Migrate users from Windows 2000 Advanced Server to Windows Server 2003 Standard without using a domain.

Posted on 2004-10-29
Last Modified: 2010-04-19
I have a live server running Windows 2000 Advanced Server. There are four similar servers in the school district for which I work. Their main purpose is to serve websites for each school using IIS 5 and FrontPage Server Extensions 2000. Our users never log into the server except for using web services (i.e. editing websites in FrontPage or accessing our help desk website). The school district wants to upgrade our servers to Windows Server 2003 Standard Edition.

We do not want to run an upgrade installation on our server. Part of the reason for moving to Server 2003 is to try to eliminate some problems we have had that may have originated from the original 2000 Advanced Server installation.

I have a second server running Server 2003 Standard Edition that will temporarily host our website while the live server gets Server 2003 Standard Edition, IIS 6, etc. installed on it. We would like to preserve the user accounts, NTFS file permissions, and FrontPage access rights when we copy the data to the temporary server. When the installation of the OS and other software is completed on the live server, we want to then copy the data (along with the user accounts, passwords, etc.) back to the live server from the temporary server.

I do not have a domain or Active Directory setup on either server, nor am I supposed to use either a domain or AD on the server, as directed by my superiors. Is it possible to migrate user accounts, NTFS file permissions, and FrontPage access rights between two Windows Servers without the use of either a domain or AD? I have run across tools like IIS Export Utility, IIS Migration Tool, and ROBOCOPY, but I have only figured out how to use these tools to migrate the file permissions and FrontPage access rights. I still do not know how to migrate the user accounts between the server.

Of course, any help would be greatly appreciated.
Question by:markomni
    LVL 11

    Accepted Solution

    you can use such tools like dameware or hyena for user copy.
    but there is allways one problem with permissions.
    you have to create the users on the new server.
    and this is means new SID's for everyone.
    when you copy data with old permissions on your new server, no new user will have access.
    if your permissions are simple, recreate it by hand.
    if not, we had to do this a few hundred times.
    we wrote a little program that dumped the ACL's from filesystem into a textfile.
    some data changes in the file and you can use it as input for xcacls :)
    LVL 2

    Author Comment

    I will look into dameware and hyena for the user copy. Like you mentioned, permissions for the web are simple enough that those can be re-assigned. The majority of the work that I foresee in this migration/upgrade project is the re-creatiion of the users.

    If dameware or hyena copy the users, passwords, descriptions, and groups between the servers, that would save me a great deal of time. In the two weeks of research I have put into this problem, this is the first I have heard of these tools.
    LVL 11

    Expert Comment

    you cant copy the passwords.
    but the rest should be no problem.
    LVL 2

    Author Comment

    If I cannot copy the passwords, what passwords will the user accounts have?
    LVL 2

    Author Comment

    I just tried the Hyena software, and it appears that I can copy users between Windows machines, and set a default password for these accounts. The problem of SIDs from one machine being different than the SIDs from the second machine still exists. I believe I read somewhere else on Experts-Exchange that a text dump of the SIDs from one server can be made so that ACLs could be imported with the appropriate SIDs, but that may be more work than just re-assigning FrontPage permissions manually for a couple of hundred FrontPage webs.

    Thank you to WeHe for the suggestions and help.
    LVL 2

    Author Comment

    It looks like where I read about the text dump of SIDs was above in WeHe's first comment :-)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now