![admt 3.2 not seeing the domain admt 3.2 not seeing the domain](http://lh4.ggpht.com/_ogW55ub7GXo/S_wvzu7pDCI/AAAAAAAAAII/RYNVQ9H7usQ/image_thumb.png)
- #Admt 3.2 not seeing the domain password#
- #Admt 3.2 not seeing the domain Pc#
- #Admt 3.2 not seeing the domain windows#
#Admt 3.2 not seeing the domain password#
There is also an (undocumented) requirement that a non-blank password must be used for the account used to run ADMT (because I was running on a dedicated test system I was originally using the Administrator accounts with blank passwords, which needed to be changed). by adding the target domain’s Administrator account to the source domain’s Administrators group and vice versa). Administrator rights are required in both the source and target domains (e.g.The source domain must trust the target domain (in order for user and group migration to take place).The computer running ADMT must be a member of either the source or the target domain.
#Admt 3.2 not seeing the domain windows#
#Admt 3.2 not seeing the domain Pc#
To prove this, I created four virtual machines (which run very slowly when the host is a notebook PC with only 1Gb of RAM…) representing domain controllers as follows:
![admt 3.2 not seeing the domain admt 3.2 not seeing the domain](https://janegilring.files.wordpress.com/2010/08/image.png)
It’s not that complex – just a two step migration, but we also needed to confirm that the sIDHistory attribute for each user would remain in place if the account was migrated more than once (in order to maintain access to resources in the original domain).
![admt 3.2 not seeing the domain admt 3.2 not seeing the domain](http://www.alexandreviot.net/wp-content/uploads/2016/04/2016-02-28_16-07-42.png)
We don’t want to have to recreate the users and so I had to find a way around the problem. already has a Kerberos trust with, it will not allow an external trust to be created with companyname.be. Because ADMT is reliant on external (NT 4.0) trust relationships, which are established using NetBIOS names (not DNS), and because emea. This is all reasonably straightforward, or it was until my colleagues unearthed a a new domain in Belgium called companyname.be. All of the user accounts from the various NT 4.0 and Windows 2000 domains around the organisation are being migrated into this structure using the Active Directory migration tool (ADMT) but access will be required to resources in the legacy domains (at least in the short term). One of my clients is undertaking a domain consolidation process, moving to a new Active Directory (AD) forest called with two child domains – emea.