Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003

• From: PAZMAN <pmpmailbox-news@xxxxxxxxx>
• Date: Mon, 04 Jul 2005 10:22:26 -0400

Hi Jason,

Sachin

Hi Sachin,

Thanks for update!

Per you requirement, you may use Subinacl.exe tool to replace NT ACLs with 2k3 ACLs. Security translation is a function of ADMT 2.0 that updates access control lists (ACLs) when migrating objects across domains. Generally speaking, you can choose to replace access control entries (ACEs) for source domain principals with ACEs for target domain principals, or you can simply add a corresponding ACE for the target domain principals while leaving the references to the source intact.

Security translation can be performed automatically for objects migrated by ADMT. In addition, you can build a SID mapping file to translate security of objects and principals not migrated by ADMT (for example, built-in and well-known principals) or to perform a custom translation mapping.

If you don't migrate the users to the new domain, we only can use the subinacl. And, subinacl is recommended to reset the permissions in this scenario.

For your information, you may use subinacl to replace the ACL. That is to say you may use subincal in replace mode. The command is as follows:

Subinacl /subdirectories x:\directory\*.* /replace=oldsid=newsid
OR subinacl /subdirectories x:\directory\*.* /replace= NTDOMAIN\FILEUSERS= W2K3DOMAIN\FILEUSERS

SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain. For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user's files. This gives the user access to the same files from the new domain.

For additional information about the syntax and usage of the Subinacl.exe utility, type subinacl /help at the command line.

Using the Command Line to Edit Multiple Subdirectory Permissions
http://support.microsoft.com/default.aspx?scid=kb;en-us;265360

Download details: SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-
93cf-ed6985e3927b&displaylang=en

Hope the information helps. If there is anything that is unclear, please feel free to let me know.

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Date: Wed, 29 Jun 2005 12:06:08 -0400
| From: PAZMAN <pmpmailbox-news@xxxxxxxxx>
| User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
| X-Accept-Language: en-us, en
| MIME-Version: 1.0
| Subject: Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
| References: <42BABB2E.3050609@xxxxxxxxx> <OTZ6QsGeFHA.4856@xxxxxxxxxxxxxxxxxxxxx> <uAEkWsOeFHA.220@xxxxxxxxxxxxxxxxxxxx> <OzldQgweFHA.2052@xxxxxxxxxxxxxxxxxxxxx>
| In-Reply-To: <OzldQgweFHA.2052@xxxxxxxxxxxxxxxxxxxxx>
| Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <e9Tt7RMfFHA.3944@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: mail.commnett.com 200.108.21.245
| Lines: 1 | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10986
| X-Tomcat-NG: microsoft.public.windows.server.migration
| | Hi Jason,
| | No, the new permissions have not been applied. This is what i have; say | i have two servers - server A is NT Domain with a share called "Files" | with ACL \\NTDOMAIN\FILEUSERS. Now i want to move this share to the | W2K3DOMAIN with the same file share name "Files" but with the ACL now | includes \\W2K3DOMAIN\FILEUSERS.
| | What i want is a utility to do this automatically, since there will be a | lot more files and folders to consider.
| | Sachin
| | Jason Tan (MSFT) wrote:
| > Hello Sachin,
| > | > Thanks for update!
| > | > According to your instance, Can I assume that new permissions | > \\W2K3DOMAIN\USERS has been granted to the shares previously. If this is | > the case, FSMT can also migrate the new permission. In addition, All print | > shares and user permissions are backed up when performing a backup | > operation with Print Migrator 3.1.
| > | > If there is anything that is unclear, please feel free to let me know.
| > | > Thanks & Regards,
| > | > Jason Tan
| > | > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your newsreader so | > that others may learn and benefit from your issue. | > | > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no rights.
| > | > | > --------------------
| > | Date: Fri, 24 Jun 2005 14:32:23 -0400
| > | From: PAZMAN <pmpmailbox-news@xxxxxxxxx>
| > | User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
| > | X-Accept-Language: en-us, en
| > | MIME-Version: 1.0
| > | Subject: Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
| > | References: <42BABB2E.3050609@xxxxxxxxx> | > <OTZ6QsGeFHA.4856@xxxxxxxxxxxxxxxxxxxxx>
| > | In-Reply-To: <OTZ6QsGeFHA.4856@xxxxxxxxxxxxxxxxxxxxx>
| > | Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| > | Content-Transfer-Encoding: 7bit
| > | Message-ID: <uAEkWsOeFHA.220@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: mail.commnett.com 200.108.21.245
| > | Lines: 1 | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl | > microsoft.public.windows.server.migration:10882
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | | > | Hi Jason,
| > | | > | My understanding of the File and Printer migration tools is that they | > | copy the settings from one server to another, that is, the same ACL and | > | Share permissions exist. Now what i am doing is migrating from an NT | > | domain (NTDOMAIN) to a Windows 2003 Domain (W2K3DOMAIN). So if I have a | > | share with NTFS permissions \\NTDOMAIN\USERS and use the FSMT, it would | > | simply transfer the shares with the permissions \\NTDOMAIN\USERS. What i | > | need is to transfer the shares with the new permissions | > \\W2K3DOMAIN\USERS.
| > | | > | Correct me if i am wrong in saying that FSMT does not do that. I don't | > | believe that the Printer Migration tool does that as well.
| > | | > | Sachin
| > | | > | Jason Tan (MSFT) wrote:
| > | > Hi Sachin,
| > | > | > | > Thanks for posting!
| > | > | > | > It appears that you have 3 questions at present. Regarding the first | > two | > | > questions related to exchange, please open a new post in | > | > microsoft.public.exchange.general newsgroup. That newsgroup is | > primarily | > | > for issues involving Exchange, So that the dedicated MS engineer can | > help | > | > you on it in a more efficient manner.
| > | > | > | > With respect to the third question, Can I assume that you want to | > migrate | > | > file and printer server to Windows 2k3 domain?
| > | > Based on my understanding, I recommend you migrate file with FSMT and | > | > migrate printer with Print Migrator 3.1.
| > | > | > | > Overview of the Microsoft File Server Migration Toolkit white paper of | > FSMT | > | > | > http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_over
| > | > view.mspx
| > | > | > | > FAQ on FSMT:
| > | > | > http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faqs
| > | > .mspx
| > | > | > | > White Paper: | > | > | > http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_over
| > | > view.mspx
| > | > | > | > Print Migrator 3.1
| > | > | > http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.
| > | > 1.mspx
| > | > | > | > Print Migrator 3.1 Download
| > | > | > http://www.microsoft.com/downloads/details.aspx?FamilyID=9b9f2925-cbc9-44da-
| > | > b2c9-ffdbc46b0b17&displaylang=en
| > | > | > | > Microsoft Print Migrator Document
| > | > http://www.microsoft.com/windows2000/docs/PrintMigrator3.doc
| > | > | > | > Hope the information helps. If there is anything that is unclear, | > please | > | > feel free to let me know.
| > | > | > | > Thanks & Regards,
| > | > | > | > Jason Tan
| > | > | > | > Microsoft Online Partner Support
| > | > Get Secure! - www.microsoft.com/security
| > | > | > | > =====================================================
| > | > | > | > When responding to posts, please "Reply to Group" via your newsreader | > so | > | > that others may learn and benefit from your issue. | > | > | > | > =====================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no | > rights.
| > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > --------------------
| > | > | Message-ID: <42BABB2E.3050609@xxxxxxxxx>
| > | > | Date: Thu, 23 Jun 2005 09:37:50 -0400
| > | > | From: PAZMAN <pmpmailbox-news@xxxxxxxxx>
| > | > | User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
| > | > | X-Accept-Language: en-us, en
| > | > | MIME-Version: 1.0
| > | > | CC: pmpmailbox-news@xxxxxxxxx
| > | > | Subject: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
| > | > | Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| > | > | Content-Transfer-Encoding: 7bit
| > | > | Newsgroups: | > | > | > microsoft.public.windows.server.migration,microsoft.public.exchange.setup
| > | > | NNTP-Posting-Host: mail.commnett.com 200.108.21.245
| > | > | Lines: 1 | > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.setup:20650 | > | > microsoft.public.windows.server.migration:10832
| > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > | | > | > | Hi All,
| > | > | | > | > | We are planning a migration from Exchange 5.5 on Windows NT to | > Exchange | > | > | 2003 on 2003. There are five NT Domains that are bing consolidated to | > a | > | > | single domain and five exchange sites that will remain the same. The | > new | > | > | domains are being installed on new hardware so we are doing a | > parallel | > | > | install and migration (not an in-place).
| > | > | | > | > | We have read tons of material and came up with the following:
| > | > | | > | > | 1) Install Windows 2003 with AD.
| > | > | 2) Create trust between new domain and NT domain.
| > | > | 3) Move DNS and WINS to new servers.
| > | > | 4) Use ADMT to copy users to new domain with SID History.
| > | > | 5) Install Exchange 2003 on Windows 2003.
| > | > | 6) Install and configure ADC.
| > | > | 7) Move mailboxes to Exchange 2003 servers.
| > | > | 8) Move workstations to new domain.
| > | > | 9) Move DHCP to new Servers.
| > | > | 10) Move Print and File servers to new domain.
| > | > | 11) Decommission old NT servers.
| > | > | | > | > | Am i missing anything?
| > | > | | > | > | But i do have a few questions.
| > | > | | > | > | 1) Do I move workstations to the new domain before or after | > installing | > | > | exchange and moving mailboxes? Or does it matter?
| > | > | | > | > | 2) Will ADC copy user settings such as rules and out-of-office | > settings? | > | > | If not, what will?
| > | > | | > | > | 3) How can i redo the ACL settings on file and printer to | > automatically | > | > | point to the new domain?
| > | > | | > | > | | > | > | Thanks for your assistance,
| > | > | | > | > | Sachin
| > | > | | > | > | > | | > |

.

• Follow-Ups:
  • Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
    • From: Jason Tan (MSFT)

• Prev by Date: problems after uppgrade
• Next by Date: Member servers during and after in-place upgrade of NT to AD
• Previous by thread: problems after uppgrade
• Next by thread: Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint