Solved

Windows Server 2003: Transfert NTFS Security and Audit from old to new Domain

Posted on 2010-08-17
5
386 Views
Last Modified: 2013-12-04
Hi there,

Scenario:

I have 1 Domain called Domain1, 50 Username and HTFS security and audit setup.

I must create a new domain Domain2, remove the 50 users from Domain1 and join them to the new Domain2.

The 50 usernames will be the same.

I need to copy the NTFS security and audit settings from the files (not shared folders) and folders and apply them for the new domain2.

Are there easy command lines or batch file I can do for this?

Thanks for your help,
Rene
0
Comment
Question by:ReneGe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
ID: 33461561
Active Directory Migration Tool.  (ADMT).  

Other than that, if you could explain why - provide a context - perhaps we can give you a better solution.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 100 total points
ID: 33461578
From what you're saying, you have a domain and want to create another domain (child domain?).

Anyhow, moving Active Directory with all the users is the easier part.

On your new server, run dcpromo and install AD on the new Domain Controller.

On the primary domain controller (your current one), you will transfer roles from it to your new DC and make that the primary domain controller in the new domain.  Once you transfer all the roles over, you can then demote your current DC.

This article will help you in that process with step by step instructions.

http://support.microsoft.com/kb/324801

As far as the NTFS security and folders, you will have to copy the folders over to the new DC and reapply the appropriate permissions.  If you're going to do this all on the same network, there is a free utility software you can use to quickly transfer all the folders to the new DC.  It's called FastCopy and you can download it here:

http://ipmsg.org/tools/fastcopy.html.en

Your policies however will replicate over once you create the new DC.  
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 300 total points
ID: 33462176
For the change of NTFS-permissions, you can use subinacl.exe part of resource kit. The changedomain option should do what you want to do.

subinacl /subdirectories c:\path\to\folder /changedomain=OldDomain=NewDomain

Make sure you download the latest version from MS instead of using the (buggy) version that was distributed with resource kit pack as the older version of the command didn't have any effect.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463403
It will be a complete new domain, not a chile domain and there will be absolutly no A.D. transfer.

Is your suggestion still applies?

Thanks,
Rene
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463879
==> henjoh09, It seems that subinacl would do the trick.

I seems that I'll have to do some reading from the following link: http://analogduck.com/blog/subinacl

I'll give you the points now and I will create a new thread if required.

Thanks to you all for your contribution & for your help.

Cheers,
Rene
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Questions about DHCP migration 5 104
copying evtx files while system is running 2 94
FTP server windows 2008 5 57
Moving a windows 7 install to new hardware 9 97
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question