Re: ADMTv2 questions
From: ddoorlag (ddoorlag_at_discussions.microsoft.com)
Date: 08/17/04
- Next message: Ian Sullivan: "Users randomly disconnected"
- Previous message: Deepak: "Migration from server 2000 to server 2003"
- In reply to: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Next in thread: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Reply: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 17 Aug 2004 12:57:03 -0700
THANKS for the info BOB !!!
"Bob Qin [MSFT]" wrote:
> Hi Dave,
>
> In fact, the only valuable thing is SIDhistroy when you merge a user
> account to another one. So that the target domain user can access the
> resourses which only the source domain user has permission. I recommend
> that you try the Security Translation Wizard and SID mapping file, and it
> is very easy to use.
>
> The content of SID mapping file should be like below.
>
> <SID of OldDomain\User>, <SID of NewDomain\Users>
>
> Note: Please put the correct SIDs in the above line.
>
> You can try the following content in your newSIDmapping.txt file.
>
> S-1-5-21-1455768706-307569249-355810188-513,
> S-1-5-21-3050163103-1507591125-1671999219-513
>
> You can run in different modes to accommodate different scenarios (Replace,
> Add, and Remove). Security Translation is capable of updating most common
> resources automatically, and is also configurable by the administrator.
>
> Also, you can just change the user in target domain (joe2) to joe1, then
> try another very cool tool called SubInACL to modify the resources.
>
> For example, we can run the following command on a file server:
>
> subinacl /subdirectories <Path>\*.*
> /migratetodomain=OLDDOMAIN=NEWDOMAIN
>
> Note:
>
> 1. The above command will check all ACEs. For example, for an ACE for
> OLDDOMAIN\Joe1 if the NEWDOMAIN\Joe1 account exists, this tool will add a
> new ACE for NEWDOMAIN\JOHNDOE.
>
> 2. The ACEs for the OLDDOMAIN domain will be preserved. If you want to
> replace the account, please use another switch /changedomain:
>
> subinacl /subdirectories <Path>\*.* /changedomain=OLDDOMAIN=NEWDOMAIN
>
> 3. A trust between the two domains is needed.
>
> 4. For more information about this tool, please refer to the Resource Kit
> Tool Help, or run the following command:
>
> SubInAcl /help /full
>
> Thank you and have a nice day!
>
> Regards,
> Bob Qin
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> From: "=?Utf-8?B?ZGRvb3JsYWc=?=" <ddoorlag@discussions.microsoft.com>
> Subject: Re: ADMTv2 questions
> Date: Mon, 16 Aug 2004 06:09:02 -0700
> Newsgroups: microsoft.public.windows.server.migration
>
> Hi Bob,
>
> THANKS for the information... I'll look it over...
>
> My meaning of Merge is to take an NT4 account (joe1) and merge the
> account
> (sid history/etc.) into a currently existing AD domain with a
> currently
> existing AD Account (joe2)... (ie. differant names).
>
> As I see it with ADMT you can COPY the NT4 account over, but you have
> no way
> to "merge" the NT4 account with a currently existing AD account...
>
> TRUE/FALSE ??
>
> "Bob Qin [MSFT]" wrote:
>
> > Hi Dave,
> >
> > Thanks for your posting here.
> >
> > What is your meaning of "merge" two users? What thing do you want
> to merge?
> > What is your fianl purpose?
> >
> > Here are some documents that will be helpful.
> >
> > HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server 2003
> Migration
> > http://support.microsoft.com/?id=325851
> >
> > Domain Migration Cookbook
> >
> <http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookboo
> > k/cookintr.asp>
> >
> > Planning Migration from Windows NT to Windows 2000
> >
> <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
> > nol/ad/windows2000/plan/migntw2k.asp>
> >
> > Have a nice day!
> >
> > Regards,
> > Bob Qin
> > Microsoft Online Partner Support
> >
> > Get Secure! - www.microsoft.com/security
> >
> > ====================================================
> > When responding to posts, please "Reply to Group" via your
> newsreader so
> > that others may learn and benefit from your issue.
> > ====================================================
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > --------------------
> > From: "=?Utf-8?B?ZGRvb3JsYWc=?="
> <ddoorlag@discussions.microsoft.com>
> > Subject: Re: ADMTv2 questions
> > Date: Fri, 13 Aug 2004 12:27:03 -0700
> > Newsgroups: microsoft.public.windows.server.migration
> >
> > THANKS...
> >
> > We're still debating if there's a way around this.. but yes
> the users
> > DO
> > have accounts in both the AD domain and their "soon to be
> migrated to
> > AD" NT4
> > Domain, and I know with a 3rd party Migration tool you can
> merge
> > these
> > accounts (some type of mapping), but I was just hoping ADMTv2
> had
> > some method
> > to allow this type of "merge"... but everything I've read
> seems to
> > indicate
> > it will either COPY it, or if there is a conflict it can
> "overlay"
> > the
> > account, but I don't see any way to "merge" these accounts..
> > If someone can still verify, it would be appreciatted.. OR if
> someone
> > has
> > experience with a 3rd party tool that CAN merge NT4 --> AD
> account
> > I'd be
> > interested in hearing your results..
> >
> > THANKS
> >
> > "mote" wrote:
> >
> > > If memory serves correctly, I don't believe this is
> possible.
> > > ADMT clones accounts during an Inter-forest migration and
> > > moves accounts during an intra-forest migration. Do you have
> > > a very valid reason for merging accounts?
> > >
> > >
> > > "ddoorlag" <ddoorlag@discussions.microsoft.com> wrote in
> message
> > > news:543068A2-0DEA-42E7-B999-9EE82FADDE27@microsoft.com...
> > > > THANKS..... Any idea's on if you can merge account1 (from
> the NT
> > domain)
> > > to
> > > > account2 (that currently exist in the AD domain) ?? I
> don't
> > really want to
> > > > waste my time with ADMTv2 if it can't merge accounts in
> this way..
> > > >
> > > > THANKS
> > > > Dave
> > > >
> > > > "mote" wrote:
> > > >
> > > > > The readme Doc file and the help file (DomainMig.chm)
> that
> > accompany the
> > > > > download are your best source.
> > > > >
> > > > > Cheers
> > > > >
> > > > >
> > > > >
> > > > > "ddoorlag" <ddoorlag@discussions.microsoft.com> wrote
> in message
> > > > >
> news:C7374534-BCAA-43DE-8D51-D4288F898D86@microsoft.com...
> > > > > > Questions regarding ADMTv2.
> > > > > >
> > > > > > 1) Where can I find useful documentation regarding
> the tool ??
> > > > > >
> > > > > > 2) Will the ADMTv2 tool "merge" user accounts (JoeNT
> needs to
> > be
> > > merged
> > > > > with
> > > > > > Joe account in our current AD environment). I don't
> see where
> > this can
> > > be
> > > > > > done in the looking I've done..
> > > > > >
> > > > > > THANKS
> > > > > > Dave
> > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
- Next message: Ian Sullivan: "Users randomly disconnected"
- Previous message: Deepak: "Migration from server 2000 to server 2003"
- In reply to: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Next in thread: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Reply: Bob Qin [MSFT]: "Re: ADMTv2 questions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
