RE: SID Mapping More Info

From: Panjwanis (Panjwanis_at_discussions.microsoft.com)
Date: 03/14/05

Next message: TG: "RE: AD Design"
Previous message: jojopuppyfish_at_graffiti.net: "Re: Migrating 2000 to 2003 domain"
In reply to: Panjwanis: "RE: SID Mapping More Info"
Next in thread: Jason Tan: "RE: SID Mapping More Info"
Reply: Jason Tan: "RE: SID Mapping More Info"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 14 Mar 2005 11:29:02 -0800

This is how i ran the command and down below are the results. Looks like this
command didnot do any thing. Can any one take a look at it and advise if i am
doing some thign wrong.
______________________________________________________________________
C:\>Subinacl /subdirectories C:\share\*.*
/replace=S-1-5-21-1757981266-211168765
5-1708537768-1809=S-1-5-21-2909214044-919861869-3725854027-1107
+subdirectories C:\share\*.*
/replace=S-1-5-21-1757981266-2111687655-1708537768-1809=S-1-5-21-2909214044-919861869-3725854027-1107

Elapsed Time: 00 00:00:00
Done: 0, Modified 0, Failed 0, Syntax errors 0
________________________________________________________________________

"Panjwanis" wrote:

> Dear Jason,
> Thanks a lot for sending the useful info. When ever i try to run this
> command i always get Done:0 Modified:0 Failed:0 Syntax Errors:0
>
> i have verified the path and every thing is fine. i dont understand why the
> command can not make the changes..
>
> Please advise.
>
> Thanks.
>
> "Jason Tan (MSFT)" wrote:
>
> > Hi,
> >
> > Thanks for posting!
> >
> > Based on the description, I would like to provide you with the following
> > information for your reference:
> >
> > Security translation is a function of ADMT 2.0 that updates access control
> > lists (ACLs) when migrating objects across domains. Generally speaking, you
> > can choose to replace access control entries (ACEs) for source domain
> > principals with ACEs for target domain principals, or you can simply add a
> > corresponding ACE for the target domain principals while leaving the
> > references to the source intact.
> >
> > Security translation can be performed automatically for objects migrated by
> > ADMT. In addition, you can build a SID mapping file to translate security
> > of objects and principals not migrated by ADMT (for example, built-in and
> > well-known principals) or to perform a custom translation mapping.
> >
> > If you don't migrate the users to the new domain, we only can use the
> > subinacl. And, subinacl is recommended to reset the permissions in this
> > scenario.
> >
> > For your information, you may use subinacl to replace the ACL. That is to
> > say you may use subincal in replace mode. The command is as follows:
> >
> > Subinacl /subdirectories x:\directory\*.* /replace=oldsid=newsid
> >
> > SubInACL is a command-line tool that enables administrators to obtain
> > security information about files, registry keys, and services, and transfer
> > this information from user to user, from local or global group to group,
> > and from domain to domain. For example, if a user has moved from one domain
> > (DomainA) to another (DomainB), the administrator can replace DomainA\User
> > with DomainB\User in the security information for the user's files. This
> > gives the user access to the same files from the new domain.
> >
> > I hope my information helps. If there is anything that is unclear, please
> > feel free to let me know.
> >
> > Thanks & Regards,
> >
> > Jason Tan
> >
> > Microsoft Online Partner Support
> > Get Secure! - www.microsoft.com/security
> >
> > =====================================================
> >
> > When responding to posts, please "Reply to Group" via your newsreader so
> > that others may learn and benefit from your issue.
> >
> > =====================================================
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> >

Next message: TG: "RE: AD Design"
Previous message: jojopuppyfish_at_graffiti.net: "Re: Migrating 2000 to 2003 domain"
In reply to: Panjwanis: "RE: SID Mapping More Info"
Next in thread: Jason Tan: "RE: SID Mapping More Info"
Reply: Jason Tan: "RE: SID Mapping More Info"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: SUBINACL syntax error
... What is the syntax of your command? ... I'm using SUBINACL v5.2.3790.1180, the latest from the MS downloads ... SubInAcl /help syntax to understand SubInAcl syntax. ...
(microsoft.public.windows.server.general)
RE: Data Migration
... If you want to replace NT ACLs with 2k3 ACLs, you can use SubInACL tool. ... " on the Microsoft Web site at ... you can use the following command below. ...
(microsoft.public.windows.server.migration)
Re: Changing permission recursively
... The /subdirectories switch instructs subinacl.exe to deal ... subinacl subdirectories "E:\Documents and Settings\Mysubdir1\Mysubdir2" ... If you don't then the command will get very confused about ... John John. ...
(microsoft.public.win2000.general)
RE: RichCopy
... GUI and command line. ... the settings to tell it to copy "Security Information" yet the security ... security info - yet I don't see anywhere at all within the RichCopy GUI ...
(microsoft.public.windows.server.general)
Using Subinacl changing ownership
... windows 2000 file server using the 'subinacl' command but ...
(microsoft.public.win2000.security)