Re: Translating security on Server

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Michael (nospam_at_nospam.no)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 10:25:57 +0200

Denali,

I have tested this procedure in a lab and it worked. The only difference was
that I performed an upgrade on the BDC instead of a clean installation. That
was tricky because I had to take it offline, promote it to PDC, upgrade it
(DCPROMO runs automatically to make it a DC), demote it, put it online, and
then run DCPROMO again to make it a DC of the new domain. Then I ran
security translation, since I had already migrated the accounts and groups.

One caveat: The built-in domain local and global groups, such as
Administrators or Domain Admins wouldn't translate by default since they
weren't migrated. You have to make a security translation text file,
following the instructions in the ADMT documentation, and then run Security
Translation a second time and this time tell it to use a text file instead
of migrated accounts. Let me know if you need further explanation.

Whatever you do, test it in a lab first. If you can't get good hardware,
just use a few PCs or something.

Good luck,

Michael S.

"Denali" <paul.j@aptalaska.com> escribió en el mensaje
news:10dodnfbfgc1dfc@corp.supernews.com...
> Bob thanks for your reply. I am using the ADMT tool. However at one site
I
> must migrate an NT domain controller which is also a file server. This
> server must serve as a DC and a file server in new domain. I thought that
> if I did a fresh install of 2003 on c partition and leave the d partition
> (which contains all file shares and nt permissions from old domain) alone,
I
> might be able to run the Security Translation wizard in the ADMT to
migrate
> the permissions on the D partition of this server to the new 2003 domain.
> Will this work?
>
> "Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message
> news:4RPkDqpWEHA.328@cpmsftngxa10.phx.gbl...
> > Hi Denali,
> >
> > Thanks for your posting here.
> >
> > As I understood that you want to migrate the NT domain in remote site to
> > the Windows 2003 domain.
> >
> > I would like to suggest that you install Windows 2003 on a new computer
> and
> > join to Windows 2003 domain as DC. Then install ADMT tool on the new
> > Windows 2003 DC and perform migration from NT domain to the Windows 2003
> > domain.
> >
> > You can refer to the following documents for more information.
> >
> > HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003
Migration
> > http://support.microsoft.com/?id=325851
> >
> > How to Use Active Directory Migration Tool Version 2 to Migrate from
> > http://support.microsoft.com/?id=326480
> >
> > Domain Migration Cookbook
> >
>
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookboo
> > k/cookintr.asp>
> >
> > Support WebCast: Domain Migration Using the Microsoft Active Directory
> > Migration Tool
> >
>
<http://support.microsoft.com/servicedesks/Webcasts/WC082301/wcblurb082301.a
> > sp>.
> >
> > Planning Migration from Windows NT to Windows 2000
> >
>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
> > nol/ad/windows2000/plan/migntw2k.asp>
> >
> > Have a nice day!
> >
> > Regards,
> > Bob Qin
> > Product Support Services
> > Microsoft Corporation
> >
> > Get Secure! - www.microsoft.com/security
> >
> > ====================================================
> > When responding to posts, please "Reply to Group" via your newsreader so
> > that others may learn and benefit from your issue.
> > ====================================================
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
>
>

Relevant Pages

  • RE: Access to the File Share Denied after joining the new domain
    ... There is no impact in running "Security Translation Wizard". ... your file server and check the Translate Objects in the ... Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003 Migration ...
    (microsoft.public.windows.server.migration)
  • File server migration
    ... File server migration is intraforest migration. ... user ID in old domain is diretly used for assigning NTFS permission. ... My usetion is it possible to do security translation for only one share on ...
    (microsoft.public.windows.server.migration)
  • RE: ADMT migration/security translation
    ... SIDhistory is used to access the resource in SOURCE domain. ... computer into new domain 2) Run security translation. ... Regarding Intra-Forest migration using ADMT, ... We are trying to migrate a file server that is also a DC from one ...
    (microsoft.public.windows.server.migration)
  • RE: Apending ACL in file mirgration between forests
    ... it can only keep the same ACL. ... member server by using ADMT->computer migration or security migration. ... able to update your profile and access the the partner newsgroups. ... you can use FSMT to migrate data from a file server in one ...
    (microsoft.public.windows.server.migration)
  • RE: FSMT without DFS
    ... will I be able to retain the UNC after the migration using ... How can I keep the OFS in commission concurrently with the NFS after ... General Steps of Migration and adjusting the corresponding record in DNS ... Install "File Server Migration Toolkit" on target file server. ...
    (microsoft.public.windows.server.migration)