We help IT Professionals succeed at work.

NTBackup Restore is replacing the domain name in all permissions!

Hello everyone,

I am using NTBackup to backup users files from Domain xyz.com to another Domain abc.com, however when I restore and check on restore permissions I got the following problem.

All users and groups are members of abc.com

Let's say we have a folder called SALES on a member server of xyz.com and we have a SALES group called SALES_SG member of abc.com which have full controll on that folder it looks like ABC\SALES_SG, when I do a restore on the other server which is member of abc.com the permissions are replaced with xyz.com so under security it looks like that -> XYZ\SALES_SG !!!

Any ideas why is that?

Thank you.
Comment
Watch Question

Commented:
using NTBackup is not a seamless migration solution. You can use ldifde to correct the entries OR use csvde to do the migration. I'd suggest ADMTv3 for migration as it will more fully migrate important things like user passwords..etc

http://www.microsoft.com/downloads/details.aspx?FamilyID=D99EF770-3BBB-4B9E-A8BC-01E9F7EF7342&displaylang=en
CERTIFIED EXPERT

Author

Commented:
Hi,

Thanks for the reply, I am just migrating files and folders, all users and groups are already migrated to the new domain, only left one file server which is member of the old domain and we have a new file server which is member of the new domain and we need to move the files.

usually a backup and restore should do but it replace every domain name with the old one.
CERTIFIED EXPERT

Author

Commented:
Just adding more info, if we restore the files on the same server all permissions remain the same no problems.
CERTIFIED EXPERT

Author

Commented:
Ok again more information here.

After alot of trials I found out that if I restore the folder on Windows 2000 or Windows XP the permissions remain with ABC\SALES_SG however if I do the restore on Windows 2003 server ABC is replaced with the old domain name which is XYZ everything else remains the same.

Thank you.
Commented:
if the usernames are the same and only the domain is different you can export the registry for the shares, use notepad to update the ACL information, the import that into the registry on the new machine, I've outlined moving shares between servers in this link:
http://www.experts-exchange.com/Storage/Misc/Q_23059766.html

The difference in your scenario would be to identify the domain string in the .reg file for xyz.com, then open the .reg file in notepad, and replace the hex strings for xyz.com with a hex string for abc.com, then just import the .reg file.

it's a pain so if it's only a small number of shares it may not be worth it.

to remap the NTFS if require:
use SetAcl to dump out the permissions to a file.

SetAcl.exe -on "E:\SomeFolder" -ot "file" -lst "f:sddl;w:d,o;i:n;s:y" -
actn backup -rec yes -bckp "E-ntfs-acl.txt"

I then open the text file with notepad. Do a find and replace to
change the folder path from the old to the new folder. Then use SetAcl
to apply the permissions from the file.

SetAcl.exe -on "E:\AnotherFolder" -ot "file" -lst
"f:sddl;w:d,o;i:n;s:y" -actn restore -rec yes -bckp "E-ntfs-acl.txt"
CERTIFIED EXPERT

Author

Commented:
Hello AJermo,

Thank you very much.

The share permissions are ok, only the NTFS, so I will try what you have said regarding the NTFS and I'll update you.

Thank you

MG

Explore More ContentExplore courses, solutions, and other research materials related to this topic.