Error Messages When Using the ClonePrincipal Tool to Migrate User Accounts
This article was previously published under Q283833 SYMPTOMS
You may receive an error message when you attempt to migrate user accounts by using the Windows 2000 ClonePrincipal support tool and any of the sample batch files: Sidhist.vbs, Clonepr.vbs, Cloneggu.vbs, Clonegg.vbs, or Clonelg.vbs. The error messages vary depending on the account migration path. When you attempt a Microsoft Windows NT to Windows 2000 migration, you may receive the following error message:
Windows Scripting Host Error: 0x80072035
When you attempt a Windows 2000 to Windows 2000 migration, you may receive the following error message:
Error Description: Failed to add the source SID to the destination object's SID history. The error was: "The server is unwilling to process the request." Error Source :DSUtils.ClonePrincipal.1 ADsError Description: "The server is unwilling to process the request."
Windows Scripting Host Error: 0x8007215B Error Description: Failed to add the source SID to the destination object's SID history. The error was: "The source object's SID already exists in destination forest." Error Source :DSUtils.ClonePrincipal.1 ADsError Description: "The source object's SID already exists in destination forest." CAUSE
This issue can occur if the built-in account names in the source domain do not match the built-in account names in the destination domain. This behavior can occur if the built-in Administrator account was renamed in one of the domains. This issue also occurs if the built-in groups are named differently between the source and destination domains. When account names in the source domain and the destination domain are different, the ClonePrincipal tool attempts to create a duplicate security ID (SID), and the error messages occur. This error may also occur when you are running the ClonePrincipal script for a user account that was previously imported, and then moved to a different organizational unit in Active Directory. SIDhistory data is applied after the account is created, so the duplicate account is present even after the ClonePrincipal tool generates the errors and the migration is unsuccessful. RESOLUTION
To resolve this issue, follow these steps:
MORE INFORMATION
The sample batch files that are included in the Support Tools for ClonePrincipal do not contain any error checking capabilities. The renamed built-in account is created as a new user. The SIDhistory function in Clonepr.dll attempts to apply the SID of the built-in source account to the brand new user, and not the built-in destination account. This operation is not successful because the SID already exists in the built-in destination account. More information about the ClonePrincipal utility can be found in the Clonepr.doc file, that is included in the Windows 2000 Support Tools package. You can install the ClonePrincipal utility from the Windows 2000 Support Tools package. More information about account migration and consolidation can be found in the Change and Configuration Management Deployment Guide that is located at the following Microsoft Web site: http://microsoft.com/windows2000/library/resources/reskit/deploy/ccm/ (http://microsoft.com/windows2000/library/resources/reskit/deploy/ccm/)
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
