Importing AD - Add error on line 1: Referral

  • Thread starter Thread starter Pat Coghlan
  • Start date Start date
P

Pat Coghlan

Scenario: Two DCs in old domain. Rebuilding one of the DCs to have a
new domain name and keep existing user accounts. Will later add 2nd DC
to new domain.

- exported users from DC-2 in domain a.b.x.y.z
- imported users to DC-1 in domain a.b.c.x.y.z

First line of LDF file contains:

dn: CN=Guest,CN=Users,DC=a,DC=b,DC=c,DC=x,DC=y,DC=z
changetype: Add
countryCode: 0 (used this item from an example seen in this forum)
userAccountControl: 66082

It basically chokes on the first item - the Guest user account from the
old domain.

Suggestions as to why it is getting stuck much appreciated.

-Pat
 
The Guest account is a builtin default domain account. That is not
required to migrate to the new domain. You should remove builtin accounts
and groups such as Guest and Administrator. A more helpful tool is Active
Directory Migration tool which you can download from
http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/adm
t.asp . It is a GUI interface used to migrate accounts between domains.
For information on how to setup the domains for ADMT migration you can
refer to Microsoft Knowledge Base article 326480
(http://support.microsoft.com/?id=326480)

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks, I'll give this tool a try. The command line tool is way too
user-unfriendly!

The guest account was the first to fail, but I'm playing with AD
migration in our lab for now before moving on to our live system. I
haven't checked, but I'm pretty sure that Guest/Administrator have been
removed from the live system.

-Pat
 
I read the description of ADMT. Correct me if I'm wrong, but it does
not appear to apply to my situation (DCs for old/new domain are not on
the same network).
 
You do need to have network connectivity between the domains, at the very
least between the 2 PDC's when migrating users and groups.

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
I assume you mean if one wants to be able to export domain policies
(when everything is exported I notice some http:// references in the
exported file...pointing back to one of the DCs). Just the users/groups
can be done via an LDF file.
 
I was referring to ADMT. In order to use ADMT a domain controller from
each domain must have network communication. ADMT cannot be used to export
to a file. It is a direct migration from one active directory to another.
If the two domains have no way of communication then you will have to
export and import via ldifde. After you perform the export, eliminate
accounts and groups that are defaults in Windows.

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top