Solved

File Server Migration between two domains without trust

Posted on 2008-06-16
3
2,936 Views
Last Modified: 2013-12-02
Hello,
I have two domains and I need to migrate the file server from one domain to another on a different machine however I have to do this operation without using trust relationship.

I need a software which will list groups and users from both domains and prompt me for group and user mapping and do the migration with security.

It's perfectly fine to make the mapping manually. I just need a file server migration software that can migrate between domains.

When talking about file server migration they are always talking about file servers within the same domain. I have new groups and users on the new domain because I cannot use AD migration tool. There is no trust and cannot be made for management reasons.

Microsoft FSMT is no good since unknown SID handling is not what I need.

Thank you.

Abdullah SEN
0
Comment
Question by:abdullahsen
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 21797098
Look into subinacl with the option /offlinesam, the object_type /subdirectories and the action /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]
You might want to use robocopy to copy the (empty, "/create") file structure including permissions to a USB disk or whatever, attach it to a machine in the new domain, and try the SID replacement with the copy.

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Do NOT use the subinacl found in the ResKit, it's buggy; install this after the ResKit:
SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21798614
0
 

Author Comment

by:abdullahsen
ID: 21800578
As I said before FSMT is not the answer. I will be migrating from one domain to another. Unresolved SID handling is too bad for FSMT. It does not let you make a mapping instead it gives everyone, or whatever permission you want to all unresolved SIDs.

In my scenario all of the SIDs are going to be unresolved. I will give subinacl a try.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now