RE: Apending ACL in file mirgration between forests
- From: "Can anyonehelp" <Cananyonehelp@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Sep 2005 07:50:17 -0700
Yes and NO
yes as it gives me answer just not the one I was looking for
and after think out of the box have come up with the following (just start
to builda test bench to test out the logic) using ideas you and other from
this most help full site
build server on current domian forest
set up DFS to allow me to replicat files and rights to new server
run amdt to add the extra right (this give me a easy roll back)
FSMT the new file and and permision to new forest SAN
I think gives me an on line roll back along with a one hit mirgration of
five servers and about 2TB of data
if you think this is a bad / not so cool way please give me addtional advise
but just to recap
This is the first time I have used the site and aprt from the fact I missed
used the site at first tring to get my question across I think the answer you
gave where very good just did not want to here a negitive in that way
my main aim is to keep the current servers untouched for a simple and as low
of risk roll back as possible
rgds
cananyonehelp
"Ken Zhao [MSFT]" wrote:
> Hello Gary,
>
> I notice Vincent Xu has replied the similar question on another thread.
>
> Based on our research, only the FSMT may not achieve your purpose. Because
> it can only keep the same ACL. We need to migrate the file server as a
> member server by using ADMT->computer migration or security migration.
> Translate security on servers to add the SIDs of the user and group
> accounts in the target domain to the ACLs of the resources. After objects
> are migrated to the target domain, the objects contain the ACL entries from
> both the source and the target domains.
>
> You can translate security in add mode on objects by using the ADMT
> console, by using the ADMT command-line option, or by using a script.
>
> 1. On the domain controller in the target domain on which you installed
> ADMT, log on by using the ADMT account migration account.
> 2. Open the Active Directory Migration Tool, and then select Security
> Translation Wizard.
> 3. Complete the Security Translation Wizard.
>
> For more detailed information, please refer to the following article:
> Translating Security in Add Mode
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
> it/a421ccd9-1775-4cc6-8f62-18e4e9845887.mspx>
>
> Hope that helps!
>
> Thanks & Regards,
>
> Ken Zhao
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> Newsgroup Web Interface Upgrade
> Please complete a one-time registration process on your first visit to the
> Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
> code mspp2005 when prompted. This secure code will be valid for 6 months
> after which you will need to update your registration by entering the new
> secure code. We will post announcements in the newsgroups prior to
> expiration. Once you have entered the secure code mspp2005 , you will be
> able to update your profile and access the the partner newsgroups. Please
> update your Favorites link to the newsgroups web page, your current link
> will redirect until November 1, 2005.
> Please post any comment, questions or concerns to the
> microsoft.private.directaccess.partnerfeedback newsgroup. For more
> information, please go to:
> https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
> 4662
>
>
> --------------------
> | Thread-Topic: Apending ACL in file mirgration between forests
> | thread-index: AcW4ZpBnFGD82902SU2eaiyHt3oGOQ==
> | X-WBNR-Posting-Host: 212.113.21.170
> | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?="
> <Cananyonehelp@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@xxxxxxxxxxxxx>
> <RMXSJd4tFHA.780@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: RE: Apending ACL in file mirgration between forests
> | Date: Tue, 13 Sep 2005 06:25:09 -0700
> | Lines: 136
> | Message-ID: <7CEC4BAB-C86E-40CD-A46C-5A499FAADD64@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.migration
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.migration:11942
> | X-Tomcat-NG: microsoft.public.windows.server.migration
> |
> | Thank you
> |
> | but can you add some more details
> |
> | isit possible to amend the ACL to have the same group with both in
> orginal
> | and target domain tag
> |
> | Gary
> |
> | "Ken Zhao [MSFT]" wrote:
> |
> | > Hello,
> | >
> | > Thank you for using newsgroup!
> | >
> | > In fact, you can use FSMT to migrate data from a file server in one
> domain
> | > to a file server in another domain in the same forest. You can also
> migrate
> | > data from a file server in one forest to a file server in another
> forest if
> | > cross-forest trusts are in place so that you can be a member of the
> local
> | > Administrators group on the source and target file servers. For more
> | > detailed FAQs about FSMT, please refer to:
> | >
> | > File Server Migration Toolkit Requirements and Compatibility:
> Frequently
> | > Asked Questions
> | >
> <http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
> | > s.mspx>
> | >
> | > Meanwhile, you need to migrate user rights from old domain to the new
> | > domain by using the Computer Account Migration Wizard in Active
> Directory
> | > Migration Tool (ADMT console). For related information, please refer to:
> | >
> | > Migration of Workstations and Member Servers
> | >
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
> | > it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx>
> | >
> | > More related information:
> | > =============
> | > Establishing Migration Accounts for Your Migration
> | >
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
> | > it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx>
> | >
> | > Users cannot write to a shared folder after migration to Windows Server
> 2003
> | >
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
> | > ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx>
> | >
> | > 326480: How to use Active Directory Migration Tool version 2 to migrate
> | > from Windows 2000 to Windows Server 2003
> | > http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
> | >
> | > Hope the information helps!
> | >
> | > Thanks & Regards,
> | >
> | > Ken Zhao
> | >
> | > Microsoft Online Partner Support
> | > Get Secure! - www.microsoft.com/security
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > =====================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | >
> | > Newsgroup Web Interface Upgrade
> | > Please complete a one-time registration process on your first visit to
> the
> | > Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the
> secure
> | > code mspp2005 when prompted. This secure code will be valid for 6
> months
> | > after which you will need to update your registration by entering the
> new
> | > secure code. We will post announcements in the newsgroups prior to
> | > expiration. Once you have entered the secure code mspp2005 , you will
> be
> | > able to update your profile and access the the partner newsgroups.
> Please
> | > update your Favorites link to the newsgroups web page, your current
> link
> | > will redirect until November 1, 2005.
> | > Please post any comment, questions or concerns to the
> | > microsoft.private.directaccess.partnerfeedback newsgroup. For more
> | > information, please go to:
> | >
> https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
> | > 4662
> | >
> | >
> | > --------------------
> | > | Thread-Topic: Apending ACL in file mirgration between forests
> | > | thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
> | > | X-WBNR-Posting-Host: 212.113.21.170
> | > | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
> | > @discussions.microsoft.com>
> | > | Subject: Apending ACL in file mirgration between forests
> | > | Date: Mon, 12 Sep 2005 02:07:01 -0700
> | > | Lines: 21
> | > | Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@xxxxxxxxxxxxx>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.migration
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl
> | > microsoft.public.windows.server.migration:11924
> | > | X-Tomcat-NG: microsoft.public.windows.server.migration
> | > |
> | > | this may be a simple Quetion, have looked at MS Files Server
> Mirgration
> | > tool
> | > | and it looks like it will do most of the thing required ( need to
> test it
> | > out
> | > | ) but I also need to duplicate the group in ACl
> | > |
> | > | For exapmle if I have three gropud call:
> | > | Domain1\usergroup1 - full right
> | > | Domain1\usergroup1 - read only
> | > |
> | > | I need to keep these in tack and add:
> | > | Domain2\usergroup1 - full right
> | > | Domain2\usergroup1 - read only
> | > |
> | > | so as user are mirgated to the new domain they will stbe able to
> access
> | > the
> | > | file regless to what domain they log on via
> | > |
> | > |
> | > | Plus ie their away to delete groups in ACL when we turn off the old
> | > domain
> | > |
> | > | this could be seval months
> | > |
> | > |
> | > |
> | >
> | >
> |
>
>
.
- Follow-Ups:
- RE: Apending ACL in file mirgration between forests
- From: Ken Zhao [MSFT]
- RE: Apending ACL in file mirgration between forests
- References:
- RE: Apending ACL in file mirgration between forests
- From: Ken Zhao [MSFT]
- RE: Apending ACL in file mirgration between forests
- From: Can anyonehelp
- RE: Apending ACL in file mirgration between forests
- From: Ken Zhao [MSFT]
- RE: Apending ACL in file mirgration between forests
- Prev by Date: RE: Use FSMT on dynamic disks?
- Next by Date: RE: Everything fails
- Previous by thread: RE: Apending ACL in file mirgration between forests
- Next by thread: RE: Apending ACL in file mirgration between forests
- Index(es):
Relevant Pages
|
