Domain Migration Administrator 7.x
Error: 'E25997: Failed to move object CN=, hr=8007054f An internal error occurred.'
Microsoft security patch (Q835732, MS04-011) has been applied.
This issue can be caused by the source user account being locked out at any time since it was first created, and the Microsoft security patch (Q835732, MS04-011) being applied to the target domain controller (DC).
There are two different solutions to this issue:
- Uninstall the Microsoft security patch.
- There is an unpublished hotfix from Microsoft that is designed to handle a similar issue. This same hotfix also resolves the 'internal error occurred' error message as well. Once you have obtained the patch from Microsoft, it only needs to be applied to the destination domain controller (DC) that Domain Migration Administrator (DMA) is communicating with. You can determine which DC DMA is using by checking the Migration.log file after your migration. You can also specify a DC for DMA to use. This would allow installation of the hotfix on a specific DC.
- Please refer to the following Microsoft Knowledge Base article for the related issue and the Microsoft hotfix:
- 841819 - You receive an error message when you try to use version 2 of the Active Directory Migration Tool to migrate a Microsoft Windows 2000 Server domain
The workaround specified in the attached Microsoft article only resolves the 'Parameter is incorrect' error message. However, once that issue is resolved, if the Microsoft security patch has been applied, you will encounter the internal error message. This error can only be resolved by installing the MS hotfix.
Please refer to the following NetIQ Knowledge Base article for a related issue:
NETIQKB4445 - Error: Failed to move object CN=, hr=80070057 The parameter is incorrect