-
Titre
Error: "Access is denied" occurs when migrating accounts that have the "User cannot change passwo -
Description
The following error occurs when migrating accounts that have the "User cannot change password" flag enabled:
"Access is denied" -
Cause
Refer to Resolution
-
Résolution
The value of this checkbox, "User cannot change password", is stored inside userAccountControl as well as the User account's security descriptor as an explicate deny of "change password" for SELF. So the problem lies in how Microsoft natively works with the "User Must Change password" flag, as there is also a requirement for security permissions to be set during the same time.
Note: userAccountControl also houses user must change password, password never expires, etc.
WORKAROUND
Ensure the options to sync/migrate Security descriptors, as well as "User must change password" flag, are selected when migrating objects.
STATUS
This error message was removed in Migration Manager for AD 7.1.4. However, you still must choose to "Merge" or "Replace" security descriptors if you wish to copy the "User must change password" flag.The latest version of Migration Manager for AD can be downloaded at:
http://support.quest.com/support_download/Downloads.asp. -
Identifiant du défaut
CR0153792