Migrating SIDHistory works then randomly stops!!!

Chau Le 96 Reputation points
2021-04-08T05:55:04.773+00:00

Title says it all. We have all the requirements set up for SIDhistory. All auditing requirements in both source and target DCs.. empty group in source netbiosname$$$ .... all the requirements.

2 issues...

  1. Each and EVERYTIME we run the wizard and sidhistory is checked, the wizard ALWAYS says Auditing is not enabled on target do you want to enable it? I click yes, put in credentials and migration works for users/group object. EVERYTIME never fails... why does it keep asking??
  2. When I do a bulk migration of user or groups.... I go thru same issue from #1 ....but then during the migration it randomly stops at a user/group stating that Auditing is not turned on? I re run the migration and same issue, stops randomly... it doesn't stop at the same object and if I migrate only the object where it stops and report the error.... it works...so its not the user or group.....

Why does it work migrating SIDHistory and merging...then randomly stops and complain that Auditing is not turned on??? If its not turned on it shouldn't work at all!

Thoughts???

Windows Server Migration
Windows Server Migration
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Migration: The process of making existing applications and data work on a different computer or operating system.
408 questions

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 18,706 Reputation points Microsoft Vendor
    2021-04-09T07:00:59.757+00:00

    Hello @Chau Le ,

    Thank you for your patience.

    You can try the steps in the following link to see if it helps.

    Configuring the Source and Target Domains for SID History Migration
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc974410(v=ws.10)?redirectedfrom=MSDN

    Similar case.
    ADMT 3.2 ERR2:7430 When migrating users
    https://social.technet.microsoft.com/Forums/en-US/60aafcc8-4a0f-4f3c-9663-5b927e72b714/admt-32-err27430-when-migrating-users?forum=winserverMigration

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  2. Daisy Zhou 18,706 Reputation points Microsoft Vendor
    2021-04-12T07:55:02.533+00:00

    Hello @Chau Le ,

    Thank you for your update.

    It prompt the one only time in my lab when I migrate the first user account.

    It will not prompt the message when I migrate second and later user account in my lab.

    It seems the setting is misconfigured or some setting is not configured in your environement.

    1.Did you configure Legacy audit policy under Computer Configuration\Windows settings\security settings\local policies\audit policy or advanced audit policies under Computer Configuration\Windows settings\security settings\Advanced Audit Policy Configuration?

    Tip:
    1-Advanced audit policies will overwrite all legacy audit policies by default.

    2-If you have never configured any advanced audit policies before, then you configure traditional audit policies.

    3-If you have configured any advanced audit policy before, you need to configure the advanced audit policy.

    We can run the following commands on the domain controller to force the refresh policy and check whether the related audit policy settings are enabled:

    gpupdate /force
    auditpol /get /category:*

    For example:

    I configure advanced audit policy.
    86792-ds1.png

    2.Did you create a local group in the source domain to support auditing?
    In the source domain, create a local group called SourceDomain$$$, where SourceDomain is the NetBIOS name of your source domain, for example, Boston$$$. Do not add members to this group; if you do, SID history migration will fail.

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  3. Chau Le 96 Reputation points
    2021-04-09T20:25:02.857+00:00

    This is the error I keep getting

    2021-04-10 06:22:10 ERR2:7430 SID History for Accounts mailbox cannot be updated because auditing is not enabled on infosolco.net. rc=8536.\n This operation requires that auditing be enabled for Success and Failure auditing of account management operations.
    2021-04-10 06:22:10 WRN1:7392 SIDHistory could not be updated due to a configuration or permissions problem. The Active Directory Migration Tool will not attempt to migrate the remaining objects.
    2021-04-10 06:22:10 Operation Aborted.
    2021-04-10 06:22:10 Operation completed.

  4. Chau Le 96 Reputation points
    2021-04-12T06:36:42.17+00:00

    Yes I run the ADMT wizard for user or groups...same error. I check "migrate SIDHistory" ... and each time I get the below picture.

    86650-image.png

    Why would I get this each time? I click yes one time and put in credentials and it continues. But based on this message it appears that the tool will set it for me? For some reason the tool is not recognizing the Auditing settings. I set the Auditing settings in Default Domain Controller GPO.

    0 comments
  5. Chau Le 96 Reputation points
    2021-04-12T14:23:32.69+00:00

    Looks like I have some differences than yours. Let me configure to match yours and try again

    86956-image.png

    0 comments