Wednesday, July 27, 2011

ADMT is unable to connect to domain controller. 0x80070005

I am performing cross forest migration from 2 AD forests, multiple domains into a new AD forest. When I added one of the domains within a source forest I received the following error:

ADMT is unable to connect to domain controller
\\domaincontroller.sourcedomain.local, in domain sourcedomain.local. Access is denied.

Morgan Che posted up multiple causes for this error on the following forum thread:

I had a different problem to the ones mentioned on the above forum thread. One of my forests was setup with whats called a single labelled domain name. ADMT was having difficulties communicating with all domains within the single labelled forest.

To resolve this on the ADMT server I needed to add a DWORD registry key "AllowSingleLabelDnsDomain" with a decimal value of 1.

ADMT was then able to communicate with all domains in the forest which had a single labelled root domain.

For more information on this registry key please see:


  1. I have no words for this great post such a awe-some information i got gathered. Thanks to Author.

  2. I am the first time on this site and am really enthusiastic about and so many good articles .domain name hosting

  3. I wish you continued success and a very nice page

  4. I've been scratching my head and wondering how long it was going to take me to figure this out. Thank you for spelling it out for me. Looking forward to more posts like this in the future.

    hard drive data recovery hardware

  5. Any thoughts on the below issue? I am getting the same error, just a different scenario. What would you do for this?
    I am having difficulty migrating a DMZ domain to an internal domain. I just need to migrate users, groups and passwords. The target domain is (a tree root domain of which is in the Forest with 4 total domains. The source of the migration is in the Forest (also a tree root domain). Both domains in the RootB Forest ( and are in the DMZ. There is a one-way Forest trust (That is Transitive) between and ( is listed as a Domain trusted by this domain (outgoing trusts) in & is listed as a Domain that trust this domain (incoming trusts) in contains the DNS servers for all of the domains (the 4 domains in Forest and 2 domains in the Forest). So I didn't have to do anything with DNS to create a two-way external non-transitive trust between and The trust was established and validated. I built a temporary server named TEMPADMT to run ADMT v3.2 in the (target) that runs SQL Server Express 2008 SP1. ADMT v3.2 installed without any issues. I installed PES on's PDC, generated a key and applied it (that went smooth). My issue is when I open ADMT and go to select the Source and Target domains. The Source ( is not listed, but I am able to type it in and it finds the two domain controllers in the domain. The Target ( is listed and I am able to select it and the domain controller no problem. When I click next I get the following Error: ADMT is unable to connect to domain controller \\ in domain Access is denied. (0x80070005). I tried logging in to the TEMPADMT server with the admin account and running it with those credentials, but I get the same error, this time for - Error: ADMT is unable to connect to domain controller \\ in domain Access is denied (0x80070005). I built a test setup (the best I could - 5 servers (one for each domain) I was not able to build the DMZ in the test lab) to try to duplicate the issue but was unable to replicate the problem... unless I removed the external trust and then I was presented with the same error. I validated the trusts and made sure they were active and running. In order to try this migration I had my security team open Any>Any firewall rules (inbound and outbound) between 1)'s PDC and's PDC 2) and's PDC. Any help is much apprecaited.

  6. Hello, i am glad to read the whole content of this blog and am very excited and happy to say that the webmaster has done a very good job here.