ADMT - migrating users from old to new domain. Groups not being associated when on new domain

hi guys,

I've set up an ADMT server and have done the following:
1. Set up trust between source and target.
2. set up auditing on both source and target
3. Disabled sid history filtering.

I have migrated groups from the source to the target and ensured I selected the 'migrate SID'...option also.

When I migrate a user from the source, it goes to the target. However, it doesn't have any of the groups associated to it on the source in the target. I've attached the ADMT log file also.

Thanks for helping

Yashy



When you were going through the User Migration Wizard did you make sure to check "fix Users Group Membership"?

Take a look at the below link to ensure that all of the steps are similar and that you have not missed anything.

Migrating User with ADMT

Will.



When you were going through the User Migration Wizard did you make sure to check "fix Users Group Membership"?

Take a look at the below link to ensure that all of the steps are similar and that you have not missed anything.

Migrating User with ADMT

Will.



Yes I have done all of that also.

It is strange though why it migrates groups, users separately, but it won't migrate the actual groups associated to that user.

Could it be permissions related at all?



Okay, one issue that I do see. When I go to the built-in Administrators on the source domain, I added the target_domainadministrator account and it only shows it as a SID rather than a normal logo.

And I get the following:

"Some of the objects names cannot be shown in their user-friendly form.
This can happen if the object is from an external domain and that domain is
not available to translate the object's name"



From logs it seems that you are using windows 2000 source domain which is not supported scenario

The source and target domains must be at Windows Server 2003 domain functional level or higher to run ADMT 3.2
https://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx
http://www.microsoft.com/en-in/download/confirmation.aspx?id=19188

Also I have checked that "fix group membership" is also selected, however it is not working as expected

Either you introduce 2003 2008 2008 R2 ADC in existing source domain (you might have) and demote windows 2000 DC, then raise domain functional level to windows 2003 at least
OR
If you already have windows 2003 DC in target domain, you can download ADMT 3.0 (deprecated version) and then migrate accounts
You will not get ADMT 3.0 from official MS source, you need to google to download older version



Thank you for writing back.

We literally migrated all of the company with a Windows 2000 source domain to a Windows 2008 R2 target, but using ADMT 3.1.

If I did do that, can I just uninstall 3.2 and install it on the same server without having to reconfigure anything?

Share this

Related Posts

There was an error in this gadget