ADMT 3.2 Interforest migration - ERR2:7447

nham 1 Reputation point

It's been 2 days now that I'm struggling with an interforest migration and I cannot find any solution on the web.

[Object Migration Section]  
2022-10-19 14:47:38 Starting Account Replicator.  
2022-10-19 14:47:42 CN=Nabil TEST        - Created  
2022-10-19 14:47:42 ERR2:7447 SID History cannot be updated for testaccount.  The credentials entered (SOURCE\\res_migrator) must have Administrator privileges on the source domain.  
2022-10-19 14:47:42 WRN1:7392 SIDHistory could not be updated due to a configuration or permissions problem.  The Active Directory Migration Tool will not attempt to migrate the remaining objects.  
2022-10-19 14:47:42 Operation Aborted.  
2022-10-19 14:47:43 Operation completed.  

The res_migrator account is a domain admin and part of the built-in administrator group on the SOURCE domain. It is also part of the built-in Administrator group in the TARGET domain.
ADMT is run on a computer as TARGET domain administrator, who is also part of the Administrators built-in group in the TARGET and SOURCE.
There is a 2 way Forest Trust Relationship between SOURCE and TARGET that is working fine (all users can access resources on both domains).
I have checked on both domains: SID filtering is DISABLED and audit settings for Domain Controllers on SOURCE and TARGET domains are OK.
SOURCE DC is Windows Server 2019 Standard and TARGET DC is Windows Server 219 Datacenter.

I'm running out of options and I have dealines to meet :(

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,148 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dave Patrick 416.3K Reputation points MVP
    0 comments No comments

  2. nham 1 Reputation point

    Thank you @Dave Patrick for your reply but I already been through that thread...

    0 comments No comments

  3. nham 1 Reputation point

    I have found a solution for this issue.
    At this step, I tried the target domain admin account that is added in the source domain built-in administrators group and it worked!

    It is very confusing and got me stuck for days.