Solved

Convert Resource Domain to User Domain ?

Posted on 1997-08-08
7
248 Views
Last Modified: 2013-12-19
DomainA is a Resource Domain(RD) and DomainB used to
be the Master Doman(MD).  Now DomB is going away, so DomA is its own user domain.  I've to recreate all the users in DomA.
But, my resource permissions is DomA used to be from MD. It means, permissions are set for DomB\UserX or DomB\GroupX.  Now, I have to re-apply all the permissions back from DomB\UserX to just UserX.  Luckily 90% of my permissions are Group based, so all I have to do is to re-define the local group memberships.  But, in some cases, there are explicit out of domain references.  How should I find where these are ? and change the references.
I tried to use, SHOWACLS, SHOWMBRS etc.. from RKit but they don't work properly for wildcards !  I am thinking of
manually go through directories and check for permissions which might take a century by the time I am done.

Any easy solution to this?  If so, please let me know.  I am in desperate need.  Thank you.

Srini.
0
Comment
Question by:snimmaga
  • 4
  • 3
7 Comments
 
LVL 5

Accepted Solution

by:
y96andha earned 70 total points
Comment Utility
Use
 CACLS *.* /T >filename.txt
and then search the resulting textfile for references to the old domain name.

If you really have lots of permissions to change, it might be faster to write a program for it, but as I understand it, there are not many places to change, just many places to look in that might need to be changed?
0
 
LVL 5

Author Comment

by:snimmaga
Comment Utility
Thank you, though the answer gives me a direction to look into, I was expecting a more detailed easier way.
ThanX again..
0
 
LVL 5

Expert Comment

by:y96andha
Comment Utility
Do you need to search anything else than files?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Author Comment

by:snimmaga
Comment Utility
Actually, there is a global group from the Master User domain which has permissions (varying) on all the directories in the Resource domain.  Now, after I drop the Trust, I need to create a local group with the same members in the RD and replace the original Group with this new local group in all the acls.
This is just one example.  There are other scenarios similar to this.  Now, I should list all the directories which are referencing the old Global group and make changes to those directories, alone.  OR I should replace everywhere in my RD, the old group with the new group.  
What happens, if it is a single user from a different domain who has permissions set on a resource in the RD?  How many scenarios do I have?  I don't know.  I have to study.  It looks quite tedious to me and am wondering if there any 3rd party tools or something which can help make things easier.
Thank you for your continued interest.
Srini.
0
 
LVL 5

Expert Comment

by:y96andha
Comment Utility
Well, using cacls *.* /t will at least show you what you are dealing with. If you are lucky, you'll only find a few references to the domain name in this file.

If you find there are too many, maybe it would be possible to write some kind of program. It very much depends on how many different changes need to be made, only replacing one group with an other is simple.
0
 
LVL 5

Author Comment

by:snimmaga
Comment Utility
Thank you, I will look into this.  I need some time to evaluate my options.  I will let you know, once I find an easy way out.

Thanks again.
Srini.
If you want me to e-mail to you in future, please send me you e-mail.  My email is, snimmaga@ford.com

0
 
LVL 5

Author Comment

by:snimmaga
Comment Utility
Thank you, I will look into this.  I need some time to evaluate my options.  I will let you know, once I find an easy way out.

Thanks again.
Srini.
If you want me to e-mail to you in future, please send me you e-mail.  My email is, snimmaga@ford.com

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now