Windows Server TechCenter >
Windows Server Forums
>
Migration
>
Migration to Windows Server 2008 R2 domain with SID-History
Migration to Windows Server 2008 R2 domain with SID-History
- Hello,
I have to move user objects from an existing Windows Server 2003 domain into a newly build Windows Server 2008 R2 domain.
As I know I should use ADMT3.1 to perform this operatin but I am not able to Migrate the SID from old domain into the new.
It tells me that auditing and tcpipclientsupport cannot be found, access denied.
1. There is a two-way trust between the domains
2. Auditing is enabled on both domains
3. Reg-Key in HLKM\ControlSet\....\LSA is set
4. User from new domain is member of Administrators in old domain
Now my question:
What setup has to be done to get this SID migration running???
Thanks in advance.
Answers
- Hello,
Look at this technet KB on migrating SID history as well
http://technet.microsoft.com/en-us/library/aa996171(EXCHG.65).aspx
Also, make sure the user account you are using is both in the domain admins group in both domains respectively
Isaac Oben MCITP:EA, MCSE- Proposed As Answer byMeinolf WeberMVPSaturday, November 07, 2009 10:18 PM
- Marked As Answer byWilson JiaMSFT, ModeratorWednesday, November 11, 2009 4:11 AM
All Replies
- Hello,
Look at this technet KB on migrating SID history as well
http://technet.microsoft.com/en-us/library/aa996171(EXCHG.65).aspx
Also, make sure the user account you are using is both in the domain admins group in both domains respectively
Isaac Oben MCITP:EA, MCSE- Proposed As Answer byMeinolf WeberMVPSaturday, November 07, 2009 10:18 PM
- Marked As Answer byWilson JiaMSFT, ModeratorWednesday, November 11, 2009 4:11 AM
Hello,
I made everything the TechNet told me to do. But I am not able to add the user from destination domain into Domain Admins group in source domain.
The error I got trying to migrate the SID is: Unable to detect TcpClientSupport or Auditing.... Access denied!- Hello,
I think there might be something to do with your trust setup..Have you test the trust and make sure it is all good? can you successfully ping and and do an nslookup between domains/forests?
Isaac Oben MCITP:EA, MCSE - Hello Isaac,
I got it running ;-)
Trust was working fine, nslookup between domains worked fine as they used stub-zones of each other.
Problem were missing permissions in source domain. I added the user running ADMT to the Administrators group in the source domain.
Thanks anyway for your responses...
