RE: ReACL when migration a FileServer between domains
- From: v-dashen@xxxxxxxxxxxxxxxxxxxx (David Shen [MSFT])
- Date: Mon, 02 Jun 2008 11:42:50 GMT
Dear Customer,
Thanks for using newsgroup.
According to the question, my understanding is the migration file server.
If I have any misunderstanding, please feel free to let me know.
Based on the research, here is some information which may be helpful for
you.
Analysis and Suggestion:
=======================
We can simply migrate the user accounts with "Add" mode by preserving the
SID history of the source domain in the target domain.
We may create a SID mapping file to complete the task of user account
migration. The Security Translation's working refers to the mapping file,
which includes the old user accounts, SIDs and the corresponding new user
accounts SIDs. When it running, it will scan the files and folders residing
on the target computer to search if there is matched entries, according to
this mapping files. If it find such an entry, it will "replace" the new
entry with old entry, or "add" new entry with old entry or remove the old
entry, which we can choose in its options.
As for the mapping file, it can be written manually or generated by ADMT.
If you want to generate this mapping file, you have to migrate the
corresponding user accounts ahead of Security Translation. It may not fit
for this scenario and increase complexity. If you have already obtained the
old and new SIDs. I would like to suggest that you create this mapping
files manually.
If you perform security translation in "add" mode, the SIDs in the target
and the source domains both have access to the profile and the file server
in target domain. Therefore, if you need to roll back to the source
environment, the SID in the source domain can use the profile. If you
perform security translation in "replace" mode, you need to retranslate the
profile by using a SID mapping file (undoing the security translation) to
roll back to the source environment.
How to use a SID mapping file with the ADMT tool to perform a resource
domain migration to Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;835991
I would like to suggest that you perform the user and group migration with
Add mode. Afterwards, the new domain user accounts will preserve the SID
history of the source domain. You may quit the File server from the source
domain, and then add it to the new domain as a new member file server. If
the user accounts migration with ADMT is successful, the new file server
should be access with the new domain user accounts.
For more information about ADMT, please refer to:
ADMT v3 Migration Guide
http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-
A8BC-01E9F7EF7342&displaylang=en
Hope it helps.
Thanks for your time.
David Shen
Microsoft Online Partner Support
.
- Follow-Ups:
- Prev by Date: RE: ADMT and trust problem?
- Next by Date: RE: ReACL when migration a FileServer between domains
- Previous by thread: RE: ADMT and trust problem?
- Next by thread: RE: ReACL when migration a FileServer between domains
- Index(es):
Relevant Pages
|
Loading
