ADMT computer migration to new domain.

When using ADMT 3.1 (Active Directory Migration Tool) to migrate a computer from a domain to a new domain you may experience the error – “The security database on the server does not have a computer account for this workstation trust relationship.”

My environment is 2003 forest -> 2008 forest and 2008 child domain at 2003 native. I think this is irrelevent in this instance though.

However, it’s pretty important that if you ARE migrating between domains that you update (or set manually on the computer’s nic) DHCP server so that the DNS points at the new DNS server. If you have trusts and DNS configured properly this shouldn’t matter too much, but it certainly is best practice.

Also, probably more importantly. If you have any group policy configuration that sets the primary DNS suffix to OLDDOMAIN then this will stay in effect after the migration and probably cause the breakage discussed here.

Anyway, onto the fix.

If you fire up ADSIEdit.msc on the target domain after migration, check out properties of the computer object that you migrated and look for the variable – servicePrincipalName

You need to make sure that there are values in there of:

.. chances are only the TERMSRV records will exist.

This solved the trust issues here.