Discussion:
ADMT - force password migration?
(too old to reply)
jefsower
2006-11-22 16:31:02 UTC
Permalink
Is there a way to force ADMT to update the destination password?

Im attempting to follow Microsofts instructions of using the Exchange
Migration Wizard to create new accounts and mailboxes in a new domain. Then
Im using ADMT to import the user accounts and passwords. Microsoft says that
you then have to use the AD Cleanup Utility to merge these two new accounts
but when I run the ADMT it merges the new account with the exsisting one on
its own. That would be fine but the passwords from the old domain arn't
working. I know my password migration is setup correctly; it works fine when
exchange isnt brought into things.

I try to re-migrate the passwords to the new accounts but the ADMT doesn't
even try to: "Did not try to copy the password for CN=test-02, since the
source password has not been changed since the last migration of this user."
Paul Williams [MVP]
2006-11-22 19:59:16 UTC
Permalink
Post by jefsower
I try to re-migrate the passwords to the new accounts but the ADMT doesn't
even try to: "Did not try to copy the password for CN=test-02, since the
source password has not been changed since the last migration of this user."
OK, it's being sensible and not duplicating effort. However that's an issue
for you.

One option could be to run a script that resets the passwords of all user
objects (within a scope defined by you) and then run ADMT again and (re)
migrate the passwords. This time they'll go, as the hash that's being
checked is different.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
jefsower
2006-11-23 00:51:01 UTC
Permalink
Wow, way to keep it professional buddy. Yes, the wizard is 'smart' enough to
realize that its already migrated the password, but you think, just maybe,
there may be some case, such as when a user migration fails to properly
migrate a password, that there may be some reason to migrate the password
again? Maybe that could even be part of the reason why they put in a whole
seperate wizard just for migrating the password?

Your idea makes sense, but I already went about it another way. Running the
user migration first (with SIDHistory) allows Exchange's Migration Wizard to
merge the mailbox settings into the account without changing the password.
Post by Paul Williams [MVP]
Post by jefsower
I try to re-migrate the passwords to the new accounts but the ADMT doesn't
even try to: "Did not try to copy the password for CN=test-02, since the
source password has not been changed since the last migration of this user."
OK, it's being sensible and not duplicating effort. However that's an issue
for you.
One option could be to run a script that resets the passwords of all user
objects (within a scope defined by you) and then run ADMT again and (re)
migrate the passwords. This time they'll go, as the hash that's being
checked is different.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Paul Williams [MVP]
2006-11-23 07:01:12 UTC
Permalink
LOL, I just re-read my post and I can see how it might have come across. I
was trying to point out that it's probably a justified block, but also point
out that that feature is giving you grief. I wasn't trying to be facetous
or obtuse.

You raise a good point about having a valid reason to re-migrate passwords
even if they haven't changed. A failure to migrate probably wouldn't result
in this, it would know there was an issue and allow you run again, however
your problem is reason enough to have such an option, as is the need to
perform periodic syncs during co-existence. Raise it with your TAM, and I
will also submit a feature request for it.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Loading...