This article has been archived. It is offered "as is" and will no longer be updated.
When you try to use the Active Directory Migration Tool version 2 to migrate a Microsoft Windows 2000 Server domain, you may receive an error message that is similar to the following:
ERR2:7422 Failed to move object CN=Robert Brown, hr=80070057 The parameter is incorrect.
This problem may occur if a user account in the domain has been locked out. If a user account is locked out, it cannot be moved to another domain within the same forest.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
To install this hotfix, you must have Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4 installed on your computer.
You must restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
To work around this problem, before you use the Active Directory Migration Tool to move the accounts, use ADSI Edit to set the value of the lockoutTime attribute to 0 (zero) on the user accounts that are locked out.
Note ADSI Edit is available in the Windows 2000 Support Tools package. For additional information about how to install the Windows 2000 Support Tools package, click the following article number to view the article in the Microsoft Knowledge Base:
301423 How to install the Windows 2000 support tools to a Windows 2000 Server-based computer
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
To set the value of the lockoutTime attribute to 0, follow these steps:
Click Start, point to Programs, point to Windows 2000 Support Tools, and then click ADSI Edit.
Expand Domain NC [Your_Domain].
Expand Cn=Your_Domain, CN=Your_Domain, and then expand CN=Users.
Right-click the name of the user who is locked out, and then click Properties.
In the Select which properties to view list, click Optional.
In the Select a property to view list, click lockoutTime.
In the Edit Attribute box, type 0, click Set, and then click OK.
Repeat steps 4 through 7 for each user who is locked out.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For additional information about the new file naming schema for Microsoft Windows software update packages, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For additional information about the terminology that is used in this article, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates