Wednesday, July 27, 2011

ADMT is unable to connect to domain controller. 0x80070005

I am performing cross forest migration from 2 AD forests, multiple domains into a new AD forest. When I added one of the domains within a source forest I received the following error:

ADMT is unable to connect to domain controller
\\domaincontroller.sourcedomain.local, in domain sourcedomain.local. Access is denied.
(0x80070005)




Morgan Che posted up multiple causes for this error on the following forum thread:

http://social.technet.microsoft.com/Forums/en/winserverMigration/thread/f0e341f2-d00c-4bf7-925f-250af8530440

I had a different problem to the ones mentioned on the above forum thread. One of my forests was setup with whats called a single labelled domain name. ADMT was having difficulties communicating with all domains within the single labelled forest.

To resolve this on the ADMT server I needed to add a DWORD registry key "AllowSingleLabelDnsDomain" with a decimal value of 1.



ADMT was then able to communicate with all domains in the forest which had a single labelled root domain.

For more information on this registry key please see:

http://support.microsoft.com/kb/300684

6 comments:

  1. I have no words for this great post such a awe-some information i got gathered. Thanks to Author.

    ReplyDelete
  2. I am the first time on this site and am really enthusiastic about and so many good articles .domain name hosting

    ReplyDelete
  3. I wish you continued success and a very nice page

    ReplyDelete
  4. I've been scratching my head and wondering how long it was going to take me to figure this out. Thank you for spelling it out for me. Looking forward to more posts like this in the future.

    hard drive data recovery hardware

    ReplyDelete
  5. Any thoughts on the below issue? I am getting the same error, just a different scenario. What would you do for this?
    I am having difficulty migrating a DMZ domain to an internal domain. I just need to migrate users, groups and passwords. The target domain is DomainA.net (a tree root domain of RootA.com) which is in the RootA.com Forest with 4 total domains. The source of the migration is DomainB.net in the RootB.com Forest (also a tree root domain). Both domains in the RootB Forest (RootB.com and DomainB.com) are in the DMZ. There is a one-way Forest trust (That is Transitive) between RootA.com and RootB.com (RootA.com is listed as a Domain trusted by this domain (outgoing trusts) in RootB.com & RootB.com is listed as a Domain that trust this domain (incoming trusts) in RootA.com). RootA.com contains the DNS servers for all of the domains (the 4 domains in RootA.com Forest and 2 domains in the RootB.com Forest). So I didn't have to do anything with DNS to create a two-way external non-transitive trust between DomainA.net and DomainB.net. The trust was established and validated. I built a temporary server named TEMPADMT to run ADMT v3.2 in the DomainA.net (target) that runs SQL Server Express 2008 SP1. ADMT v3.2 installed without any issues. I installed PES on DomainB.net's PDC, generated a key and applied it (that went smooth). My issue is when I open ADMT and go to select the Source and Target domains. The Source (DomainB.net) is not listed, but I am able to type it in and it finds the two domain controllers in the domain. The Target (DomainA.net) is listed and I am able to select it and the domain controller no problem. When I click next I get the following Error: ADMT is unable to connect to domain controller \\DomainBDC1.DomainB.net in domain DomainB.net. Access is denied. (0x80070005). I tried logging in to the TEMPADMT server with the DomainB.net admin account and running it with those credentials, but I get the same error, this time for DomainA.net - Error: ADMT is unable to connect to domain controller \\DomainADC1.DomainA.net in domain DomainA.net. Access is denied (0x80070005). I built a test setup (the best I could - 5 servers (one for each domain) I was not able to build the DMZ in the test lab) to try to duplicate the issue but was unable to replicate the problem... unless I removed the external trust and then I was presented with the same error. I validated the trusts and made sure they were active and running. In order to try this migration I had my security team open Any>Any firewall rules (inbound and outbound) between 1) DomainA.net's PDC and DomainB.net's PDC 2) TEMPADMT.DomainA.net and DomainB.net's PDC. Any help is much apprecaited.

    ReplyDelete
  6. Hello, i am glad to read the whole content of this blog and am very excited and happy to say that the webmaster has done a very good job here.

    ReplyDelete