RE: decommissioning the old domain after inter-forest migration

we will not be needing the source domain after one month. So one month from
today, if I decommission the source domain totally, user permission to all
files and folders in target domain are going to work correctly even if I do
not run computer migration on file server in replace mode-- right? My boss
does not want to run computer migration in replace mode again. He is afraid
if we run in replace mode again, file/folder permission may get messed up. I
am thinking if we do not run computer migration on file server in replace
mode and decommission source domain, may be we will see some questionable sid
in security tab which will be associated with source domain and we can just
delete those manually as we come accross these. What do you suggest.
Dipti


"Vincent Xu [MSFT]" wrote:

> Hi,
>
> As you read in the TechNet article, we recommend you run Security
> Translation in replace mode to prevent SID history redundancy. If you no
> longer need the old domain, we may suggest you do this. However, if you
> don't do this step, also doesn't matter.
>
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> --------------------
> >>Thread-Topic: decommissioning the old domain after inter-forest migration
> >>thread-index: AcYVWYOpVfUNNAbUQFuewKm8hEKA1w==
> >>X-WBNR-Posting-Host: 65.213.142.100
> >>From: "=?Utf-8?B?RGlwdGk=?=" <Dipti@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >>Subject: decommissioning the old domain after inter-forest migration
> >>Date: Mon, 9 Jan 2006 12:16:03 -0800
> >>Lines: 32
> >>Message-ID: <46AC5DE4-25E3-4A72-93F0-6E50E4F01234@xxxxxxxxxxxxx>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 8bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.windows.server.migration
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA02.phx.gbl
> microsoft.public.windows.server.migration:21954
> >>X-Tomcat-NG: microsoft.public.windows.server.migration
> >>
> >>Hello,
> >>
> >>Here is my question regarding decommissioning the old domain.
> >>
> >>Here is the basic info:
> >>
> >>We used ADMT V3 to migrate users account, computer account, file servers.
> >>Every thing seems to be working now. We also migrated exchange server
> from
> >>source to target domain using exchange migration wizard.
> >>
> >>During the migration I have choose the following options:
> >>
> >>1) For user migration, I h chose to enable target accounts -- and disable
> >>source account in 60 days.
> >>
> >>2) For computer migration, I chose to use "Add" mode instead of
> "replace"
> >>mode.
> >>
> >>3) We chose to use SID History and Sid filtering.
> >>
> >>Now that we are almost to the point to decommission our source domain
> (old
> >>windows 2000 domain), I am wondering what I need to do to accomplish this
> >>without getting into problem after decommissioning old domain.
> >>
> >>In the documentation for " restructuring active Directory domain between
> >>forest� I believe it is recommended to run computer migration again in
> >>"Replace" mode for the file servers(I need to refresh my memory). Is this
> a
> >>necessary step? How do you go about decommissioning old domain for good.
> >>
> >>Thanks.
> >>--
> >>Dipti
> >>
>
>
.

Relevant Pages

  • Re: ADMT trouble: "Could not contact PDC" while migrating user acc
    ... I am not sure where the sid history is meant for, ... > DHCP & WINS not running on source Server, ... WINS manager (on Target) ... > ADMT seems to be able to browse Source Domain AD to show users, ...
    (microsoft.public.windows.server.sbs)
  • Re: 2003 to 2003 Cross Forest migration
    ... Sorry, I mean, admt needs Administrator rights in the source domain. ... source DC and still get the error SID History couldn't be Updated ...
    (microsoft.public.windows.server.migration)
  • SID History not working
    ... I'm trying out an AD 2003 migration in the lab and ran into an issues ... where SID history doesn't seem to be working as I'm expecting it to ... have created a share on a workstation in the source domain with a few ... folders permissioned to the migrated user, ...
    (microsoft.public.windows.server.active_directory)
  • RE: migration of local groups
    ... we have finished a complete admt migration. ... if I have to worry about local groups on member ... source domain are still displayed with their name. ... will sid history still work after shutting down ...
    (microsoft.public.windows.server.migration)
  • RE: migration of local groups on member server
    ... migration of local groups on member server ... if I have to worry about local groups on member ... source domain are still displayed with their name. ... will sid history still work after shutting down ...
    (microsoft.public.windows.server.migration)
Loading