Quest Domain Migration Wizard 6.1.1 - Readme

Last revised November 23, 2005

This file contains system requirements and last-minute product information and updates to the documentation.

Resolved Issues
Upgrade Path
System Requirements
Global Operations
Known Issues

Resolved Issues

Version 6.1.1 (Maintenance Release)

If Domain Migration Wizard works with a target DC running Microsoft Windows Server 2003 Service Pack 1 and performs migration of passwords, some passwords may be reset to blank.
Important: For this functionality to work properly, contact Microsoft Support and request the hotfix described in internal Microsoft Knowledge Base article Q909737. Install this hotfix on the computer running Domain Migration Wizard.
Note: Due to this fix, the Domain Migration Wizard system requirements have changed.
The Exchange 5.5 Processing Wizard repeatedly displays the following error message:
A connection could not be established with the Microsoft Exchange Server 'ServerName'. The Exchange Server computer is not responding or the account under which you are attempting the connection has insufficient rights.
Re-permissioning fails during resource processing for a demoted DC. After running DCDemote for such a DC, the following record appears in the DCDemote log file:
Error -2147221003 MACHINE_NAME Could not process resources.
When using the DsAddSidHistory function, Domain Migration Wizard always used a PDC emulator to set the SIDHistory attributes, irrespective of the DC specified in Domain Migration Wizard. Now the domain controller specified in the Domain Migration Wizard is used.
It may take significant time to move computers if Agent Manager uses a PDC located behind a slow network connection. Now you can explicitly specify preferred DCs for each source and target domain.
Rollback of local profile update in Agent Manager doesn't work.
RegWalker: String values may be written incorrectly to the Windows 95/98 registry.
RegWalker: Source and target users may be matched incorrectly when the vmover.ini file is used. This happens because the object type (user or group) is not considered in calculating the source user's RID.
RegWalker: When the vmover.ini file in DMW format is used for RID calculation, RIDs are calculated incorrectly for source users migrated without renaming.
RegWalker: RegWalker may fail to copy a large number of registry keys (more than 32000).

Upgrade Path

To upgrade from Domain Migration Wizard 6.1, simply install the Domain Migration Wizard 6.1.1 and Domain Migration Wizard Resource Kit over the previous installation.

System Requirements

Domain Migration Wizard Components

Domain Migration Wizard does not necessarily have to be installed on a server or domain controller. It can be installed on the administrator’s workstation as long as the workstation complies with the following system requirements:

Platform	Intel x86
Operating system*	Microsoft Windows XP Service Pack 1 or higher, - OR - Microsoft Windows Server 2003
Additional Software	Microsoft Access 2000 or later or Microsoft Access Runtime**

Notes:

* Microsoft has confirmed that a problem in Microsoft products may prevent third-party programs from synchronizing user passwords. A supported fix is now available to address this problem. Please, contact Microsoft Support and request the hotfix described in internal Microsoft Knowledge Base article Q909737. Install this hotfix on the computer running Domain Migration Wizard Project Manager.
** Microsoft Access is required only for Domain Migration Wizard and Agent Manager.
If you are using Microsoft Access 2003, the security level must be set to Low or Medium.

Migration customization tasks require Scripting Runtime.

Domain Controllers and Member Servers

Domain controllers for the source, resource and target domains and the domain members to be reconfigured:

Platform	Intel x86
Operating system	Microsoft Windows NT 3.51 Workstation or Server (source and resource domains only), - OR - Microsoft Windows NT 4.0 Workstation or Server, - OR - Microsoft Windows 2000 Professional or Server, - OR - Microsoft Windows XP, - OR - Microsoft Windows Server 2003

Processed Computers

The computers on which resources are processed can be Intel x86-based computers running Windows NT 3.51 or higher. Microsoft IIS processing requires Windows NT 4.0 with Service Pack 3 and Option Pack, and Microsoft Internet Explorer 4.01 with Service Pack 1.

Global Operations

The platforms and configurations supported in this release may use any time zone, character encoding, language, or locale configuration to operate this product.

In addition to U.S. English, the product was tested on French, German, and Japanese Windows NT 4.0 and Windows 2000 environments.

The following limitations apply when running in any localized environment:

It is recommended to set the default system locale on the DMW console machine to be the same as that on the environment's domain controllers. Otherwise, messages generated on a domain controller may be displayed incorrectly on the DMW console.
Using the "Create connect.cmd" command from the Tools menu may result in a "path not found" error on non-English language versions of Windows. A workaround is to create %userprofile%\desktop\ folder prior to using the command; the connect.cmd file will be placed into that folder.
Several product dialog boxes and windows don't display correctly any non-English characters (junk characters are displayed). However, the product's functionality is not affected.

The following limitations apply when running in a Japanese environment:

DMW Agent Manager doesn't process the following objects:
- Service accounts that contain multibyte characters in the name.
- Runas scheduled task accounts that contain multibyte characters in the name.
- Anonymous IIS accounts that contain multibyte characters in the name.

Known Issues

Domain Migration Wizard fails to synchronize users' passwords from Active Directory to Windows NT environment if the Do not store LAN Manager Hash value on next password change policy is configured in the Active Directory domain. The following error is logged:
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain.
Domain Migration Wizard cannot run in two different Remote Desktop sessions simultaneously.
The Move computers operation in Agent Manager might not work properly when moving a computer back to the domain from which it was just moved.
Agent Manager cannot process service and scheduled task accounts set in UPN format.
The Exchange 5.5 Processing Wizard might not process Exchange 5.5 servers that have space characters in their names.
When DMW copies trusts from Windows NT 3.51, the previous run's trust list is shown.
If the target domain controller is specified in the Processing Options step of Domain Migration Wizard, the primary group for migrated users cannot be set.
SIDHistory cannot be added if the target user's DN exceeds 255 characters.
When migrating a user to an inetOrgPerson of the same name in Windows Server 2003, the inetOrgPerson is deleted from the target domain after an undo operation.
Domain Migration Wizard cannot process object names if the system locale is changed after creating the objects.
Domain Migration Wizard enumerates universal security groups the same way as global groups.
Domain Migration Wizard might not work properly if NetBIOS is disabled during migration.
If a user is migrated to a destination OU or container that already contains an OU or a container that has the same name as the user name, the user is created in the Users container instead of the destination OU or container.
SMS Processing Wizard cannot connect to the SMS server under an account that has an empty password.
Domain Migration Wizard stores its databases, logs, and other auxiliary information in files that have the same names as those created by Aelita Enterprise Migration Manager does, but the files have a different format. This might cause the malfunctioning of both products if, for example, they share the same project folder. It is recommended to have separate project folders for the products. Also, the file extensions are associated with the last product installed.
To improve the security of Active Directory forests, domain controllers running Windows Server 2003 and Windows 2000 Service Pack 4 (or higher) enable security identifier (SID) filtering on all new outgoing external trusts by default. You should consider disabling SID filtering if you have migrated objects to the trusted domain with their SID histories preserved, and want to grant them access to resources in the trusting domain based on the SIDHistory attribute. After the resources are updated granting explicit permissions to the new target accounts, SID filtering can be enabled.
If the workstation being updated does not have the default key container and Microsoft Enhanced Cryptographic Provider v1.0 is not installed, the following error will be written to the log:
""-2146893799 (Error) The keyset is not defined. Failed to initialize hash provider (CryptAcquireContext)".
The update will work correctly; however the update results will not be automatically verified.
The SQL Processing Wizard does not work if installed on a computer without Domain Migration Wizard.
The default installation folder for Domain Migration Wizard is %Program Files%\Quest Software\Domain Migration Wizard and all the shortcuts for the product are placed to Programs\Quest Software folder in Start menu. However, when upgrading from DMW version prior to 6.1, DMW is installed to the %Program Files%\Aelita\Domain Migration Wizard folder, and the program shortcuts remain in the Programs\Aelita folder instead of Programs\Quest Software.
If source and target accounts were merged and the target account's CN was changed during migration , the CN change will not be rolled back if you run undo.
If the User must change pasword at next logon option was selected for all accounts during migration, this option will not be applied to the accounts that have the User cannot change password option set. No warning messages are displayed or written to the log.
If a source user's SAMAccountName doesn't match a target user's SAMAccountName but matches the target user's UPN prefix, the account is placed on the conflict object list during the migration session. An administrator should select the rule to resolve the conflict.

Disclaimer

The information in this publication is furnished for information use only, does not constitute a commitment from Quest Software Inc. of any features or functions discussed and is subject to change without notice. Quest Software, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication.