giving you problems?
                    ADMT migration works on other machines?


                    • #11
                      Re: ADMT v3.1

                      Access Denied to SYSVOL can be caused by one of the following:

                      1) SMB signing settings on the client and the DC do not match. Compare the settings on the problematic box with a computer that can access SYSVOL

                      2) LAN Manager authentication level on the client and the target server do not match (i.e. server requires NTLMv2 while client sends "LM & NTLM Only")

                      3) You have a stale link target in the SYSVOL (dead DC enlisted to SYSVOL)
                      Guy Teverovsky
                      "Smith & Wesson - the original point and click interface"


                      • #12
                        Re: ADMT v3.1

                        Ok, so I tried another machine, and it worked fine. Migrated User Account, Migrated Machine, Translated Local Profile, and able to access resources in both domains.

                        Something screwy with that machine....I'm calling it good for now.

                        Thanks for all of your help!