Resolution
Domain Migration Administrator 7.x
symptom
Security is not translated on the roaming profile even though the log may appear that it has.
symptom
The log erroneously shows that the profile gets translated.
Translating user profile for USERNAME
SecurityTranslation Files:Yes TranslationMode:Add
Starting
Processing \\<computer_name>\<share_name>\Profiles\USERNAME
Operation completed.
A log from a properly translated profile would list each registry key name that has been translated. The log above does not show this.
cause
Replication has not occurred across the domain (especially on the PDC emulator). The translation process for roaming profiles does not reference the RID in migrated objects table. Domain Migration Administrator (DMA )looks up the RID from the domain. Specifically, DMA queries the PDC emulator to resolve the target SID for the roaming profile. If replication has not occured, the AD of the PDC emulator most likely does not contain the account that DMA just created.
fix
There are three different possible workarounds:
- Re-migrate the user account and choose to translate the roaming profile after replication has occurred.
- Move the DMA console to the PDC emulator (or capture this role on the DMA console DC).
- Use the RemoteProf.exe command line translation utility included with DMA.
- You will need to install Hotfix 22291 in order to view the Readme for this utility.
To download the Hotfix click the following link:
https://www.netiq.com/support/dma/hotfixes.asp
To access the Readme for this utility, refer to the following knowledge base article:
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB12651