What are some of the general Gotchas or Helpful Hints one might want to know when migrating User, Gr (NETIQKB1181)

fact
Domain Migration Administrator 7.1

fix

When Migrating User & Group accounts:

• Does the account you are using to migrate users and/or groups have the correct permissions? Have you satisfied all of DMA's requirements in order to move accounts? What about SID History pre-requisites? Check out the requirements, see Knowledge Base article:
  • NETIQKB2017: What are the requirements to install Domain Migration Administrator (DMA) 6.x and Server Consolidator?
• What if you only have Admin permissions on just the specified Target OU that you intend to migrate to? See Knowledge Base article:
  • NETIQKB922: Can a non-Domain Admin account migrate users/groups to a specific OU if the account has been delegated control over that OU? What about with SID History?
• Are you trying to migrate a 'Built-in' account? What's the difference anyway, see Knowledge Base article:
  • NETIQKB1468: What is the difference between a 'Built-in' account and a 'Well-known' account?

When Working with SID History:

• The most common cause of failure to bring the SID History attribute over to the Target for the account is not meeting the SID History requirements, see the DMA User Guide for detailed information here, also see Knowledge Base article:
• NETIQKB2017: What are the requirements to install Domain Migration Administrator (DMA) and Server Consolidator?
• A specific Migration.log error might be the problem, 'E20678' requiring TcpipClientSupport registry key to be set, see Knowledge Base article:
• NETIQKB2081: E20678: SID History cannot be updated for UserX. This operation requires the TcpipClientSupport registry key to be set on . rc=6
• What about for users that already exist in the Target, can I append SID History after the fact, see Knowledge Base article:
  • NETIQKB1096: How do I add SID History to user accounts already created in Windows 2000?

When Migrating Passwords for User accounts:

• Group Policy Object (GPO) settings could be causing you trouble when migrating users' passwords, see Knowledge Base article:
  • NETIQKB1570: Error: 'E20679: Failed to copy password from XXXXX to YYYYY, hr=8007052f. Logon failure: user account restriction' when choosing to copy passwords from the source domain
• Differring domain security policies, or Syskey encryption could be causing you problems when migrating users' passwords, see Knowledge Base article:
  • NETIQKB1837: What are some of the causes of a password migration failure?
• DMA's object creation and password migration process could be causing you problems when migrating users' passwords, see Knowledge Base article:
  • NETIQKB993: What is the process used by NetIQ's Domain Migration Administrator (DMA) to migrate users, and how could it affect copying passwords during a user migration?
  • NETIQKB1989: DMA's object migration/creation process detailed

When Migrating Service accounts:

• Be aware that DMA does NOT migrate the Exchange Service account, see Knowledge Base article:
  • NETIQKB2146: DMA does not migrate Exchange Service Accounts. When migrating users one will have to practice extra care so that you do not migrate the Exchange Service Account.
• You may also want to be aware of the potential migrating passwords issues described above in case your s.
  ervice account has a strong password, or your Source and Target security policies differ, etc.

PLEASE NOTE: To read more about general Gotchas or Helpful Hints when migrating Computer accounts and Translating Security, please see Knowledge Base article:

• NETIQKB1138: What are some of the general Gotchas or Helpful Hints one might want to know when migrating Computer accounts and Translating Security with NetIQ's DMA tool

.

Formerly known as NETIQKB1181