ADMT 3.2 Error RC=1722


  • ADMT 3.2 Error RC=1722

    I am trying to migrate SIDHistory between 2 2008R2 forests using ADMT.

    Configured as per the guide and the various articles I found online.

    2 Way Trust In Place
    ADMT account is in Domain Admins of Target Forest, and Administrators Group of Source Forest.
    SID Filtering Disabled on Trust
    SID History allowed on trust (both sides)
    Allow SID Migration granted to the ADMT account on both sides
    Firewall ports opened for all DC's and the ADMT server to talk (ANY ANY Rule)
    Source Local Group setup with DomainName$$$ and placed in Default Users OU
    Auditing Enabled for Account management Success and Fail both domains
    Auditing enabled for GC Success Only both domains
    LMHosts file was created to allow NetBIOS lookups
    Rebooted all servers post changes

    But it still fails to migrate the SID, I have tested from Member server in target domain with ADMT installed.
    ADMT install on Source DC
    ADMT installed on Target DC using both the GUI and Command line (has to be DC installed to migrate SIDHistory from command line).

    But I get the same error every time.

    ERR2:7111 Failed to add sid history for TestSourceUser to TestTargetUser. RC=1722 

    The target domain has new accounts created for the users, so I have an include file to match the accounts to import just the SID History.
    If I do a test migration without selecting SID History it works fine!

    Anyone any advice, 1722 looks like RPC error but checked firewall and all ports are open including the dynamic high ports.
    Tuesday, April 17, 2018 2:57 AM

All replies