Active Directory Migration Tool : Password Service Error

Home Forums Microsoft Networking and Management Services Active Directory Active Directory Migration Tool : Password Service Error

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Member
    #154260

    New Environment:

    Forest 01 with 1 domain: dev.x.tld

    Forest 02 with 3 domains: x.tld, prod.x.tld, and office.x.tld

    All domain controllers are Windows 2008 R2 , but office is at functional level Windows 2003 (because we’ll be importing some Windows 2003 servers in the near future)

    An inter-forest 2-way trust relationship exists between dev and office. The original plan was to join dev.x.tld to the x.tld forest last night, but then I discovered that wasn’t going to be as trivial as I thought, and migrating user accounts to office is more important right now.

    I am trying to migrate accounts from dev to office using Active Directory Migration Tool (ADMT) 3.2 . ADMT Database is SQL Server Express 2008 SP2.

    Password Export Server (PES) service is installed on dcd01.dev.x.tld , using a PES key generated on dco01.office.x.tld

    PES service logs on with officeadmt credentials , a service account I created for ADMT.

    officeadmt is a member of Domain Admins in office.x.tld, and (Built In) Administrators in dev.x.tld

    When I try to migrate a user account and password from dev to office — explicitly setting dcd01 as source DC and dco01 as target DC, and not just using the “any domain controller” options) — I get the following error:

    Unable to establish a session with the password export server.
    The source password export server and the target server do not have the same encryption key for the source domain.

    The account I am using is a Domain Admin in dev, and member of (Built In) Administrators in office.

    I am at wit’s end, as it took my all afternoon just to figure out some “bad password” errors when trying to install PES (for some strange reason, using the NETBIOS domain name instead of the DNS domain name to generate the key worked. It must be an undocumented feature), and resolve all sorts of other issues to get this far.

    I created another server in dev to run ADMT on, so I could make officeadmt a local administrator on that server and log in with the officeadmt account. However, even as a local administrator, officeadmt cannot open Active Directory Migration Tools (see screen shot below):

    Active Directory Migration Tool
    Unable to check for failed actions. DBManager.IManageDB.1 :
    Cannot open database “ADMT” requested by the login. The login failed.

    Yet it works fine when I log in as myself.

    I have no idea what else to try at this point.

    That I’m here at 8:00 pm on Saturday night, after working on this for the past 8 hours, gives you an idea of how desperate I have become.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.