Solved

Windows Server 2003: Transfert NTFS Security and Audit from old to new Domain

Posted on 2010-08-17
5
385 Views
Last Modified: 2013-12-04
Hi there,

Scenario:

I have 1 Domain called Domain1, 50 Username and HTFS security and audit setup.

I must create a new domain Domain2, remove the 50 users from Domain1 and join them to the new Domain2.

The 50 usernames will be the same.

I need to copy the NTFS security and audit settings from the files (not shared folders) and folders and apply them for the new domain2.

Are there easy command lines or batch file I can do for this?

Thanks for your help,
Rene
0
Comment
Question by:ReneGe
5 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
ID: 33461561
Active Directory Migration Tool.  (ADMT).  

Other than that, if you could explain why - provide a context - perhaps we can give you a better solution.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 100 total points
ID: 33461578
From what you're saying, you have a domain and want to create another domain (child domain?).

Anyhow, moving Active Directory with all the users is the easier part.

On your new server, run dcpromo and install AD on the new Domain Controller.

On the primary domain controller (your current one), you will transfer roles from it to your new DC and make that the primary domain controller in the new domain.  Once you transfer all the roles over, you can then demote your current DC.

This article will help you in that process with step by step instructions.

http://support.microsoft.com/kb/324801

As far as the NTFS security and folders, you will have to copy the folders over to the new DC and reapply the appropriate permissions.  If you're going to do this all on the same network, there is a free utility software you can use to quickly transfer all the folders to the new DC.  It's called FastCopy and you can download it here:

http://ipmsg.org/tools/fastcopy.html.en

Your policies however will replicate over once you create the new DC.  
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 300 total points
ID: 33462176
For the change of NTFS-permissions, you can use subinacl.exe part of resource kit. The changedomain option should do what you want to do.

subinacl /subdirectories c:\path\to\folder /changedomain=OldDomain=NewDomain

Make sure you download the latest version from MS instead of using the (buggy) version that was distributed with resource kit pack as the older version of the command didn't have any effect.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463403
It will be a complete new domain, not a chile domain and there will be absolutly no A.D. transfer.

Is your suggestion still applies?

Thanks,
Rene
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463879
==> henjoh09, It seems that subinacl would do the trick.

I seems that I'll have to do some reading from the following link: http://analogduck.com/blog/subinacl

I'll give you the points now and I will create a new thread if required.

Thanks to you all for your contribution & for your help.

Cheers,
Rene
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question