Create a two-way trust between two domains for simplification.
Please choose the External Trust on both domains.
Install Windows server support tools on VAN.COM
Disabling the SID Filtering by:
C:\Program Files\Support Tools>netdom trust van.com /domain:vanstudents.com /quarantine:no /usero:administrator /passwordo:password
setting the trust to not filter SIDs.
The command completed successfully.
C:\Program Files\Support Tools>netdom trust vanstudents /domain:van /quarantine:no /usero:administrator /passwordo:password
Setting the trust to not filter SIDs.
The command completed successfully.
Install ADMT 3.0.1 on Windows Server 2003 domain: VAN.COM;
C:\>Admt KEY /option:create /SourceDomain:VANSTUDENTS /KEYFILE:mypass
The password export server encryption key for domain 'VANSTUDENTS' was successfully created and saved to 'C:\mypass.pes'.
Copy the following file from C:\Windows\ADMT directory to the domain controller of VANSTUDENTS domain:
Instmsiw.exe
PwdMig.exe
PwdMig.ini
PwdMig.msi
Don't use the files from Windows Server 2003 CD.
Copy the mypass.pes to the domain controller of VANSTUDENTS domain.
Create a domain user: User1 in VAN.COM domain; It will be used to start the PES service in VANSTUDENTS domain.
ADD VAN\Administrator to VANSTUDENTS\Administrators domain local group. Please don't forget this step.
At VANSTUDENTS domain controller, run PwdMig.msi,
Both Office and Order users' profile and application settings are kept. The MS OUTLOOK settings and OUTLOOK Express settings are kept.
=============
Please choose the External Trust on both domains.
Install Windows server support tools on VAN.COM
Disabling the SID Filtering by:
C:\Program Files\Support Tools>netdom trust van.com /domain:vanstudents.com /quarantine:no /usero:administrator /passwordo:password
setting the trust to not filter SIDs.
The command completed successfully.
C:\Program Files\Support Tools>netdom trust vanstudents /domain:van /quarantine:no /usero:administrator /passwordo:password
Setting the trust to not filter SIDs.
The command completed successfully.
Install ADMT 3.0.1 on Windows Server 2003 domain: VAN.COM;
C:\>Admt KEY /option:create /SourceDomain:VANSTUDENTS /KEYFILE:mypass
The password export server encryption key for domain 'VANSTUDENTS' was successfully created and saved to 'C:\mypass.pes'.
Copy the following file from C:\Windows\ADMT directory to the domain controller of VANSTUDENTS domain:
Instmsiw.exe
PwdMig.exe
PwdMig.ini
PwdMig.msi
Don't use the files from Windows Server 2003 CD.
Copy the mypass.pes to the domain controller of VANSTUDENTS domain.
Create a domain user: User1 in VAN.COM domain; It will be used to start the PES service in VANSTUDENTS domain.
ADD VAN\Administrator to VANSTUDENTS\Administrators domain local group. Please don't forget this step.
At VANSTUDENTS domain controller, run PwdMig.msi,
Reboot the Domain Controller of VANSTUDENTS domain.
Start the Password Export Server service (only when you migrate the password.)
Run ADMT tools from domain controller of VAN.COM domain;
Make sure that Password Export Server starts at the VANSTUDENTS.COM!
Answer YES to all the prompts shown.
Reboot the domain controller of VANSTUDENTS.COM
AND Make sure that Password Export Server starts at the VANSTUDENTS.COM!
Re-run the Migration Wizard
========================
After you migrate the OFFICE and ORDER users from vanstudents domain to van.com domain, disjoin the XP Machine from VANSTUDENTS domain and Join it with VAN.COM domain;
Both Office and Order users' profile and application settings are kept. The MS OUTLOOK settings and OUTLOOK Express settings are kept.=============
Instead of disjoining from VANSTUDENTS domain and rejoining it to VAN.COM domain, you should use the ADMT tool -- Computer Migration Wizard
After the two-way trust relationship was established, you can initiate the Computer Migration Wizard from Windows Server 2003.
I had two problems to run the DISPATCH agent.
Log file:
[Agent Dispatch Section]
The Active Directory Migration Tool Agent will be installed on Ten.vanstudents.com
Unable to ping the machine 'Ten.vanstudents.com'. Make sure it is up and running.
....
....
My Windows Server 2003 has two NIC cards equipped with one accessing Internet. I disable the Internet NIC. Solve the unable to ping the machine problem.
Access is denied.
Failed to install agent on file://ten/, rc=5 Access is denied.
Unable to access ADMIN$ share on the machine 'Ten.vanstudents.com'. Make sure the share exists and the account running ADMT is a member of local administrators group on the machine 'Ten.vanstudents.com'.
....
....
I visited the XP machine and add the VAN\Administrator to be the member of administrators group.
After that, I got the following:
The XP machine joins the VAN.COM domain. Because you have already migrated the user accounts with passwords from VANSTUDENTS domain to VAN.COM domain, the user profiles and settings are kept when they log on to the VAN.COM domain.
