| Author |
Message |
Len Bonanno
Guest
|
 Posted:
Wed Jan 12, 2005 9:27 am Post subject:
ADMT computer migration question |
|
|
Hi folks,
I am in the process of migrating the computers from an NT domain to a 2003
domain. I found after the first test migration that the DC administrator
needs to be an adminstrator on the client computers. Is there a simple way to
do this without having to visit each client physically?
I have around 50 workstations to migrate.
Any suggestions/recommendations will be most appreciated.
Regards. |
|
| Back to top |
|
 |
Rebecca Chen [MSFT]
Guest
|
| Posted:
Wed Jan 12, 2005 5:32 pm Post subject:
RE: ADMT computer migration question |
|
|
Hi Len,
Do you mean you want to add the win2k3 domain admin to the NT domain
client's local admin?
I assume NT domain called Domain1, win2k3 domain called Domain2.
If so, check if Domain2\domain admin group has been added to NT's
administrators group, which is located in User Manager for Domain in
Administrative Tools in NT PDC. By default, Domain2\domain admin group
should be added to NT' administrators group by default after you create two
ways trusts between NT and win2k3.
However, it is not grant win2k3\domain admin the local admin previlige on
NT client's. As Michael has stated:
DOMAIN1 (Source)
----------
DOMAIN1\Administrators contains DOMAIN1\Domain Admins (by default) and
DOMAIN2\Administrators (you put it there).
Workstations in DOMAIN1
----------
By default, WORK1\Administrators (the local administrators group on
workstations) will only contain global group DOMAIN1\Domain Admins, and NOT
the local group DOMAIN1\Administrators since it is impossible in NT 4.0 for
a local group to contain another local group.
Therefore:
----------
Simply by adding DOMAIN2\Domain Admins to DOMAIN1\Administrators does not
give access to the workstations. (DOMAIN1\Domain Admins does not contain
DOMAIN1\Administrators, it is the other way around). You can't give an
account from another domain administrative access to workstations at the
domain level, you have to add them to the local Administrators group to
each workstation.
Therefore, add Domain1\domain admin group to Domain2\domain admin group.
Use Domain1\domain admin to logon to the win2k3 DC and run ADMT, you have
access to all the workstations (unless someone removed the Domain Admins
group from Administrators in a workstation).
HTH!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
Rebecca Chen [MSFT]
Guest
|
| Posted:
Wed Jan 12, 2005 6:30 pm Post subject:
RE: ADMT computer migration question |
|
|
Sorry, not "add Domain1\domain admin group to Domain2\domain admin group",
it should be "add Domain1\domain admin group to Domain2\administrators
group", which is a domain local group.
For example, the NT domain user called Len, who is a domain admin memeber.
Add Len to Domain2\administrators built-in group, use Len to logon to
win2k3 DC and run ADMT to migrate the computer accounts. I have tested and
It work sucessfully on my side. :)
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in