NetIQ Domain Migration Administrator

Version 8.0 Service Pack 1

Release Notes

Date Published: May 2012

 
 

 

This service pack for the NetIQ Domain Migration Administrator product improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the NetIQ Migration Suite forum on Qmunity, our community Web site that also includes product notifications, blogs, and product user groups.

This document outlines why you should install this service pack, provides information about installing the service pack, and identifies known issues.

For more information about this release and for the latest Release Notes, see the Domain Migration Administrator Documentation web site.

Why Install This Service Pack?

Domain Migration Administrator allows you to quickly migrate Microsoft Windows domains. Domain Migration Administrator enables you to copy user accounts, groups, and computer accounts to another domain. Using this product, you can then resolve the related file, folder, share, printer, and DCOM security permissions for the copied user accounts, groups, and computer accounts. Domain Migration Administrator provides the features you need to create a more secure, productive, and manageable environment. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.

Includes a Separate Agent Installer

This service pack includes a separate installer for installing the Domain Migration Administrator agent permanently on remote computers. When agents are needed to perform migration tasks, Domain Migration Administrator now detects agents that have already been installed and does not attempt to deploy them. For more information about using the separate agent installer, see the User Guide for Domain Migration Administrator.

Includes Previous Hotfixes

This service pack includes the fixes and enhancements in Hotfixes 72561, 72745, and 72951. For more information, see Previous Releases.

Adds Support for Intraforest Migrations with Windows 2008 R2 Source

This service pack adds support for intraforest migrations from Windows 2008 R2 source domains.

Domain Migration Administrator Agent Shut Down Unexpectedly when Processing DCOM Permissions

This service pack resolves an issue where the Domain Migration Administrator agent shut down unexpectedly when processing DCOM permissions. (ENG304513)

Domain Migration Administrator Shut Down Unexpectedly when Translating Security

This service pack resolves an issue where Domain Migration Administrator shut down unexpectedly when translating security on a Windows 2008 R2 file server. (ENG313894)

Domain Migration Administrator Shut Down Unexpectedly when Trying to Process an Invalid Target Path

This service pack resolves an issue where Domain Migration Administrator shut down unexpectedly instead of reporting an error when attempting to process an invalid target path. (ENG301747)

Server Consolidator Shut Down Unexpectedly when Trying to Select Printers

This service pack resolves an issue where Server Consolidator shut down unexpectedly when trying to select printers for migration. (ENG308121)

Slow Console Performance

This service pack resolves performance issues with the Domain Migration Administrator console. (ENG302342, ENG302383)

Unable to Configure Project for SidHistory Migration

This service pack resolves an issue where Domain Migration Administrator displayed errors during configuration of a project to migrate SidHistory for a Windows 2000 source domain. (ENG313477)

Unable to Translate Security for Local Profiles on Windows 7 Workstations

This service pack resolves an issue where Domain Migration Administrator was unable to translate security for local profiles on Windows 7 workstations with a Spanish version of the Windows operating system, displaying the following error: E20940: Failed to lookup the encrypted settings for profile (C:\Users\doej). (ENG313979)

Duplicate Accounts with Same CN Migrated to Same Container in Target Domain

This service pack resolves an issue where Domain Migration Administrator migrated two accounts with the same Common Name (CN) into the same target container. As a result, the domain controller in the target domain to which the changes were written was unable to replicate to other domain controllers. (ENG304357)

Clicking the STOP Button During a Migration Caused Migration Issues

This service pack resolves an issue where clicking the STOP button partway through a migration resulted in migrated groups not being moved into the correct OUs per the modeling table. Instead, Domain Migration Administrator put them in the container specified in the Migration Options wizard. In addition, the statistics for the project did not indicate that these groups were migrated, even though they were migrated to the target domain. (ENG304345)

Setting Target Server Override to Nonexistent Domain Controller Resulted in Copy Instead of Move

This service pack resolves an issue that occurred in intraforest migration scenarios, where setting the Target Server Override option to a nonexistent target domain controller resulted in users being copied instead of moved to the target server. After you install this service pack, if you specify an override domain controller that cannot be contacted for any reason, Domain Migration Administrator logs an error and does not perform the migration. (ENG303911)

Forward Slash or Comma in CN of User Account Caused Migration Issue

This service pack resolves an intraforest migration issue where user accounts that had a forward slash (/) or comma (,) in the Common Name (CN) resulted in Domain Migration Administrator not moving the accounts to the correct target OU. (ENG303723)

Different Domain Controller Used for Group Membership Queries Caused Migration to Fail

This service pack resolves an intraforest migration issue where Domain Migration Administrator attempted to use a different domain controller for group membership queries. Since the domain controller that Domain Migration Administrator tried to use was unavailable from the Domain Migration Administrator console, the migration failed with the error RPC server unavailable. (ENG303173)

Account Permissions Assigned in AD Users and Computers Not Synchronized

This service pack resolves an issue where AD account permissions assigned in Active Directory Users and Computers were not synchronized if user accounts were migrated and then synchronized using the Synchronize Migrated Objects option. (ENG302941)

Unable to Create PES Encryption Key after Installing Hotfix 72951

This service pack resolves an issue where users were unable to create a PES encryption key using the Create Password Export Server Encryption Key wizard after installing Domain Migration Administrator Hotfix 72951. (ENG308531)

Return to Top

Installing This Service Pack

Complete the following steps to install this service pack.

Note
If you are performing a clean installation of Domain Migration Administrator in your environment, you do not have to install Domain Migration Administrator 8.0 before you install this service pack. However, ensure you have reviewed the software, hardware, and permission requirements for the product before you begin installation. For more information, see the User Guide.

To install this service pack:

  1. Log on to a computer with an account that meets all requirements for installing Domain Migration Administrator. For more information, see the User Guide.
  2. Run the Setup.exe file in the root folder of the Domain Migration Administrator installation kit.
  3. Click Begin Setup on the Setup tab.
  4. Follow the instructions until you have finished installing the service pack.

Return to Top

Upgrading from Previous Versions

If you are currently running Domain Migration Administrator 8.0 in your environment, you can upgrade your current installation by performing the steps provided in the section Installing This Service Pack. However, if you are currently using an earlier version of Domain Migration Administrator in your environment, you must uninstall the previous version before you upgrade. If you have defined a migration project in an existing Domain Migration Administrator installation and started performing the migration defined by that project, ensure you complete the migration before you uninstall Domain Migration Administrator. Once you have uninstalled the previous version, you can install this service pack without first installing Domain Migration Administrator 8.0.

Note
Uninstalling a previous version of Domain Migration Administrator does not remove the existing Microsoft Access databases. If you want to remove the Access databases, uninstall Domain Migration Administrator and then remove the Access databases manually.

For more information, see the User Guide.

Return to Top

Verifying the Service Pack Installation

Complete the following steps to verify that the service pack installation was successful.

To check the installed service pack version:

  1. Log on to the Domain Migration Administrator console computer and open the Domain Migration Administrator console.
  2. On the About menu, click Domain Migration Administrator. After you install this service pack, the About window displays Version 8.0.1.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

Exporting a Project with the Same File Name as an Existing Exported File Overwrites the File

A known issue exists where Domain Migration Administrator does not display a warning if you export a project file with the same name as an exported project file that already exists in the default SQL Server backup folder. The existing file is overwritten in this case, so ensure you always perform a backup before you export a project file. Consider using naming conventions to avoid using the same names for similar projects. (ENG289438)

Uninstaller Does Not Remove the Domain Migration Administrator Databases

A known issue exists where uninstalling Domain Migration Administrator does not uninstall the Protar and project databases in Microsoft SQL Server. To work around this issue, manually remove the databases from the SQL Server computer. For more information about database removal, see the Microsoft SQL Server documentation. (ENG288059)

Password Migration Support for 64-bit Source Domain Controllers

A known issue exists where Domain Migration Administrator installed on a computer running Microsoft Windows Server 2003, Windows XP, or an earlier supported operating system cannot migrate passwords from a 64-bit source domain controller. Migrating passwords from a native-mode domain to a domain in a different forest requires the use of the Password Export Server (PES) installed on a domain controller in the source domain. Domain Migration Administrator interfaces with the PES to migrate passwords between domains. However, Password Export Server (PES) 2.0, which is the appropriate version for Microsoft Windows Server 2003, Windows XP, and earlier supported operating systems, does not support 64-bit systems. If you want to migrate passwords from a 64-bit source domain controller, upgrade your Domain Migration Administrator console computer to a later operating system that is supported by PES 3.1. Domain Migration Administrator 8.0 provides installers for both PES 2.0 and PES 3.1. PES 3.1 is also available for download from the Microsoft Web site. For more information about installing PES and related tasks, see the User Guide. (ENG285847)

Registry Errors During Migration of Windows Server 2008 R2 and Windows 7 Computers

A known issue exists where migrating Microsoft Windows Server 2008 R2 and Windows 7 computers results in some registry key translation errors, and Domain Migration Administrator reports the migration as "Completed with errors." This is a known issue in Microsoft's Active Directory Migration Tool (ADMT) 3.1. For more information about this issue and workarounds, see Microsoft Knowledge Base article 976659. (DOC288066)

Migrated Computers Are Disjoined from the Domain when Migrated with the Replace Option

A known issue exists where migrating computers at the same time with more than one Domain Migration Administrator console and choosing the Replace and update conflicting accounts option results in migrated computers being disjoined from their domain. To work around this issue, manually rejoin the disjoined computers to the domain. (DOC287376)

Members of Migrated Domain Local Groups May Be Denied Resource Access

A known issue exists where members of migrated Domain Local Groups may be denied access to resources after migration and security translation of the Domain Local Groups. This issue is caused by an inherent limitation of Domain Local Groups, which are designed to grant permissions to resources within a single domain. For more information, see the Microsoft Windows documentation. (DOC255899)

Entering an Invalid Parameter Causes SCCLI Failure

A known issue exists where entering the SCCLI RUNTASK command using an invalid parameter in the Server Consolidator command-line interface (SCCLI) causes the SCCLI to fail. To work around this issue, re-enter the command using valid parameters. For more information about valid SCCLI parameters, type /? in the SCCLI to view the Help. (ENG285688)

Full Path of the SQL Server Computer Is Not Displayed

A known issue exists where Domain Migration Administrator does not correctly display the full path of the SQL Server computer in the confirmation message after you export a project to the SQL Server computer. For example, instead of a path such as C:\Program Files\Microsoft SQL Server\Backup\DMAExport.bak, the message displays <SQL Instance Directory>\Backup\DMAExport.bak. This is only a display issue. Domain Migration Administrator exports the project to the correct SQL Server computer you specified. (ENG289440)

Return to Top

Additions to Documentation

Requirement for Migrating Printers Using Server Consolidator

To successfully migrate printers using Server Consolidator, the Allow Print Spooler to accept client connections group policy must be enabled on the target computer. This setting can be edited through Local Computer Policy or applied through Domain Group Policy.

Previous Releases

This service pack also includes enhancements added in Hotfix 72561, Hotfix 72745, and Hotfix 72951.

Hotfix 72561

This hotfix resolves an issue where performing an intraforest migration from a child domain to a parent domain using Domain Migration Administrator resulted in the loss of group membership for the migrated users. (ENG284254, ENG294476)

Hotfix 72745

This hotfix resolves an issue where Domain Migration Administrator was unable to translate security for computers running the German version of the Windows operating system. Since local profiles are not stored in the same folder on English and German versions of Windows, Domain Migration Administrator could not find the local profile and generated an error indicating that the roaming profile could not be migrated. (ENG301344)

Hotfix 72951

This hotfix resolves the following issues:

Domain Migration Administrator Console Shut Down Unexpectedly

This hotfix resolves issues with the MCSNetObjectEnum.dll file that caused the Domain Migration Administrator console to shut down unexpectedly when migrating one or more specific user accounts. (ENG305149, ENG305139)

Domain Migration Administrator Agent Shut Down During DCOM Processing

This hotfix resolves an issue with the MCSDCTWorkerObjects.dll file where the Domain Migration Administrator Agent service stopped unexpectedly during DCOM processing if it was unable to resolve any permission for a DCOM element. The Domain Migration Administrator agent now validates security descriptors and skips any DCOM permission settings it is unable to resolve, adding an entry to the Windows Event Log. (ENG304513)

MSExchangeMailboxGuid Did Not Migrate with the User Account

This hotfix resolves an issue caused by the McsADsClassProp.dll file where Domain Migration Administrator did not migrate the MSExchangeMailboxGuid AD property with the migrated user account, even if the corresponding entry row for MSExchMailboxGuid was deleted from the ExcludedW2KProps table of the project database. (ENG304981)

Pre-Migration Check Report for Workstations Failed to Complete

This hotfix resolves an issue with the Pre-Migration Check Report for Workstations. When this report was run for a project with a large number (200+) of unmigrated computers, the report failed to complete and the Domain Migration Administrator console became unresponsive. (ENG304287)

User or Group Permissions Did Not Migrate with the Object

This hotfix resolves an intraforest migration issue where permissions assigned directly to a group or user account on the Security tab were lost when Domain Migration Administrator migrated that group or user account. Domain Migration Administrator did not correctly update the reference for the migrated object, so the assigned permissions were still pointing to the source object, which no longer existed. (ENG305791)

Check Box Selection Not Retained During Migration

This hotfix resolves a group migration issue where the Manager can update membership list check box option that was selected on the source was no longer selected on the target after the corresponding group was migrated. Domain Migration Administrator now saves the NTSecurityDescriptor for a group before moving that group. (ENG305792)

Groups Not Migrated Correctly

This hotfix resolves an issue where Domain Migration Administrator was not properly migrating groups. In some cases, groups were not migrated at all, and the event log contained an entry similar to the following: hr=80072030 There is no such object on the server.. In other cases, groups were migrated but the modeling table information was not processed, the group was not moved to the correct target OU or to the migrated objects table in Domain Migration Administrator, and statistics for the project were not updated. (ENG307229)

Running Report Caused MMC Failure

This hotfix resolves an issue where running the "Computers Failed to Migrate" report caused a Microsoft Management Console (MMC) failure, so the Domain Migration Administrator console shut down unexpectedly. (ENG306859)

Group Memberships Not Retained

This hotfix resolves an issue where group memberships were not retained for migrated user accounts. (ENG294476)

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

Return to Top

Legal Notice

Return to Top