Solved

Windows Server 2003: Transfert NTFS Security and Audit from old to new Domain

Posted on 2010-08-17
5
383 Views
Last Modified: 2013-12-04
Hi there,

Scenario:

I have 1 Domain called Domain1, 50 Username and HTFS security and audit setup.

I must create a new domain Domain2, remove the 50 users from Domain1 and join them to the new Domain2.

The 50 usernames will be the same.

I need to copy the NTFS security and audit settings from the files (not shared folders) and folders and apply them for the new domain2.

Are there easy command lines or batch file I can do for this?

Thanks for your help,
Rene
0
Comment
Question by:ReneGe
5 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
ID: 33461561
Active Directory Migration Tool.  (ADMT).  

Other than that, if you could explain why - provide a context - perhaps we can give you a better solution.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 100 total points
ID: 33461578
From what you're saying, you have a domain and want to create another domain (child domain?).

Anyhow, moving Active Directory with all the users is the easier part.

On your new server, run dcpromo and install AD on the new Domain Controller.

On the primary domain controller (your current one), you will transfer roles from it to your new DC and make that the primary domain controller in the new domain.  Once you transfer all the roles over, you can then demote your current DC.

This article will help you in that process with step by step instructions.

http://support.microsoft.com/kb/324801

As far as the NTFS security and folders, you will have to copy the folders over to the new DC and reapply the appropriate permissions.  If you're going to do this all on the same network, there is a free utility software you can use to quickly transfer all the folders to the new DC.  It's called FastCopy and you can download it here:

http://ipmsg.org/tools/fastcopy.html.en

Your policies however will replicate over once you create the new DC.  
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 300 total points
ID: 33462176
For the change of NTFS-permissions, you can use subinacl.exe part of resource kit. The changedomain option should do what you want to do.

subinacl /subdirectories c:\path\to\folder /changedomain=OldDomain=NewDomain

Make sure you download the latest version from MS instead of using the (buggy) version that was distributed with resource kit pack as the older version of the command didn't have any effect.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463403
It will be a complete new domain, not a chile domain and there will be absolutly no A.D. transfer.

Is your suggestion still applies?

Thanks,
Rene
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463879
==> henjoh09, It seems that subinacl would do the trick.

I seems that I'll have to do some reading from the following link: http://analogduck.com/blog/subinacl

I'll give you the points now and I will create a new thread if required.

Thanks to you all for your contribution & for your help.

Cheers,
Rene
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question