RE: File permissions after migration
From: Rebecca Chen [MSFT] (v-rebc_at_online.microsoft.com)
Date: 09/28/04
- Next message: Alan Sun [MSFT]: "RE: Problems With Services after win2003 upgrade."
- Previous message: Bob Qin [MSFT]: "RE: Migrating webserver."
- In reply to: Gary Fox: "File permissions after migration"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 06:11:02 GMT
Hi Gary,
Have you granted the permission to a group instead of the user account, to
access the old resource? What is the result when the user access to the
folder? Do they receive access denied error?
After you migrate the user to the new domain, they are not part of the old
group so that they lost the permission to access the old resource.
In addition to check the wizard report as Jill said, please also check the
share permission and NTFS permission of the old resource and let me know if
you grant the permission to the user directly.
If this is the issue, we need to re-ACL the resources.
Since OldDomain\User1 is a built-in group we cannot use ADMT to migrate it.
Fortunately, we are able to use Security Translation Wizard with a SID
Mapping file to add the NewDomain\"Domain Users" group''s SID to the
resources.
To do so:
1. Get the SIDs of both OldDomain\"Domain Users" and NewDomain\"Domain
Users". We can logon as OldDomain\User1, run "whoami.exe /all". From the
return content, we can find the SID of OldDomain\"Domain Users". Please use
this method to get the SID of NewDomain\"Domain Users".
Note: whoami.exe is a utility from Windows 2000 Resource Kit Tools. If you
do not have it, please let me know.
2. Create a SID mapping file (should be a txt file). We can name it
sidmapping.txt.
3. Edit the SID mapping file in Notepad and input the following content:
<SID of OldDomain\"Domain Users">, <SID of NewDomain\"Domain Users">
Note: Please put the correct SIDs in the above line.
4. Run ADMT, choose "Security Translation Wizard".
5. On the "Security Translation Options" page, choose "Other objects
specified in a file" and browse to select the sidmapping.txt file created
in Step 2.
6. Follow the wizard to translate resources on ServerA.
7. Please check if the NewDomain\User1 has access to <\\ServerA\Share>.
For more details, please refer to the following link:
How to Migrate Your Microsoft Windows NT 4.0 Directory Services to
Microsoft Active Directory: Demo 3-Security Translation Wizard
http://www.microsoft.com/seminar/shared/asp/view.asp?url=/Seminar/en/2003121
8TNT1-99d3/manifest.xml&rate=0
If the issue persists, please gather the following info:
1. Clear Application, Security.evt and System.evt.evt, reproduce this issue
and save the event logs.
2. The file transfer log
3. Let us know the details about the folder permission
4. Send all info to me at v-rebc@microsoft.com for research.
Have a nice day!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Alan Sun [MSFT]: "RE: Problems With Services after win2003 upgrade."
- Previous message: Bob Qin [MSFT]: "RE: Migrating webserver."
- In reply to: Gary Fox: "File permissions after migration"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
