What is the best practice for logon account permissions necessary to successfully migrate computers? (NETIQKB1434)

  • 7701434
  • 02-Feb-2007
  • 22-Aug-2007

Resolution

goal
What is the best practice for logon account permissions necessary to successfully migrate computers?

goal
What logon account permissions do I need to migrate computers.

goal
What permissions are required for migration?

fact
Domain Migration Administrator 7.x

fix

The recommended practice for the migration of computers follows:

  1. Create an account in the source domain and add it to the Domain Admins Global group on the source domain.
  2. Add that source domain admin account to the Local Administrators group on your target domain.
  3. Log into the Domain Migration Administrator (DMA) console with this Source Domain Admin account.

To successfully dispatch an agent for computer migration and security translation, the account you are logged in with must be a member of the Local Administrators group on every machine you plan to migrate. By default, the Source Domain Admins group is a member of the Local Administrators group on every computer that is a member of the domain. Using the Source Domain Admin account reduces the overhead that would otherwise be necessary to add your target domain admin account to the Local Administrators group on every computer in the source domain.

The account that is provided within the wizard is used only for reporting back to the DMA console computer.  For more information on this account, please refer to the following NetIQ Knowledge Base article: 

  • NETIQKB2057: "During a computer migration, why do I have to provide an account?"


Additional Information

Formerly known as NETIQKB1434