Re: ADMTv2 questions
From: Bob Qin [MSFT] (bobqin_at_online.microsoft.com)
Date: 08/18/04
- Next message: Jeff B.: "Permissions problem"
- Previous message: Feng Mao: "RE: SidHistory"
- In reply to: ddoorlag: "Re: ADMTv2 questions"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 18 Aug 2004 11:31:17 GMT
My pleasure!
Regards,
Bob Qin
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "=?Utf-8?B?ZGRvb3JsYWc=?=" <ddoorlag@discussions.microsoft.com>
Subject: Re: ADMTv2 questions
Date: Tue, 17 Aug 2004 12:57:03 -0700
Newsgroups: microsoft.public.windows.server.migration
THANKS for the info BOB !!!
"Bob Qin [MSFT]" wrote:
> Hi Dave,
>
> In fact, the only valuable thing is SIDhistroy when you merge a
user
> account to another one. So that the target domain user can access
the
> resourses which only the source domain user has permission. I
recommend
> that you try the Security Translation Wizard and SID mapping file,
and it
> is very easy to use.
>
> The content of SID mapping file should be like below.
>
> <SID of OldDomain\User>, <SID of NewDomain\Users>
>
> Note: Please put the correct SIDs in the above line.
>
> You can try the following content in your newSIDmapping.txt file.
>
> S-1-5-21-1455768706-307569249-355810188-513,
> S-1-5-21-3050163103-1507591125-1671999219-513
>
> You can run in different modes to accommodate different scenarios
(Replace,
> Add, and Remove). Security Translation is capable of updating most
common
> resources automatically, and is also configurable by the
administrator.
>
> Also, you can just change the user in target domain (joe2) to joe1,
then
> try another very cool tool called SubInACL to modify the resources.
>
> For example, we can run the following command on a file server:
>
> subinacl /subdirectories <Path>\*.*
> /migratetodomain=OLDDOMAIN=NEWDOMAIN
>
> Note:
>
> 1. The above command will check all ACEs. For example, for an ACE
for
> OLDDOMAIN\Joe1 if the NEWDOMAIN\Joe1 account exists, this tool will
add a
> new ACE for NEWDOMAIN\JOHNDOE.
>
> 2. The ACEs for the OLDDOMAIN domain will be preserved. If you want
to
> replace the account, please use another switch /changedomain:
>
> subinacl /subdirectories <Path>\*.*
/changedomain=OLDDOMAIN=NEWDOMAIN
>
> 3. A trust between the two domains is needed.
>
> 4. For more information about this tool, please refer to the
Resource Kit
> Tool Help, or run the following command:
>
> SubInAcl /help /full
>
> Thank you and have a nice day!
>
> Regards,
> Bob Qin
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your
newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> --------------------
> From: "=?Utf-8?B?ZGRvb3JsYWc=?="
<ddoorlag@discussions.microsoft.com>
> Subject: Re: ADMTv2 questions
> Date: Mon, 16 Aug 2004 06:09:02 -0700
> Newsgroups: microsoft.public.windows.server.migration
>
> Hi Bob,
>
> THANKS for the information... I'll look it over...
>
> My meaning of Merge is to take an NT4 account (joe1) and
merge the
> account
> (sid history/etc.) into a currently existing AD domain with a
> currently
> existing AD Account (joe2)... (ie. differant names).
>
> As I see it with ADMT you can COPY the NT4 account over, but
you have
> no way
> to "merge" the NT4 account with a currently existing AD
account...
>
> TRUE/FALSE ??
>
> "Bob Qin [MSFT]" wrote:
>
> > Hi Dave,
> >
> > Thanks for your posting here.
> >
> > What is your meaning of "merge" two users? What thing do
you want
> to merge?
> > What is your fianl purpose?
> >
> > Here are some documents that will be helpful.
> >
> > HOW TO: Set Up ADMT for a Windows NT 4.0-to-Windows Server
2003
> Migration
> > http://support.microsoft.com/?id=325851
> >
> > Domain Migration Cookbook
> >
>
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookboo
> > k/cookintr.asp>
> >
> > Planning Migration from Windows NT to Windows 2000
> >
>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
> > nol/ad/windows2000/plan/migntw2k.asp>
> >
> > Have a nice day!
> >
> > Regards,
> > Bob Qin
> > Microsoft Online Partner Support
> >
> > Get Secure! - www.microsoft.com/security
> >
> > ====================================================
> > When responding to posts, please "Reply to Group" via your
> newsreader so
> > that others may learn and benefit from your issue.
> > ====================================================
> > This posting is provided "AS IS" with no warranties, and
confers no
> rights.
> >
> > --------------------
> > From: "=?Utf-8?B?ZGRvb3JsYWc=?="
> <ddoorlag@discussions.microsoft.com>
> > Subject: Re: ADMTv2 questions
> > Date: Fri, 13 Aug 2004 12:27:03 -0700
> > Newsgroups: microsoft.public.windows.server.migration
> >
> > THANKS...
> >
> > We're still debating if there's a way around this..
but yes
> the users
> > DO
> > have accounts in both the AD domain and their "soon
to be
> migrated to
> > AD" NT4
> > Domain, and I know with a 3rd party Migration tool
you can
> merge
> > these
> > accounts (some type of mapping), but I was just
hoping ADMTv2
> had
> > some method
> > to allow this type of "merge"... but everything I've
read
> seems to
> > indicate
> > it will either COPY it, or if there is a conflict it
can
> "overlay"
> > the
> > account, but I don't see any way to "merge" these
accounts..
> > If someone can still verify, it would be
appreciatted.. OR if
> someone
> > has
> > experience with a 3rd party tool that CAN merge NT4
--> AD
> account
> > I'd be
> > interested in hearing your results..
> >
> > THANKS
> >
> > "mote" wrote:
> >
> > > If memory serves correctly, I don't believe this is
> possible.
> > > ADMT clones accounts during an Inter-forest
migration and
> > > moves accounts during an intra-forest migration. Do
you have
> > > a very valid reason for merging accounts?
> > >
> > >
> > > "ddoorlag" <ddoorlag@discussions.microsoft.com>
wrote in
> message
> > >
news:543068A2-0DEA-42E7-B999-9EE82FADDE27@microsoft.com...
> > > > THANKS..... Any idea's on if you can merge
account1 (from
> the NT
> > domain)
> > > to
> > > > account2 (that currently exist in the AD domain)
?? I
> don't
> > really want to
> > > > waste my time with ADMTv2 if it can't merge
accounts in
> this way..
> > > >
> > > > THANKS
> > > > Dave
> > > >
> > > > "mote" wrote:
> > > >
> > > > > The readme Doc file and the help file
(DomainMig.chm)
> that
> > accompany the
> > > > > download are your best source.
> > > > >
> > > > > Cheers
> > > > >
> > > > >
> > > > >
> > > > > "ddoorlag" <ddoorlag@discussions.microsoft.com>
wrote
> in message
> > > > >
> news:C7374534-BCAA-43DE-8D51-D4288F898D86@microsoft.com...
> > > > > > Questions regarding ADMTv2.
> > > > > >
> > > > > > 1) Where can I find useful documentation
regarding
> the tool ??
> > > > > >
> > > > > > 2) Will the ADMTv2 tool "merge" user accounts
(JoeNT
> needs to
> > be
> > > merged
> > > > > with
> > > > > > Joe account in our current AD environment). I
don't
> see where
> > this can
> > > be
> > > > > > done in the looking I've done..
> > > > > >
> > > > > > THANKS
> > > > > > Dave
> > > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
- Next message: Jeff B.: "Permissions problem"
- Previous message: Feng Mao: "RE: SidHistory"
- In reply to: ddoorlag: "Re: ADMTv2 questions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
