Solved

File Server Migration between two domains without trust

Posted on 2008-06-16
3
2,998 Views
Last Modified: 2013-12-02
Hello,
I have two domains and I need to migrate the file server from one domain to another on a different machine however I have to do this operation without using trust relationship.

I need a software which will list groups and users from both domains and prompt me for group and user mapping and do the migration with security.

It's perfectly fine to make the mapping manually. I just need a file server migration software that can migrate between domains.

When talking about file server migration they are always talking about file servers within the same domain. I have new groups and users on the new domain because I cannot use AD migration tool. There is no trust and cannot be made for management reasons.

Microsoft FSMT is no good since unknown SID handling is not what I need.

Thank you.

Abdullah SEN
0
Comment
Question by:abdullahsen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 21797098
Look into subinacl with the option /offlinesam, the object_type /subdirectories and the action /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]
You might want to use robocopy to copy the (empty, "/create") file structure including permissions to a USB disk or whatever, attach it to a machine in the new domain, and try the SID replacement with the copy.

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Do NOT use the subinacl found in the ResKit, it's buggy; install this after the ResKit:
SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21798614
0
 

Author Comment

by:abdullahsen
ID: 21800578
As I said before FSMT is not the answer. I will be migrating from one domain to another. Unresolved SID handling is too bad for FSMT. It does not let you make a mapping instead it gives everyone, or whatever permission you want to all unresolved SIDs.

In my scenario all of the SIDs are going to be unresolved. I will give subinacl a try.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question