Re: ADMT/Sidhistory not working
- From: "Don Wilwol" <donWilwol@(EMAIL)yahoo.com>
- Date: Tue, 20 Jun 2006 17:56:02 -0400
Not unless you are using the account from the old domain. You need to use
the file migration tool(s) if you want to automate that process. Otherwise
you need to grant your "new" groups in the new domain the permissions on the
resources.
--
--------
Hope It Helps!
dw
_______________________________
Don Wilwol
Distributed Application Technologies.
dwilwol(DELETE)@datbusiness.com
www.AtTheDataCenter.com (personal website)
www.skysphere.com (hosting available)
"JT" <JT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A69B977-295B-4357-91F3-77261E95D179@xxxxxxxxxxxxxxxx
Hi Don,
Thanks very much for your response. The only thing that is unclear for me
is that I supposedly copied over the security settings using the robocopy
/MIR /SEC switches, so the permissions relating to the old users should be
set. Is this not the case?
Cheers,
John
"Don Wilwol" wrote:
ADMT brings over the SIDs which allows users in the NEW domain users
permissions to resources in the OLD domain. You need to set the
permissions
on your new resources for your users in the new domain, as you normally
would. If you use the trust, and the old user group/accounts, you don't
need
sid history, you are using the old user account, and thus the old sid.
Think of it this way, once all users and resources are moved, you can
actually delete the sid history.
You are getting read permissions in the new domain because that is the
default for the everyone group on new 2003 shares.
--
--------
Hope It Helps!
dw
_______________________________
Don Wilwol
Distributed Application Technologies.
dwilwol(DELETE)@datbusiness.com
www.AtTheDataCenter.com (personal website)
www.skysphere.com (hosting available)
"JT" <JT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9E4E3898-BEE7-485D-8A05-AF1528186089@xxxxxxxxxxxxxxxx
Update:
I have now discovered that the new and old objects WILL have different
primary SIDs, so the GETSID results were a red herring. I have used
ADSIedit
to look at the objects in the new domain, and the SIDHistory valkue is
set -
it isn't set in the old domain but I assume this is expected.
I still only have read only access to resources in the new domain - any
ideas what I am missing or doing wrong?
Thanks again,
John
"JT" wrote:
Hi all,
I am migrating from a 2000 domain to 2003 using ADMT v3.0, but the
Sidhistory function is not working. First allow me to give some
backgraound
details:
Domain2k had was running in Mixed mode with NT DCs. I removed the DCs
and
raised the domain functional level to Native.
Domain2003 is running in Native mode.
On both domains i have enabled sidhistory with the Netdom Trust
command
and
verified it.
On both domains I have disabled SID filtering with the /quarantine:no
switch
and verified it.
Data had been copied from a fileserver on Domain2k to Domain2003 using
Robocopy with the /SEC switch.
Now, when I used ADMT to copy the groups and users, inclusing SIDS, I
had
access denied errors when users in Domain2k tried to access resources
in
Domain2003. I used getsid to compare accounts between the two domains
and
the SIDS are different. Any ideas why ADMT isn't using the correct
SIDS?
I'm stumped.
I am thinking about using clonepr.vbs instead of ADMT - will this
work?
Thanks in advance for your help,
John
.
- References:
- Re: ADMT/Sidhistory not working
- From: Don Wilwol
- Re: ADMT/Sidhistory not working
- From: JT
- Re: ADMT/Sidhistory not working
- Prev by Date: Re: Firewall between DC and member servers
- Next by Date: Re: A real tough one with DCPromo
- Previous by thread: Re: ADMT/Sidhistory not working
- Next by thread: Re: NT4 to Active Directory Migration Issue - Logon Scripts
- Index(es):
Relevant Pages
|
Loading
