RE: Moving user account from NT to Win2k3
- From: v-jasont@xxxxxxxxxxxxxxxxxxxx (Jason Tan (MSFT))
- Date: Mon, 04 Jul 2005 09:18:59 GMT
Hi Wilson,
Thanks for reply!
Q: However, I found that there is no "Shared icon" under folder in the tree
diagram directory
A: After importing the registry successfully, you may want to restart the
files server. Based on my test , it works fine.
Note: The location of the shared resource on the target machine must be the
same as source machine.
Q: What does this mean? Is there any document related to this?
A: When creating a new user account, the SID of the account has been
created too. The SID of account is unique even if the user account has a
same name. That is to say, for instance, you have granted permission to
resource with Test user account, and you delete the account and then
recreate another TEST account. You cannot access the resource which has the
original Test permission with the new Test account since the access
permission is based on access token which contains SID permission
information.
For more information, please refer to the following information:
Security Identifier Structure
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/
en-us/distrib/dsce_ctl_xgqv.asp
How to Associate a Username with a Security Identifier (SID)
http://support.microsoft.com/default.aspx?scid=kb;en-us;154599
835991 How to use a SID mapping file with the ADMT tool to perform a
resource
http://support.microsoft.com/?id=835991
Hope the information helps. If there is anything that is unclear, please
feel free to let me know.
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Moving user account from NT to Win2k3
| thread-index: AcV+DkeO7JtGSRs8TI+2BxwNp7bQYg==
| X-WBNR-Posting-Host: 218.103.243.116
| From: "=?Utf-8?B?V2lsc29uIENoZXVuZw==?="
<WilsonCheung@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <856ACE57-0188-4470-8572-23CCA313D64F@xxxxxxxxxxxxx>
<jjq6PZJfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
<A32915EB-DBAD-48D8-98B9-31348CD3EA65@xxxxxxxxxxxxx>
<OMKgU5RfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
<C54101DE-F7F1-44F5-9CE7-CFD236E37CA5@xxxxxxxxxxxxx>
<Xz4lzrUfFHA.1528@xxxxxxxxxxxxxxxxxxxxx>
<445BE805-E260-497F-8537-36ACF54AF123@xxxxxxxxxxxxx>
<PiV2QOWfFHA.3556@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Moving user account from NT to Win2k3
| Date: Fri, 1 Jul 2005 00:27:04 -0700
| Lines: 317
| Message-ID: <185FC50D-C934-4574-A419-4CE99B25F1B5@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11039
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Hello,
|
| I have tried to export the registry from source machine and import it
back
| to distination machine. However, I found that there is no "Shared icon"
under
| folder in the tree diagram directory. Do you think I have to share it
again?
| Thanks!
|
| On the other hand, you mentioned that "Adduser.exe can export/import the
| users with same name, but no securiy identifier". What does this mean? Is
| there any document related to this? Since I am weak in security
identifier.
| Thanks in a million!
|
| Wilson
|
|
| "Jason Tan (MSFT)" wrote:
|
| > Hi Wilson,
| >
| > Thanks for update!
| >
| > I understand that Adduser.exe can export/import the users with same
name
| > but no securiy identifier. That is to say, they are different user
account
| > in nature from the security point of view. Additionally, the RoboCopy
is
| > unable maintain the share properties and you may want to recreate the
share
| > permission. However, you can simply migrate shares through registry
key.
| >
| > Windows stores all share information in the registry. This allows you
to
| > export the information from one machine and import it into another. To
| > access the share information, open the Registry Editor by going to
Start |
| > Run, typing regedt32.exe, and clicking OK. Then, navigate to the
following
| > key:
| >
| > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares
| > This registry key lists all shares. To move a share from one server to
| > another, follow these steps:
| >
| > -In the Registry Editor, go to Registry | Export Registry File.
| > -Save the settings in a .reg file by selecting a location and clicking
| > Save.
| > -Close the Registry Editor.
| > -Copy the .reg file to the destination computer.
| > -Right-click the file, and select Merge.
| > -In order for the shares to show up, you'll need to restart the
machine. Or
| > you can start and stop the server service (enter -Net Stop Server and
then
| > Net Start Server at the command prompt) and other services that require
| > server service.
| >
| > Note: Be aware that this procedure will migrate all of the shares from
the
| > source machine. In addition, you must store the folders on the same
drive
| > as before. For example, if you copied the C:\test share from one
machine,
| > you must copy the folder to the same location (C:\test) on the
destination
| > machine.
| >
| > Note: Editing the registry is risky, so be sure you have a verified
backup
| > before making any changes.
| >
| > =================================================
| > This response contains a reference to a third party World Wide Web
site.
| > Microsoft is providing this information as a convenience to you.
Microsoft
| > does not control these sites and has not tested any software or
information
| > found on these sites; therefore, Microsoft cannot make any
representations
| > regarding the quality, safety, or suitability of any software or
| > information found there. There are inherent dangers in the use of any
| > software found on the Internet, and Microsoft cautions you to make sure
| > that you completely understand the risk before retrieving any software
from
| > the Internet.
| >
| > Detailed information for you reference:
| > http://techrepublic.com.com/5100-1035_11-5692540.html#
| >
| > Hope the information helps. If there is anything that is unclear,
please
| > feel free to let me know.
| >
| > Thanks & Regards,
| >
| > Jason Tan
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| >
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| >
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > --------------------
| > | Thread-Topic: Moving user account from NT to Win2k3
| > | thread-index: AcV9VizhGvQEeQYgRRK0dfkBjA29aQ==
| > | X-WBNR-Posting-Host: 202.140.234.94
| > | From: "=?Utf-8?B?V2lsc29uIENoZXVuZw==?="
| > <WilsonCheung@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <856ACE57-0188-4470-8572-23CCA313D64F@xxxxxxxxxxxxx>
| > <jjq6PZJfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
| > <A32915EB-DBAD-48D8-98B9-31348CD3EA65@xxxxxxxxxxxxx>
| > <OMKgU5RfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
| > <C54101DE-F7F1-44F5-9CE7-CFD236E37CA5@xxxxxxxxxxxxx>
| > <Xz4lzrUfFHA.1528@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: Moving user account from NT to Win2k3
| > | Date: Thu, 30 Jun 2005 02:29:12 -0700
| > | Lines: 298
| > | Message-ID: <445BE805-E260-497F-8537-36ACF54AF123@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.migration:11013
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | Hi Jason,
| > |
| > | Here is my case, there is a Win2k3 w/ AD (brand new setup) and NT4
| > primary
| > | server (PDC). I am trying to move all user account from NT4 to
Win2k3.
| > | Fortunately, I got a tool Addusers.exe to do that, I export those
user
| > | accounts from NT4 and successfully import them to Win2k3. Cool!
| > |
| > | Here is another question, I used xcopy or robocopy to copy all user
files
| > | from NT4 to Win2k3. Files access Permission and all attributes are
copied
| > | successful too. Unfortunately, those folder with Share permission
cannot
| > be
| > | copied. Do you know is there a way to do so? Since there are so many
| > folder
| > | and subfolder among users personal files. If it is impossible, can I
| > export a
| > | list, so that I can know which folders are shared, and then I share
those
| > | folder in Win2k3 manually. At least I have a list to follow.
| > |
| > | Many thanks!!
| > |
| > | "Jason Tan (MSFT)" wrote:
| > |
| > | >
| > | > Hi Wilson,
| > | >
| > | > Maybe I have not described the case clearly. As I mentioned as my
| > previous
| > | > post, we cannot use the export/import method to migration.
Therefore,
| > | > without trust relationship release, as I know, there has no such
tools
| > can
| > | > migrate AD users account besides ADMT. So, I am afraid that to
release
| > the
| > | > right or "trust" to NT4 temporarily and accomplish the goal of user
| > | > migration is an appreciate choice in your scenario.
| > | >
| > | > Thanks & Regards,
| > | >
| > | > Jason Tan
| > | >
| > | > Microsoft Online Partner Support
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | >
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | >
| > | > =====================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | >
| > | >
| > | > --------------------
| > | > | Thread-Topic: Moving user account from NT to Win2k3
| > | > | thread-index: AcV9KmyrtRBYQjE9QFO6m6LZTr/xwQ==
| > | > | X-WBNR-Posting-Host: 202.140.234.94
| > | > | From: "=?Utf-8?B?V2lsc29uIENoZXVuZw==?="
| > | > <WilsonCheung@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <856ACE57-0188-4470-8572-23CCA313D64F@xxxxxxxxxxxxx>
| > | > <jjq6PZJfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
| > | > <A32915EB-DBAD-48D8-98B9-31348CD3EA65@xxxxxxxxxxxxx>
| > | > <OMKgU5RfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: RE: Moving user account from NT to Win2k3
| > | > | Date: Wed, 29 Jun 2005 21:16:01 -0700
| > | > | Lines: 195
| > | > | Message-ID: <C54101DE-F7F1-44F5-9CE7-CFD236E37CA5@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.migration
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.migration:11002
| > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > |
| > | > | Hello,
| > | > |
| > | > | I am sorry that I confuse you. The fact is there is a trust
between
| > NT4
| > | > and
| > | > | Win2k3. But for the security reason, Win2k3 doesn't release the
right
| > or
| > | > | "trust" to NT4, therefore AMDT cannot be used to transfer user
| > account
| > | > from
| > | > | NT4 to Win2k3. Besides ADMT, what tools can I use to transfer all
| > user
| > | > | account from NT4 to Win2k3? Since there are around 800 -1000
users in
| > the
| > | > | organization, it is tough to create the account manually. Thanks
| > Jason!
| > | > |
| > | > | Wilson
| > | > |
| > | > |
| > | > | "Jason Tan (MSFT)" wrote:
| > | > |
| > | > | >
| > | > | > Hello,
| > | > | >
| > | > | > Thanks for update!
| > | > | >
| > | > | > Actually, based on my experience, it is impossible to
accomplish
| > the
| > | > goals
| > | > | > without trust. We cannot simply expert NT domain accounts and
| > import
| > | > them
| > | > | > into 2K3 domain without domain trust relationship. The main
cause
| > is
| > | > that
| > | > | > it cannot translate the SIDs security information through this
| > method
| > | > | > even though they could have the same account name but different
| > SIDs.
| > | > | >
| > | > | > If there is anything that is unclear, please feel free to let
me
| > know.
| > | > | >
| > | > | > Thanks & Regards,
| > | > | >
| > | > | > Jason Tan
| > | > | >
| > | > | > Microsoft Online Partner Support
| > | > | > Get Secure! - www.microsoft.com/security
| > | > | >
| > | > | > =====================================================
| > | > | >
| > | > | > When responding to posts, please "Reply to Group" via your
| > newsreader
| > | > so
| > | > | > that others may learn and benefit from your issue.
| > | > | >
| > | > | > =====================================================
| > | > | > This posting is provided "AS IS" with no warranties, and
confers no
| > | > rights.
| > | > | >
| > | > | >
| > | > | >
| > | > | >
| > | > | > --------------------
| > | > | > | Thread-Topic: Moving user account from NT to Win2k3
| > | > | > | thread-index: AcV9ExqJWuE643MKQgibVQBLqQu11Q==
| > | > | > | X-WBNR-Posting-Host: 202.140.234.94
| > | > | > | From: "=?Utf-8?B?V2lsc29uIENoZXVuZw==?="
| > | > | > <WilsonCheung@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | > | References:
<856ACE57-0188-4470-8572-23CCA313D64F@xxxxxxxxxxxxx>
| > | > | > <jjq6PZJfFHA.3016@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | Subject: RE: Moving user account from NT to Win2k3
| > | > | > | Date: Wed, 29 Jun 2005 18:29:05 -0700
| > | > | > | Lines: 103
| > | > | > | Message-ID:
<A32915EB-DBAD-48D8-98B9-31348CD3EA65@xxxxxxxxxxxxx>
| > | > | > | MIME-Version: 1.0
| > | > | > | Content-Type: text/plain;
| > | > | > | charset="Utf-8"
| > | > | > | Content-Transfer-Encoding: 7bit
| > | > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | > | Content-Class: urn:content-classes:message
| > | > | > | Importance: normal
| > | > | > | Priority: normal
| > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | > | Newsgroups: microsoft.public.windows.server.migration
| > | > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > microsoft.public.windows.server.migration:10994
| > | > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > | > |
| > | > | > | Hello Jason,
| > | > | > |
| > | > | > | Thank you for your suggestion. However, ADMT cannot be used
in my
| > | > case,
| > | > | > bcs
| > | > | > | there is no trust relationship i can build for the security
| > reason.
| > | > Any
| > | > | > other
| > | > | > | suggestion you can give? Can I export all accouts in NT4 and
then
| > | > import
| > | > | > them
| > | > | > | back in Win2k3? Thanks!
| > | > | > |
| > | > | > | "Jason Tan (MSFT)" wrote:
| > | > | > |
|
.
- References:
- RE: Moving user account from NT to Win2k3
- From: Wilson Cheung
- RE: Moving user account from NT to Win2k3
- Prev by Date: RE: permissions compatible with pre-Win2000 servers
- Next by Date: RE: Does ADMT tool only work under Domain Admin, but not OU Admin leve
- Previous by thread: RE: Moving user account from NT to Win2k3
- Next by thread: Re: 3 domains, Exchange, Mixed Mode
- Index(es):
Relevant Pages
|
