Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
ADMT 3.2 Conflict Management options grayed out in GUI

已答复 ADMT 3.2 Conflict Management options grayed out in GUI

  • Tuesday, November 20, 2012 11:53 PM
     
     
    Sign In to Vote
    0

    Good day,

    In a lab setting, I am testing ADMT for our production migration.

    I can migrate user and groups objects successfully. However, many options are grayed out in the various ADMT 3.2 GUI pages. I am most interested in Conflict management, being able to merge conflicting objects.

    This is an Intra-Forest move between two child domains in the same forest.

    Source domain functional level is 2003, domain controller is running on 2003 R2 SP2.

    Target domain functional level is 2008, domain controller is running on 2008 R2.

    Forest root domain function level is 2008, domain controller is running on 2008 R2.

    Default forest trusts are in place, no shortcut trusts done.

    Forest function level is 2003.

    ADMT 3.2 is installed on a member server in the target domain, SQL Express 2008 R2

    The account I am using to run ADMT is a member of Enterprise Admins

    Like I say, I was able to migrate groups and users OK. I would just like to be able to merge conflicting objects. Doing this is my primary interest in our production environment.

    I just don't understand why many options on many pages are gray.

    Thanks in advance for your help.

     

All Replies

  • Thursday, November 22, 2012 7:26 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi Jeff,

    Thanks for posting in Microsoft TechNet forums.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

     
     
  • Thursday, November 22, 2012 8:15 AM
     
     Answered
    Sign In to Vote
    0
    Hi Jeff,

    The reason you cannot “merge” a source and target user when the same accounts reside in the same forest (child and parent domains) is that ADMT will not merge these accounts. ADMT when used in intra forest migrations actually will “move” the source user to the target domain. Think of it as destructive, it will delete the source object and recreate the target object. The reason for this is the source user SID will be included in the target users SidHistory. This would lead to duplicate SID’s in the forest and eventually lead to problems with SID to name resolution. The only way to accomplish this is the two domains are actually in different forests.

    More details about ADMT, you can refer below technial artiles:

    http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


     
  • Monday, November 26, 2012 1:49 PM
     
     
    Sign In to Vote
    0

    Great, many thanks for the answer.

    If I might ask further. Our situation is we have some groups of the same name in each of two domains in the same forest. If I want to migrate from the source domain to the destination domain then, it would seem I need to delete the group in the destination domain prior to domain this and the group in the source domain would be deleted upon migration. Is that correct?

    Where we started with this, is someone asked if there was a way to programatically apply the source group SID to the SID history of the group of the same name, in the destination. We have taken a couple of cracks at it viw powershell and even manually. We get access denied in return. This despite using enterprise admin credentials. The only thing I can conclude is that the SID simply cannot exist simultaneously and we have to migrate as I indicate in the previous paragraph. Is that correct?

    We were hoping for some middle way. But after toying with it a bit and receiving your answer, I am coming to believe it won't be the way we wanted it to go.

    Thanks again, hoping you can reply further.

     
  • Tuesday, November 27, 2012 7:05 AM
     
     Answered
    Sign In to Vote
    0

    Hi Jeff,

    You are right. If we want to migrate a group which have same name in source domain and target domain, we should rename one of them or delete one of them. Intra-forest domain migration cannot support migrate group objects which have conflict name.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked As Answer by Jeff Black Tuesday, November 27, 2012 12:40 PM
    •