Solved

Move user permissions from old domain to new.

Posted on 2007-04-05
5
341 Views
Last Modified: 2010-03-17
Hello,

Were planning on migrating our users from our old domain to our new domain.  E-mail has already been migrated, using new accounts instead of transferring the SID history.  I'm looking for a way to create groups on the new domain and assign the groups to the users existing new domain accounts.  Can you recommend any tools or scripts which can align old accounts with the new ones and add proper permissions to the new accounts?

Both domains trust each other and we are using Win2k3 domain controllers on both domains.
0
Comment
Question by:rj4510
  • 2
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18861477
If I'm understanding you correctly, you have group objects configured in DomainA such that DomainA\GroupA contains DomainA\User1, DomainA\User2, DomainA\User3 as members.  You are now trying to create group objects in DomainB such that DomainB\GroupA contains DomainB\User1, DomainB\User2, DomainB\User3 as members.  (And all of the DomainB accounts already exist and were created manually; they were not migrated from DomainA.) Is this correct?

the Active Directory Migration Tool has an option to merge accounts in the source domain with accounts in the target domain when it finds accounts that have the same name, which would alleviate the "Accounts already exist in the new domain" problem.  Would this be sufficient for your needs?  (Can't beat the price, it's free.)  http://www.microsoft.com/downloads/details.aspx?FamilyId=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18861717
Not to mention the ADMT will also change those user and object IDs to match the new domain Identifiers.  Makes things a lot easier.
0
 

Author Comment

by:rj4510
ID: 18861969
What if the user names do not match on domain B.  Can the old user names be mapped by ADMT?
Thanks
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18861986
There's an option for a mapping file when you use the command-line component, but you'll need to specify each "oldname newname" entry manually.  Not the most pleasant of processes, but it'll still help move your groups over reasonably.

The ADMTv3 guide is available here: http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-A8BC-01E9F7EF7342&displaylang=en

Search the word doc for "SourceName,Targetname" for the section on mapping.  (Though I obviously recommend that you read the whole thing before attempting a production migration with it.)
0
 

Author Comment

by:rj4510
ID: 18862171
Thanks for your help.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question