Re: Migrating NT to Win 2000 AD single domain
From: gmickelsen (gmickelsen_at_discussions.microsoft.com)
Date: 08/25/04
- Next message: Enkidu: "Re: DNS problems"
- Previous message: Masoud: "Re: avoid dublicate username across domains"
- In reply to: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Next in thread: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Reply: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Aug 2004 00:25:01 -0700
Thanks Ace.
For your info:
I've treid this out now. This is an overview of what I did:
1. Created folders on E: partition on NT server for NT users and groups.
2. Migrated users and groups (including SIDs) from NT domain to AD domain.
3. Installed Win 2K over the top Win NT C: partition (formatting C: in
process). Built this just as a workgroup server.
At this stage, I checked the folder permissions and as expected they were
shown as SID numbers.
4. Ran DCPROMO on this W2K workgroup server (add additonal DC to exisitng
domain) to join exisitng AD domain.
5. Checked permissions on folders on E: drive. These were back to normal,
showing correct users and groups.
"Ace Fekay [MVP]" wrote:
> In news:DD342AE2-67A9-47EE-8895-3F41E78EA50F@microsoft.com,
> gmickelsen <gmickelsen@discussions.microsoft.com> made a post then I
> commented below
> > Many thanks Ace.
> > If I migrate the SIDHistory while I migrate Users & Groups with ADMT,
> > will I lose the file/folder permissions? (I thought the reason for
> > migrating SIDHistory was to retain these permissions).
> > I will check out permcopy if this is not the case.
>
>
> Yes, it will retain the old SID, but that was designed to be able to access
> resources in the source domain. I haven't tested what you are trying to do,
> but as I understand your intentions, you're wiping out the source domain
> completely and rebuilding the machines directly after the migration, then
> that would be a non issue. You can try it and let me know. I'm not sure if
> it will work. If you copy them over, and the old domain is wiped out, and
> you go into the Security tab to view the ACL, you will see a bunch of
> 'unknown objects' instead of the user account names, since it cannot
> enumerate what the SIDS are without the old domain.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>
- Next message: Enkidu: "Re: DNS problems"
- Previous message: Masoud: "Re: avoid dublicate username across domains"
- In reply to: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Next in thread: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Reply: Ace Fekay [MVP]: "Re: Migrating NT to Win 2000 AD single domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
