Re: Preserving permissions in a cross-forest move

From: Herb Martin (news_at_LearnQuick.com)
Date: 06/28/05 

Date: Tue, 28 Jun 2005 14:53:30 -0500

<rlooney@cg.state.sc.us> wrote in message
news:1119887962.311766.201470@g49g2000cwa.googlegroups.com...
> I am trying to move file server data from our current W2K mixed-mode
> environment to a completely new forest/domain running Windows 2003. I
> have setup domain trusts and tried using the latest version of the
> Microsoft File Server Migration Toolkit to copy the data. Although the
> data copies successfully, the permissions don't seem to carry over.

No, they will not "carry over" since everyone will get a new SID
in the new domain there is no trivial way to do that.

Probably your best bet is SubInACL.exe to change the user/groups
to the new sids of the (new) users groups. 

-- 
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
> When I look at the security of some folders after the copy, the only
> permissions it has are the Administrator.  Before I ran the copy, I
> manually created new AD accounts in the new environment that matched
> the names of the accounts in the old environment.  Is there some way I
> can do this cross-forest copy and still maintain my permissions even
> though the users on the target server are members of a different domain?
>

Relevant Pages

  • Re: NTFS problem
    ... to a share on a file server. ... It's this account's folder where we disabled inheritance and locked ... The permissions on the accounts folder are exactly as they are spelled ...
    (microsoft.public.windows.server.general)
  • Re: Rebuild File Server
    ... I need to rebuild the file server and while I know how to backup the registry entries for the shares I'm concerned about the NTFS permissions. ... Permissions are attached to unqiue IDs of user accounts, and if the accounts that had permissions were local to the server those accounts and hence those permissions won't exist when the files are restored. ...
    (microsoft.public.windows.server.general)
  • RE: migrating file permissions
    ... All i need to do is make new user accounts which will ... accounts in the old domain to the corresponding accounts in the new domain. ... > is a file server joined to the old domain which has a lot of shared folders ... > having numerous combinations of permissions. ...
    (microsoft.public.windows.server.active_directory)
  • Preserving permissions in a cross-forest move
    ... environment to a completely new forest/domain running Windows 2003. ... have setup domain trusts and tried using the latest version of the ... Microsoft File Server Migration Toolkit to copy the data. ... the permissions don't seem to carry over. ...
    (microsoft.public.windows.server.migration)
  • Preserving permissions in a cross-forest move
    ... environment to a completely new forest/domain running Windows 2003. ... have setup domain trusts and tried using the latest version of the ... Microsoft File Server Migration Toolkit to copy the data. ... the permissions don't seem to carry over. ...
    (microsoft.public.win2000.networking)