Re: migrating file permissions

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

thanx a lot. ill try as you mentioned and hope things work. will get back if
get stuck with any issues.

"Ulf B. Simon-Weidner [MVP]" wrote:

> "Questioner" <Questioner@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:2106F2FC-E3E0-4019-B870-244750B9C313@xxxxxxxxxxxxxxxx
> > Here is my scenario. I have a domain OLDDOMAIN which is running on Windows
> > NT
> > DC. We are migrating to a NEWDOMAIN domain which is windows 2003 based.
> > There
> > is a file server joined to the old domain which has a lot of shared
> > folders
> > having numerous combinations of permissions. I want to join this file
> > server
> > to the new domain such that the permissions still remain such that a user
> > who
> > logged with his account from the old domain when he logs with the account
> > from the new domain, he still has access to all the same files he had
> > access
> > to before.
> >
> > Whats the best way to go about doing this??
>
>
> Hello,
>
> if you use ADMT to migrate your users you will migrate the SID of your
> olddomain users into the SID-History of your newdomain accounts. The SIDs of
> the filer won't change if you just move him and don't change the ACLs. Users
> of the old and the new domain will have access using the old SID.
>
> When all the users are logging into the new domain, and noone uses the old
> one anymore, you need to migrate the ACLs on your files. You can do this
> with the Sidwalk Migration Suite (Support Tools), and you can even do this
> earlier by just adding the newdomain SIDs to the ACLs where the olddomain
> SIDs are, without replacing the old ones yet (you can delete those later).
> Or you could use other tools like SubInAcl which provides a switch for
> domain migration as well. But the SidWalk Migration Suite is the one I'd
> look at, it's documented in the support tools help.
>
> --
> Gruesse - Sincerely,
>
> Ulf B. Simon-Weidner
>
> MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
> Weblog: http://msmvps.org/UlfBSimonWeidner
> Website: http://www.windowsserverfaq.org
>
.

Relevant Pages

  • Re: migrating file permissions
    ... have different SIDs in the new domain. ... accounts in the old domain to the corresponding accounts in the new domain. ... > the filer won't change if you just move him and don't change the ACLs. ... But the SidWalk Migration Suite is the one I'd ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win2K Migration
    ... So that old ACLs point to the NEW ... >> I'm confused as to what needs to be replicated when migrating from ... >> Is this due to the SIDs not having been migrated? ... > Not from server to server. ...
    (microsoft.public.windows.server.migration)
  • Re: write access denied on directories after rebuild
    ... yes, sir, i know the sids are from the previous installs. ... the acls are untouchable with either Windows Explorer ... this means this rebuild has made all my partitions other than my system ... >> they sometimes have permissions for Everyone, ...
    (microsoft.public.win2000.setup)
  • Re: Moving ACLs to new server
    ... to move data and retain ACLs --> robocoby ... I want to retain the ACLs but the problem is that we're using local ... SIDS are refering to the old server name. ...
    (microsoft.public.windows.server.security)
  • Re: write access denied on directories after rebuild
    ... You need to take ownership of the files this will rewrite ths SIDS giving ... i can not get write access to the acls to change the ... > permission with respect to the logged-on user, ... > this means this rebuild has made all my partitions other than my system ...
    (microsoft.public.win2000.setup)