Authenticated Users SID

We plan on removing a server from a 2000 domain and attaching it to another 2008 domain. I'm wondering how NTFS perm's are going to move. Obviously, specific users will be out the window... but what about built in accounts like Everyone and Authenticated Users?

Looking at this KB, I'd like to think that as long as the domain isn't part of the SID, I'll be okay.

I think that this would transfer over okay:
SID: S-1-5-11 - Name: Authenticated Users

I think that this would NOT work:
SID: S-1-5-domain-513 - Name: Domain Users

Who is Participating?
bhanukir7Connect With a Mentor Commented:

The server in question is that a win2003 or a win 2000 server. Will you be removing the server from the domain and changing it to workgroup and then moving it backup to the new domain.

If that is the case then there should not be issues from the authenticated users and everyone as far as the defaults are concerned.

But if we are talking domain user folders and those permissions that are on the current server, they would become irrelavent.
They both should works if there's proper trust extablished. Otherwise you're correct.
bkrontzAuthor Commented:
There will be no trust. The File Server is 2003 running with AD 2000 functionality. It will be unjoined to a workgroup, then rejoined to the new domain.

So the consensus is that any group with the domain built into the SID will not function post domain migration?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

yes. as that SID is not value is not available in the new domain. And the SID is unique for each domain.

bkrontzAuthor Commented:
You may want to find way to record your permissions on files and folders if you want to retain them for future reference. You can either purchase 3rd party software that can run report of the permissions but may not be justified if this is a one time use. Or if you have a spare server, you may want to move data between servers depening on how well you have been managing shortcuts or mappings etc in your enviornment. Hope you don't have any file permission or folder granted to invividual user account....
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.