This topic is resolved

Share

This topic contains 8 replies, has 3 voices, and was last updated by  Michael Pietroforte 6 months ago.

  • Author
    Posts
  • #117514
     Karim Buzdar 
    Moderator
    • Topics: 20
    • Replies: 55
    Post count: 167
    Member Points: 4,146

    Hi Michael/everyone,

    I am migrating an AD user account in a forest from child domain to parent domain using ADMT 3.2. But I am getting the following error.

    ERR2: 7621 Failed to move source object. Verify that the caller’s account is not marked sensitive and therefore cannot be delegated. hr=0x8009030e No credentials are available in the security package.

    Earlier, I had successfully migrated user from another child domain to same parent domain. What could be the issue? I searched everywhere but couldn’t find any correct logical solution.

    Thank you,

    Karim

    0
  • #117516
     Jason Coltrin 
    Moderator
    • Topics: 2
    • Replies: 11
    Post count: 23
    Member Points: 414

    Is it just that one user and others migrated successfully? Is it worth trying to resolve or just re-create the account in the new domain? It sounds like a domain trust issue. Did you try this solution? http://www.b-blog.info/en/admt-err2-7621-while-migrating-accounts-within-the-forest.html

    0
  • #117519
     Karim Buzdar 
    Moderator
    • Topics: 20
    • Replies: 55
    Post count: 167
    Member Points: 4,146

    Hi Jason,

    Thank you for your reply.

    The migration issue is with all users. Although computer accounts are migrating successfully so doesn’t look like a trust issue. I checked the solution you mentioned but that didn’t work.

    Any more thoughts?

    Karim

    0
  • #117532
     Michael Pietroforte 
    Keymaster
    • Topics: 136
    • Replies: 309
    Post count: 940
    Member Points: 5,960

    Is Microsoft Exchange running in the child domain?

    0
    • #118699
       Karim Buzdar 
      Moderator
      • Topics: 20
      • Replies: 55
      Post count: 167
      Member Points: 4,146

      Hi Michael,

      There is  no MS exchange running in child domain. Users are in normal OU in source/child domain. Don’t know why this is happening?

      Thank you,

      Karim

       

      0
      • #118702
         Michael Pietroforte 
        Keymaster
        • Topics: 136
        • Replies: 309
        Post count: 940
        Member Points: 5,960

        Did you check if the user account is marked sensitive? Maybe an admin enabled this for security reasons.

        0
        • #118709
           Karim Buzdar 
          Moderator
          • Topics: 20
          • Replies: 55
          Post count: 167
          Member Points: 4,146

          Hi Michael,

          That was the issue and it is resolved 🙂

          Thank you,

          Karim

          2+

          Users who have liked this topic:

          • avatar
  • #118717
     Jason Coltrin 
    Moderator
    • Topics: 2
    • Replies: 11
    Post count: 23
    Member Points: 414

    Interesting- good catch Michael! I’ve never seen that box checked in user account settings.

    1+

    Users who have liked this topic:

    • avatar
  • #118985
     Michael Pietroforte 
    Keymaster
    • Topics: 136
    • Replies: 309
    Post count: 940
    Member Points: 5,960

    Karim, I am glad that you found the problem. Good that you have PowerShell to change the setting for all your users. 😉

    Jason, it rarely happens, but sometimes error messages contain a grain of truth. 😉

    1+

    Users who have liked this topic:

    • avatar

You must be logged in to reply to this topic.

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account