ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Child domain to parent domain
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Child domain to parent domain

 Post Reply Post Reply
Author
Message
Zerak7 View Drop Down
Newbie
Newbie


Joined: 21 Jan 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote Zerak7 Quote  Post ReplyReply Direct Link To This Post Topic: Child domain to parent domain
    Posted: 23 Jan 2023 at 7:35am
Good morning there,

We're making some tests with the corporate version.
We try to move computers from the child to the parent domain. The operation is denied because the computer is already in the domain, so an object with the same name already exists.
By your software, Is there a way to remove it before joining the domain?

B/R
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 23 Jan 2023 at 9:10am
Hi, 

You are receiving a Duplicate SPN message from Windows, because the same computer name cannot exist in the forest. The easiest way around this is to configure User Profile Wizard to rename the computer as part of the migration process.

There are other methods which you could look into, such as disabling uniqueness SPN checking and then deleting the old computer object after the migration. Microsoft do not recommend this, but it could be an option for you to investigate if you want to avoid renaming the computers.

Support.
Back to Top
Zerak7 View Drop Down
Newbie
Newbie


Joined: 21 Jan 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote Zerak7 Quote  Post ReplyReply Direct Link To This Post Posted: 23 Jan 2023 at 10:39am
Hi,
thanks for you reply.

I can do a script to switch all the computers from the old-domain to a workgroup (SPN issue resolved).
Then, can I use your software to put these WS from the WG to the new domain? I gave a try a I got access denied with the local administrator credentials. Maybe because PSremoting is disabled?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 23 Jan 2023 at 11:33am
Hi, 

If you are running the software on the computers once they have been unjoined from the domain, the <LocalAdmin> credentials cannot be Domain credentials, because the computer is no longer a member of the domain, you'll need to specify Local Admin credentials. 

Support.
Back to Top
Zerak7 View Drop Down
Newbie
Newbie


Joined: 21 Jan 2023
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote Zerak7 Quote  Post ReplyReply Direct Link To This Post Posted: 25 Jan 2023 at 10:10am
I tried many things.

I've my workstations on the old-domain, then:

I create a local admin on every workstation to be sure I'll still have the administrators rights later. (ok)
I leave the old-domain.
I do the command profwiz.exe /COMPUTER WSXXX (WSXXX is pingable).

I still have the message connecting to WSXXX...
Access is denied.

I configure the config profwiz file by using the Deployment kit and I proceeded step 10 of 13 with my localadmin and password (tested on local WS).

Any idea why access is denied?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 25 Jan 2023 at 10:32am
Hi, 

If you are running the software remotely, and not on the computer you are migrating, and using a local admin account - 

By default, Windows 7 (and later) prevents local accounts from accessing administrative shares through the network – this is a common reason for “Access Denied”. To enable administrative shares you have to make a registry change. Run Regedit and add the following registry value:
 
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: LocalAccountTokenFilterPolicy
Data Type: REG_DWORD (32-bit)
Value: 1

If you continue to have a problem, please email us at support with your migration log and config file. 

Thanks,

Support.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.094 seconds.