the new errors are (after using the suggested syntax below):
ERRR: 0x208f The object name has bad syntax.
MoveTree detected that the Destination DN CN=Bauerle\,
Nicola,ou=germany,dc=kbe,dc-kaobrands,dc=net already exists.
ERRR: 0x20e4 The naming context could not be found.
MoveTree cross domain move failed. The extended error is 000020E4: NameErr:
DSID-031B0268, problem 2001 (NBJECT), data 0, best match of:
'CN="Bauerle, Nicola",ou=germany,dc=kbe,dc-kaobrands,dc=net'
ERRR: 0x20e4 The naming context could not be found.
MoveTree object CN=Bauerle\, Nicola,U=Cincinnati,DC=kbc,DC=kaobrands,DC=net
failed the Cross Domain Move Check
The only reference in the KB's I can find to these errors are about using
CAPS in the domain names, which I haven't done there is one referring to
ADMT (use MVETREE it says) - check and one in a MVETREE KB. Use all
lowercase - check.
I also tried the syntax with the "Bauerle\, " first and it complained about
not finding a match, that the closet thing was "Bauerle," so I replaced it
with that and am now left only with the above error. Does anyone understand
the reference to "DN CN=Bauerle\,
Nicola,ou=germany,dc=kbe,dc-kaobrands,dc=net already exists"? Are they
referring the the U? As the user certainly isn't in there . . .
I also googled a forum with posts from a bunch of AD\Directory Services
MVP's referencing a hotfix to an accountlockout=0 problem associated with
ADMT and MVETREE? However, I am not sure if this impacts my situation as
none of my accounts are locked out or flagged for the user to change the
password at next login. am I misunderstanding the cause of that
error\need for hotfix?
Thanks!
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Grillenmeier, Guido
Sent: Tuesday, June 21, 2005 3:40 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
I've finally checked my notes on this and my initial thought was correct
(but the online description of movetree's syntax doesn't make it very
clear): you can move a user-object directly (i.e. you don't have to first
move it to a different U)
also, I've just checked your pasted command in greater detail =you've
added a user account with password with the /u + /p option (looks like the
samaccount name of Nicola Bauerle) =this option is used to run movetree
with alternate credentials, NT to set the password of the user in the
target domain (this is moved along with the object). As the user doesn't
have any adminsitrative rights in the target, this could very well be your
culprit
to continue, check out if this command works for you to move the account
from the "cincinnati" U (in the KBC domain) to the "germany" U (in the KBE
domain)
movetree /check /s RIDFSMSURCEDM /d RIDFSMTARGETDM /sdn CN="Bauerle\,
Nicola",ou=cincinnati,dc=kbc,dc=kaobrands,dc=net /ddn CN="Bauerle\,
Nicola",ou=germany,dc=kbe,dc-kaobrands,dc=net /verbose
=use the "" for the CN as the name has a space in it
if everything works, do the same with /start
/Guido
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Dienstag, 21. Juni 2005 21:01
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
Frustrating the destination RDN conflict appears to be a collision error
with the U's I created for the MVETREE. I created them on the RIDMaster's
so I wouldn't have to await replication. So I created a newer source U and
moved the account in to it. I also found you don't want to create the
destination U ahead of time, but rather let MVETREE create it. Now I get
even further along, but still another error:
ERRR: 0x54f An internal error occurred.
MoveTree cross domain move failed. The extended error is 0000054F: SvcErr:
DSID-031B02E2, problem 5003 (WILL_NT_PERFRM), data 0
ERRR: 0x54f An internal error occurred.
MoveTree cross domain move failed to move object CN=Bauerle\,
Nicola,,CN=b1741717-6b27-490f-a2ea-b0
efef1edcd2,CN=LostAndFound,DC=kbc,DC=kaobrands,DC= net to container
ou=move,ou=terminated,dc=kbe,dc=kaobrands,dc=net
When I look this one up in support it only references ADMT not being able to
enter an all caps domain name in lower case, whereas in MVETREE you can
type the command this way. I have been typing my commands in all LC so I
don't think that is it however, the netBios names are in all caps? I
don't think that matters though . . . my syntax specifies the FQDN . . .
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Tuesday, June 21, 2005 2:43 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
Now I feel I am very close after making the RIDMasters the source and target
DC's. I get one more error but I cannot figure it out and the KB isn't
yielding anything. Any ideas anyone?
ReturnCode: 0x210a The replication operation failed due to a collision of
object names.
MoveTree check destination RDN conflict for object:
ou=transfer,dc=kbc,dc=kaobrands,dc=net
ReturnCode: 0x0 The operation completed successfully.
MoveTree cross domain move check for object:
U=Transfer,DC=kbc,DC=kaobrands,DC=net
ReturnCode: 0x0 The operation completed successfully.
MoveTree cross domain move check for object: CN=Bauerle\,
Nicola,U=Transfer,DC=kbc,DC=kaobrands,DC=net
ReturnCode: 0x0 The operation completed successfully.
MoveTree check Duplicate SAM Account Name for object: CN=Bauerle\,
Nicola,U=Transfer,DC=kbc,DC=kaobrands,DC=net
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Tuesday, June 21, 2005 2:22 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
I tried the temp U method and got this error:
ReturnCode: 0x2012 The requested operation could not be performed because
the directory service is not the master for that type of operation.
And upon some research found you have to run this from and to the RID master
for each domain. to try #2
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Grillenmeier, Guido
Sent: Tuesday, June 21, 2005 1:46 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
hmm - I thought it wasn't an issue to pass a user account to be moved, but
after checking again, it looks like movetree will only work with Us.
as your ou=cincinnati obviously contains objects that can't be moved
successfully (e.g. global groups) and that you didn't say you want to move
(from your first post I thought you only wanted to move the user account),
I'd simply suggest to first create a TRANSFER U in the same domain as your
user and then move your user into that emtpy U (e.g. via ADUC). Then use
MVETREE (or ADMT) to move the user accross to the other domain.
, if you do want to move all objects within the U, you can either
first change the scope of the groups to something that permits moving them
(e.g. to universal groups) - but this also requires that the group's new
scope doesn't collide with how the group is used (e.g. a global group can't
be member of another global group when converted to a UG)
/Guido
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Dienstag, 21. Juni 2005 19:30
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
movetree /start /s kbc-dc4.kbc.kaobrands.net /d kbc-ukdc3.kbe.kaobrands.net
/sdn ou=cincinnati,dc=kbc,dc=kaobrands,dc=net /ddn
ou=germany,dc=kbe,dc-kaobrands,dc=net /u kbc\nbauerle /p 666nb666 /verbose
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Grillenmeier, Guido
Sent: Tuesday, June 21, 2005 1:15 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
can you post the exact movetree command syntax you used?
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Dienstag, 21. Juni 2005 19:14
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
So I have removed the umlaut. Still no dice. I tried movetree and the funny
thing is I get a ton of these:
ERRR: 0x2132 Cross-domain move of account groups is not allowed.
MoveTree object CN=ManufacturingX,U=Cincinnati,DC=kbc,DC=kaobrands ,DC=net
failed the Cross Domain Move Check
ERRR: 0x212d Can't move objects with memberships across domain boundaries
as once moved, this would violate the membership conditions of the account
group. Remove the object from any account group memberships and retry.
MoveTree cross domain move failed. The extended error is 0000212D: SvcErr:
DSID-031B024E, problem 5003 (WILL_NT_PERFRM), data 0
The only group showing on her "Member of" tab is Domain Users.
MnaufacturingX is a global group in the source domain.
Chris Haaker
ITS Infrastructure
x7841
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Grillenmeier, Guido
Sent: Monday, June 20, 2005 4:24 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: RE: [ActiveDir] ADMT and Error 7422
that would then be a move operation (which ADMT does support and I've used
it successfully).
the special character ( = o-Umlaut) could be the culprid, but it should be
easy for you to figure it out - just rename the account appropriately (is
the umlaut in the samAccountName, the CN or the DisplayName or?)
Anyways, you could also try to move the account via commandline using
MVETREE
/Guido
From: ActiveDir-owner (AT) mail (DOT) activedir.org
[mailto:ActiveDir-owner (AT) mail (DOT) activedir.org] Behalf Haaker, Chris
Sent: Montag, 20. Juni 2005 22:03
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] ADMT and Error 7422
IT Pros-
I am trying to migrate a user account from one child domain to another in
the same forest. They are the only two child domains in an empty root
configuration. I have tried to do this from a DC in the empty root, a DC in
the source domain and a DC in the destination domain. Each time I get the
same result (error 7422). Looking this up in the KB references migrating a
locked out account or an account with the "user must reset password" flag
set. I have unlocked, unchecked and reset passwords, allowed for
synchronization, etc. I also ran netdiag and dcdiag on the destination DC.
No errors were present. I also then demoted (waited 24 hours) and
re-promoted the DC in the destination domain. I am still getting the 7422
error.
I also noted the "Migrated Table Does Not Sync" error in the ADMT
readme file. I have removed all group memberships from her account (minus
domain user) and this did not help either. Although the supplemental error I
am getting is hr=8007054f Does anyone have any experience\advice on this
error?
The last thing is her name has an oumlot (sp?)() in it as it is German.
Think that could do it? All the test account migrations worked . . .
Thanks!
Chris