Solved

File Server Migration between two domains without trust

Posted on 2008-06-16
3
3,016 Views
Last Modified: 2013-12-02
Hello,
I have two domains and I need to migrate the file server from one domain to another on a different machine however I have to do this operation without using trust relationship.

I need a software which will list groups and users from both domains and prompt me for group and user mapping and do the migration with security.

It's perfectly fine to make the mapping manually. I just need a file server migration software that can migrate between domains.

When talking about file server migration they are always talking about file servers within the same domain. I have new groups and users on the new domain because I cannot use AD migration tool. There is no trust and cannot be made for management reasons.

Microsoft FSMT is no good since unknown SID handling is not what I need.

Thank you.

Abdullah SEN
0
Comment
Question by:abdullahsen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 21797098
Look into subinacl with the option /offlinesam, the object_type /subdirectories and the action /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]
You might want to use robocopy to copy the (empty, "/create") file structure including permissions to a USB disk or whatever, attach it to a machine in the new domain, and try the SID replacement with the copy.

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Do NOT use the subinacl found in the ResKit, it's buggy; install this after the ResKit:
SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21798614
0
 

Author Comment

by:abdullahsen
ID: 21800578
As I said before FSMT is not the answer. I will be migrating from one domain to another. Unresolved SID handling is too bad for FSMT. It does not let you make a mapping instead it gives everyone, or whatever permission you want to all unresolved SIDs.

In my scenario all of the SIDs are going to be unresolved. I will give subinacl a try.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question