Re: ADMTv3 Questions

---

• From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
• Date: Fri, 25 Aug 2006 02:22:13 GMT

---

Hi,

As we know, the permission grant to a user account is grant by the SID
indeed. In another word, before or after the migration, the permission
grant to everyone is grant to S-1-1-0 actually.

Hope this explanation helps.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

Thread-Topic: ADMTv3 Questions
thread-index: AcbHga6bZ/AmujNpRLKUaPP5H3lSgA==
X-WBNR-Posting-Host: 68.77.208.5
From: =?Utf-8?B?am1wMTM=?= <jmp13@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <C5454F35-029F-4D16-BCA6-190F47AF2964@xxxxxxxxxxxxx>

<fErmBOmxGHA.5460@xxxxxxxxxxxxxxxxxxxxx>
<FC6C670C-4142-432B-B0F3-DCA9EF12A490@xxxxxxxxxxxxx>
<#oFbiX1xGHA.2396@xxxxxxxxxxxxxxxxxxxx>
<A9B5BDF7-56EF-4D97-9E12-AAB7C06B601D@xxxxxxxxxxxxx>

Subject: Re: ADMTv3 Questions
Date: Thu, 24 Aug 2006 06:32:02 -0700
Lines: 102
Message-ID: <DB35B29F-0D4B-4862-88AF-BDC0CA022559@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24898

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

If persmissions are assigned to built-in groups in the domain to be

migrated,

do those permissions need to be changed prior to running ADMT to unique
groups?

"jmp13" wrote:

I'm working on a project to migrate the 2000 domain into the 2003

domain.

Resources in the domain have rights to the everyone group. Do I need to
consider the everyone group a built-in group? If yes, then I would have

to

reconfigure permissions to all these resources since the built-in

groups

would not migrate. I'm trying to determine that so I can plan for

changing

permissions.

"Lucyfer" wrote:

Hi,

Check the following article:
http://support.microsoft.com/kb/243330/en-us

Thought it doens't appear in ADUC.Thanks.
"jmp13" <jmp13@xxxxxxxxxxxxxxxxxxxxxxxxx> Ã?´Ã?ëÃ?ûÃ?¢Ã?Ã?Ã?Ã

?:FC6C670C-4142-432B-B0F3-DCA9EF12A490@xxxxxxxxxxxxxxxx

Is the everyone group considered a built-in group? I don't see it

in the

ADUC
tool.

"Vincent Xu [MSFT]" wrote:

Hi ,

As previous verison of ADMT, you cannot migrate Build-in Groups by

using

ADMT V3 as well.

That is because the built-in account SIDs are the same in every

domain.

Therefore, if you migrate these accounts to a destination domain,
duplicate
SIDs exist in the destination domain.

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your

newsreader so

that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------

Thread-Topic: ADMTv3 Questions
thread-index: AcbGOau2P0k+iXEWQ8Gc1GcZbiPKfg==
X-WBNR-Posting-Host: 68.77.208.5
From: =?Utf-8?B?am1wMTM=?= <jmp13@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: ADMTv3 Questions
Date: Tue, 22 Aug 2006 15:24:02 -0700
Lines: 9
Message-ID: <C5454F35-029F-4D16-BCA6-190F47AF2964@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24877

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

Does ADMTv3 migrate built-in groups like the administrators

group or

the
administrator account?

Is the everyone group considered a built-in group for the domain?

I have multiple member servers that have granted the local

administator

group rights to the server itself and it is currently in a 2000

domain

which

we are planning on migrating it to the 2003 domain. Are there

any

special
considerations need to be taken with the local servers built-in
accounts?

.

---

• References:
  • RE: ADMTv3 Questions
    • From: Vincent Xu [MSFT]
  • RE: ADMTv3 Questions
    • From: jmp13
  • Re: ADMTv3 Questions
    • From: Lucyfer
  • Re: ADMTv3 Questions
    • From: jmp13
  • Re: ADMTv3 Questions
    • From: jmp13

• Prev by Date: Re: ADMTv3 Questions
• Next by Date: Re: Rollback of failed NT domain upgrade
• Previous by thread: Re: ADMTv3 Questions
• Next by thread: RE: Groupwise running in an AD environment
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: *** HELP *** Problems Accessing Simple VB.NET Access Database ... you can grant Write permissions for the ASPNET account. ... permissions for an individual file or for directory hierarchies. ... I add an OleDBConnection called OleDBConnection1 to Form18b.aspx. ... (microsoft.public.dotnet.languages.vb) Re: more user account options? ... and these custom groups can be used to grant some ... installing applications that install for all users instead ... > If not is there any way to give a limited account user ... (microsoft.public.windowsxp.security_admin) Re: ADMTv3 Questions ... ADMT V3 as well. ... That is because the built-in account SIDs are the same in every domain. ... Does ADMTv3 migrate built-in groups like the administrators group or ... I have multiple member servers that have granted the local administator ... (microsoft.public.windows.server.migration) Re: What right allows full access? ... How to grant permission to the Users group on those areas where my non-admin ... > the Users group on those areas where your non-admin account ... > taking ownership as an admin _might_ be needed. ... (microsoft.public.windowsxp.security_admin) Re: Cheques Made Out To Executors ... Presumably I will have to wait until I received the grant of probate ... however my mother's account has been frozen to prevent anything going out of it. ... Presumably this means I will have to l pay in cheques via the office that deals with deceased account holders estates rather than just hand them in to a branch? ... (uk.finance)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.migration  > 2006-08