June 14, 2017 fiducheah

Running a Active Directory consolidation project using ADMT as the migration tool.   One of the requisites is to disable Sid Filtering on the Target domain.

The command is as follows:

netdom trust source.int /domain:target.int /quarantine:no /usero:target\administrator /passwordo:xxxxxx <– I think /userd: and /passwordd: also works


So I keep getting “Access is Denied”

“The command failed to complete successfully.”
Went into Group Policy Editor and enabled “Network Access:  Allow anonymous SID/Name translation” in the Default Domain Controller GPO, disabled UAC, rebooted, but still the same “Access is Denied”  error persists.


Ended up establishing a RDP session with the source domain controller and ran the same command, and presto it works!  So moral of the story, run this command on the source domain controller not target if you are met with this predicament.





Leave a Reply

Your email address will not be published. Required fields are marked *