Re: Upgrade Changing File Permissions

From: karl [x y] (jamescagney90210@excite.com)
Date: 07/31/02 

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Wed, 31 Jul 2002 00:16:33 -0400

I guess I was unclear. There are two ways to upgrade to active directory -
upgrading an existing NT PDC to Windows 2000, or installing a new blank
Windows 2000 domain controller containing no users, and use third party
software to migrate the users or set them up manually. I have never in my
experience had permissions disappear when using the first method. Thus my
answer - since you are concerned about this happening again, my answer is to
1) make sure you are doing the upgrade the first way, and 2) do it
cautiously with a test upgrade first and a good backout plan.

"david" <cdsdavid2001@yahoo.com> wrote in message
news:294001c237f8$58adfdd0$a4e62ecf@tkmsftngxa06...
> Thank you for the backout plan. But I am not sure that it
> solves my primary problem.
>
> You said, "The SIDs would change if you upgraded the
> network by creating a new AD domain and trying to migrate
> over the users." As a matter of fact, we did need to
> upgrade to Active Directory after we installed Windows 2K.
> We will need to do so again at that next customer site as
> well. The whole motivation for upgrading to Windows 2000
> is that we need Active Directory running in order to
> upgrade to Exchange 2000 (Exchange 2K is what they really
> want).
>
> Can it be done without losing all of the file permissions?
>
> >-----Original Message-----
> >"David" <cdsdavid2001@yahoo.com> wrote in message
> >news:2b5301c237d1$b0816dc0$b1e62ecf@tkmsftngxa04...
> >> I would like to prevent a past problem from repeating
> >> itself.
> >>
> >> Previously, we upgraded a customer's server from NT 4.0
> >> Server to Windows 2000. When we did, the file
> permissions
> >> changed. Afterwards, we had to go through and reset
> >> permissions on all files and folders manually, which was
> >> very time consuming.
> >>
> >> We now have another customer, with many more users and
> >> files. They have 2 NT 4.0 Servers (one is a PDC, and the
> >> other contains all of the files and folders). Both NT
> 4.0
> >> Servers need to be upgraded to Windows 2000.
> >>
> >> Resetting perssions on all files manually after
> upgrading
> >> is not a viable option. What can be done to prevent a
> >> repeat of this problem?
> >
> >Permissions should not ordinarily change, unless the user
> SIDs were changed
> >or the files were copied from one server to another
> [instead of using a
> >restore from backup tape or a windows 2000 server
> resource kit command line
> >utility to restore files with their permissions]. The
> SIDs would change if
> >you upgraded the network by creating a new AD domain and
> trying to migrate
> >over the users. If you upgraded the NT PDC to Windows
> 2000, the permissions
> >should have stayed the same.
> >
> >If you are worried about the same thing happening again,
> install NT server
> >as a BDC onto a spare workstation, use tape backup to
> backup and restore
> >some or all of the files [along with their permissions]
> that you are
> >concerned about to the new computer, disconnect the
> computer from the
> >network, upgrade it to a PDC and then to windows 2000,
> and test the
> >permissions. If it works there, it should theoretically
> work when you
> >upgrade the real PDC.
> >
> >Your backout plan which possibly would have saved you
> last time, is to have
> >a tape backup of all the files, and also install NT
> server as a BDC onto a
> >workstation and unplug the new computer from the network
> and make NT rescue
> >disks on all BDCs just before the upgrade. If the
> permissions are lost, you
> >can call or search Microsoft tech support, and if
> necessary you can probably
> >restore the network to its original condition using the
> rescue disks and/or
> >the backup workstation. If the SIDs have changed, the
> backup tapes might
> >not help restore the permissions.
> >
> >[Do note that if you attempt to take the Windows 2000 AD
> domain controller
> >offline and return the network to an NT domain, any
> Windows 2000 computers
> >that are joined to the domain and that detected the new
> domain controller
> >will no longer be able to log into a purely Windows NT
> domain until the
> >computers are manually unjoined and then rejoined to the
> NT domain while
> >sitting in front of each windows 2000 computer one by
> one.]
> >
> >
> >
> >
> >.
> >

Relevant Pages

  • Re: NT to W2K3 Migration
    ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ...
    (microsoft.public.windows.server.active_directory)
  • Re: Native 2003 mode and NT4 workstations?
    ... Migrating from Windows NT Server 4.0 to Windows Server 2003 ... How to Upgrade from Windows NT Server 4.0 ... ensure that you have designed a DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Migrating NT4 to Windows 2003
    ... Migrating from Windows NT Server 4.0 to Windows Server 2003 ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ...
    (microsoft.public.windows.server.active_directory)
  • Re: Migrating NT4 to Windows 2003
    ... Migrating from Windows NT Server 4.0 to Windows Server 2003 ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ...
    (microsoft.public.windows.server.active_directory)
  • RE: w2k upgrade and permissions
    ... the upgrade may not want to cause permissions issue of ... Program Compatibility Wizard with computers that run Windows Server 2003. ... How to upgrade Windows 2000 domain controllers to Windows Server 2003 ...
    (microsoft.public.windows.server.migration)