• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 391
  • Last Modified:

Windows Server 2003: Transfert NTFS Security and Audit from old to new Domain

Hi there,

Scenario:

I have 1 Domain called Domain1, 50 Username and HTFS security and audit setup.

I must create a new domain Domain2, remove the 50 users from Domain1 and join them to the new Domain2.

The 50 usernames will be the same.

I need to copy the NTFS security and audit settings from the files (not shared folders) and folders and apply them for the new domain2.

Are there easy command lines or batch file I can do for this?

Thanks for your help,
Rene
0
ReneGe
Asked:
ReneGe
3 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Active Directory Migration Tool.  (ADMT).  

Other than that, if you could explain why - provide a context - perhaps we can give you a better solution.
0
 
cshepfamCommented:
From what you're saying, you have a domain and want to create another domain (child domain?).

Anyhow, moving Active Directory with all the users is the easier part.

On your new server, run dcpromo and install AD on the new Domain Controller.

On the primary domain controller (your current one), you will transfer roles from it to your new DC and make that the primary domain controller in the new domain.  Once you transfer all the roles over, you can then demote your current DC.

This article will help you in that process with step by step instructions.

http://support.microsoft.com/kb/324801

As far as the NTFS security and folders, you will have to copy the folders over to the new DC and reapply the appropriate permissions.  If you're going to do this all on the same network, there is a free utility software you can use to quickly transfer all the folders to the new DC.  It's called FastCopy and you can download it here:

http://ipmsg.org/tools/fastcopy.html.en

Your policies however will replicate over once you create the new DC.  
0
 
Henrik JohanssonSystems engineerCommented:
For the change of NTFS-permissions, you can use subinacl.exe part of resource kit. The changedomain option should do what you want to do.

subinacl /subdirectories c:\path\to\folder /changedomain=OldDomain=NewDomain

Make sure you download the latest version from MS instead of using the (buggy) version that was distributed with resource kit pack as the older version of the command didn't have any effect.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
 
ReneGeAuthor Commented:
It will be a complete new domain, not a chile domain and there will be absolutly no A.D. transfer.

Is your suggestion still applies?

Thanks,
Rene
0
 
ReneGeAuthor Commented:
==> henjoh09, It seems that subinacl would do the trick.

I seems that I'll have to do some reading from the following link: http://analogduck.com/blog/subinacl

I'll give you the points now and I will create a new thread if required.

Thanks to you all for your contribution & for your help.

Cheers,
Rene
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now