Sign in with
Sign up | Sign in
Your question

ADMT failure - "Access Denied"

Last response: in Windows 2000/NT
Share
Anonymous
August 17, 2005 2:25:41 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am trying to use the Active Directory Migration Tool
to move users from an NT4 domain to an AD domain. Initially
I am trying to move just one user account.

ADMT is installed on my own PC, which runs XP Pro and is a
member of the AD domain. I log on as AD domain admin.

There is full two-way trust between the two domains.

The AD Domain Admins group is a member of the Administrators
local group on the NT DCs.

I elect to transfer user rights (which gets me a prompt for
the NT domain admin name and password). I select none of the
other optional checkboxes.

Everything goes fine right up to the last step. As soon as I
click Finish I get a dialog which says "Access Denied". That's
it - no other info.

Interestingly, if I repeat the process I instead get an error
that says an existing ADMT process is still running.

I could just create the users in the AD domain since there aren't
that many, but then they won't have any rights over resources in
the NT domain unless I recreate them - and what if I had thousands
of users, manual creation wouldn't be an option.
--
Jim Hatfield
Anonymous
August 20, 2005 6:04:21 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I would think this would have better results if you ran this from the NT 4.0
PDC rather than a workstation on the network. Just a thought.
Mike D
"Jim Hatfield" <jim.hatfield@insignia.com> wrote in message
news:mb06g1lg9d27jsskg9afu3ion5mbhla8ih@4ax.com...
>I am trying to use the Active Directory Migration Tool
> to move users from an NT4 domain to an AD domain. Initially
> I am trying to move just one user account.
>
> ADMT is installed on my own PC, which runs XP Pro and is a
> member of the AD domain. I log on as AD domain admin.
>
> There is full two-way trust between the two domains.
>
> The AD Domain Admins group is a member of the Administrators
> local group on the NT DCs.
>
> I elect to transfer user rights (which gets me a prompt for
> the NT domain admin name and password). I select none of the
> other optional checkboxes.
>
> Everything goes fine right up to the last step. As soon as I
> click Finish I get a dialog which says "Access Denied". That's
> it - no other info.
>
> Interestingly, if I repeat the process I instead get an error
> that says an existing ADMT process is still running.
>
> I could just create the users in the AD domain since there aren't
> that many, but then they won't have any rights over resources in
> the NT domain unless I recreate them - and what if I had thousands
> of users, manual creation wouldn't be an option.
> --
> Jim Hatfield
Anonymous
August 20, 2005 6:11:18 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

These links maybe helpful to you too:

http://support.microsoft.com/default.aspx?scid=kb;en-us;260871

http://support.microsoft.com/default.aspx?scid=kb;en-us;832221

Mike D
"Jim Hatfield" <jim.hatfield@insignia.com> wrote in message
news:mb06g1lg9d27jsskg9afu3ion5mbhla8ih@4ax.com...
>I am trying to use the Active Directory Migration Tool
> to move users from an NT4 domain to an AD domain. Initially
> I am trying to move just one user account.
>
> ADMT is installed on my own PC, which runs XP Pro and is a
> member of the AD domain. I log on as AD domain admin.
>
> There is full two-way trust between the two domains.
>
> The AD Domain Admins group is a member of the Administrators
> local group on the NT DCs.
>
> I elect to transfer user rights (which gets me a prompt for
> the NT domain admin name and password). I select none of the
> other optional checkboxes.
>
> Everything goes fine right up to the last step. As soon as I
> click Finish I get a dialog which says "Access Denied". That's
> it - no other info.
>
> Interestingly, if I repeat the process I instead get an error
> that says an existing ADMT process is still running.
>
> I could just create the users in the AD domain since there aren't
> that many, but then they won't have any rights over resources in
> the NT domain unless I recreate them - and what if I had thousands
> of users, manual creation wouldn't be an option.
> --
> Jim Hatfield
Anonymous
August 23, 2005 9:12:12 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Sat, 20 Aug 2005 14:11:18 -0500, "Mike D" <mdouglas2005@comcast.net>
wrote:

(top posting reversed)

>>I am trying to use the Active Directory Migration Tool
>> to move users from an NT4 domain to an AD domain. Initially
>> I am trying to move just one user account.


>These links maybe helpful to you too:
>
>http://support.microsoft.com/default.aspx?scid=kb;en-us;260871
>
>http://support.microsoft.com/default.aspx?scid=kb;en-us;832221

OK I went all the way through the first of these documents and
everything was OK until the last step:

>Therefore, logging into the PDC that is the FSMO role holder in the target domain with the source domain\Administrator account suffices, assuming that the source domain\Domain Administrators group belongs to each computer's Administrators group.

I was unable to log in using the source domain Admin account; the
error was that the source domain was "not available".

But how can it be "not available" when there is two-way trust and each
domain's Domain Admin's global group is a member of the other's
Administrators local group?

The Event Log has a NETLOGON event 5719: "No Windows NT or Windows 2000
Domain Controller is available for domain SOURCEDOMAIN. The following
error occurred: There are currently no logon servers available to
service the logon request" (in fact I see that error logged quite
often).

jim
--
Jim Hatfield
!