 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
Recommended Links:
Play your favourite online pokies and take what you win fast at the same day withdrawal online casinos in Australia.
light tower
buy arabic Twitter follower
buy spotify real followers
A great website to buy Facebook followers from is BRSM. They have a great track record!
the Binary Option Robot
Get Windows Tablet & Phones at DHgate.com
| NT4->W2000 server user migration with passwords? |
| Forum: Windows 2000 |
|
Read Only Forum Back to Windows 2000 All Forums |
Displaying Posts 1 through 2 of 2 |
This is an archived static copy of ActiveWin.com. |
| #1 By 125 (216.232.67.238) at Sunday, March 30, 2003 03:01:44 AM |
|
Download ADMT 2.0 from: http://www.microsoft.com/windows2000/downloads/tools/admt/default.asp
Password Export Server Installation (from the ADMT docs)
This section describes the requirements for installing and using a Password Export Server (PES) to perform password migration with ADMT. You can find more detailed information in the Domain Migration Cookbook referenced under How to View This Document.
We recommend that the source domain Password Export Server be a BDC dedicated for this purpose.
128-bit encryption must be installed on any PES.
128-bit encryption must be installed on the machine running ADMT.
The Password Export Server installation will not complete without supplying an encryption key created on the ADMT machine. The key must be available on a local drive. This can be a floppy drive or a folder on the local hard drive. Network mapped drives or shares are not allowed. It is recommended that you transport the key via a floppy and either store the floppy in a secure location or format it after the installation.
On the ADMT machine, run ADMT.exe from the command line specifying key as the operation to perform (the syntax for this command is ADMT.exe key %Source_Domain_NetBIOSName% %folder%: %Optional Password% (i.e. c:\admt.exe key srcdomain a: pswrd)). Type ADMT.exe key at the command line for more usage information.
On the Password Export Server, make sure that the key is available on a local drive, either by inserting the floppy disk or copying the key to a local hard drive. You will be prompted on the Password Export Server for the location of the key during the installation. You will have to provide a matching password if one was given when creating the encryption key on the ADMT machine.
The AllowPasswordExport registry key value (located in HKLM\SYSTEM\CurrentControlSet\Control\Lsa on the Password Export Server) must be set to 1 to allow ADMT to use that Password Export Server for password migration. You can disable a Password Export Server from supporting password migration by setting that same value to 0.
Everyone must be added to the Pre-Windows 2000 Compatible Access group on the target domain in order for password migration to succeed. If this is not done, ADMT will log an Access Denied error. The command line syntax for this is NET LOCALGROUP "Pre-Windows 2000 Compatible Access" Everyone /ADD (The Active Directory Users and Computers snapin will not allow you to add Everyone to this group).
Verify permissions on the server object. The PES requires that the Pre-Windows 2000 Compatible Access group has Read All Properties rights on the following object: CN=Server,CN=System,DC=<domain_name>
Verify that anonymous access is allowed to domain controllers in the target domain. Open the group policy editor for the domain, and navigate to the following setting:
Default Domain Controllers Policy/Computer Configuration/Windows Settings/Security
Settings/Local Policies/Security Options/Additional restrictions for anonymous connections
Verify that either 'Rely on default permissions' or 'not defined' is selected. If 'No access without explicit anonymous permissions' is selected, password migration to the target domain will fail with Access Denied.
If you are running ADMT on a .NET server, you also have to make sure that the Let Everyone permissions apply to anonymous users right has been enable on that machine, or that the Anonymous Logon user has been added to the Pre-Windows 2000 Compatible Access group. This post was last edited by astorrs on Sunday, March 30, 2003 3:03:33 AM. |
| #2 By 125 (216.232.67.238) at Monday, March 31, 2003 03:53:49 PM |
| Send me an email and I will send you version 2.0. Andrew astorrs@acsconsulting.ca |
