Re: Home Directory Re-Permissions and Reset Profile

Unfortuantely, logic has nothing to do with this. We must move to a new
forest due to have a single lable domain for the last 5 years to support
Exchange 2003 (and get compliant with Post-2000 SP4 world). So we are
migrating to a new forest and domains which in turns creates new accoutns for
all usres when they are migrated using a tool called the Quest AD Migration
Manager.

Under normal circumstances the tool would take care of moving the user and
repermissioning all the directories, but due to the extremem cost we couldn't
buy it for all of our users so our seasonal user accounts are not covered.
We have to find a manual way to now assign the newly created domain account
to their original folder that is now on a server in the new domain. These
are about 15,000 accounts.

Maybe the XCALCS will be the best way to go. The more I think about it that
likely is the best way, as the server name the home folders exist on is not
changing, just its domain, so the path in the home folder profile will not
technically change as only the server name is called in the UNC, not the
domain. Will have to see if the process we are using to copy the accounts
over is already snagging that home folder setting, and if not make sure it
is. This may not be as hard as we thought.


"Gerry Hickman" wrote:

> Hi dave313,
>
> I'm not sure what you mean. Are you saying some of these users will have
> TOTALLY new accounts created (but with the same FirstName/LastName as
> before). If so, they'll have new SIDs?? I don't see the logic to this...
>
> You can change the home drive mapping in AD using ADSI, and you can set
> permissions using CACLS, XCACLS.EXE or XCACLS.VBS or WMI or Win32 and
> C++ depending on your need.
>
> > We are in the mist of doing a forest migration using some software to assits.
> > Howerver, due to budget limitations many of our accounts will not be able to
> > be moved. We will be doing another process to move the accounts, however we
> > wanted to try to use a script that woudl reset the users home directory path
> > profile, and re-permissions the actual directory (that will still exist once
> > moved), so their new account in the new domain has access back to this
> > directory.
> >
> > Has anyone already developed a script that does this?
> >
> > Thanks for your help!!
> >
>
>
> --
> Gerry Hickman (London UK)
>
.

Relevant Pages

  • Re: Managing another domain via AD
    ... (Forest must be at Windows 2003 level). ... in your existent domain is through migration. ... run ADMT to create active user accounts in Active Directory. ... use Migration Wizard to migrate mailboxes. ...
    (microsoft.public.windows.server.active_directory)
  • ADMT v3.1 and mixed forests
    ... I have a W2K8 Mixed Forest and a W2K3 Native. ... Target Disable Option: ... Migrate service accounts: Yes ... [Object Migration Section] ...
    (microsoft.public.windows.server.active_directory)
  • Re: Forest and domain name change
    ... Thanks Ryan and Anthony for your recommendations. ... So, after migration their domain, do I still need to perform ... Create their new user accounts in your forest, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Remote Office Configuration
    ... Assuming that the Destination Forest has Windows and exchange 2003, ... followed by the Exchange Migration Wizard. ... run ADMT to create active user accounts in Active Directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD merge with exchange 2007 srv, can ADMT do it?
    ... > ADMT will do user and computer account migration. ... > "Exchange cross forest migration" and you will find some documentations. ... I usually do put together step by step docs such as this, to help folks in the newsgroups, but I haven't yet with this procedure because besides being scattered and the procedure having many facets, my notes are customer specific with domain names, user accounts, passwords, etc, that it will take me some time to go through to compile it into one doc, and I do apologize I am short on time to do anything with this at this point. ...
    (microsoft.public.windows.server.active_directory)