Troubleshooting Service Account Migration Issues
Updated: June 11, 2014
Applies To: Windows Server 2008, Windows Server 2008 R2
Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)
This topic describes known issues related to migrating service accounts with the Active Directory Migration Tool.
You must have the appropriate rights to update a service account on a remote computer when you migrate an account
The user account that is running ADMT must have Logon Locally rights to any remote computer to which the tool dispatches an agent. This also applies to any remote computer whose Service Control Manager (SCM) is modified while a service account is migrated with the User Account Migration Wizard. If this account does not have the right to change the SCM, the service account is still migrated to the target domain, but the service on the remote computer is not updated to use the target domain account. To update the service on the remote computer, run the Service Account Migration Wizard and select No, use the previously collected information on the Update Information page. Because the user’s lack of access is not always flagged as an error in Migration Progress, it is a good practice to check the migration log file for any errors after you migrate service accounts.
Services must be identified on all computers before service accounts are migrated
If you identify services on servers using the Service Account Migration Wizard after user migration has taken place, the configuration of these services with the migrated account and password information will fail. To configure these services you have to rerun the user migration.
Service account migration takes longer than expected
You might increase performance by enabling a Windows Firewall exception for Remote Service Management on the computer that is being used.
Open Control Panel (Classic View), and then open Windows Firewall.
Click the Exceptions tab.
Make sure that the Remote Service Management check box is selected.