?
Solved

Windows Server 2003: Transfert NTFS Security and Audit from old to new Domain

Posted on 2010-08-17
5
Medium Priority
?
389 Views
Last Modified: 2013-12-04
Hi there,

Scenario:

I have 1 Domain called Domain1, 50 Username and HTFS security and audit setup.

I must create a new domain Domain2, remove the 50 users from Domain1 and join them to the new Domain2.

The 50 usernames will be the same.

I need to copy the NTFS security and audit settings from the files (not shared folders) and folders and apply them for the new domain2.

Are there easy command lines or batch file I can do for this?

Thanks for your help,
Rene
0
Comment
Question by:ReneGe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 400 total points
ID: 33461561
Active Directory Migration Tool.  (ADMT).  

Other than that, if you could explain why - provide a context - perhaps we can give you a better solution.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 400 total points
ID: 33461578
From what you're saying, you have a domain and want to create another domain (child domain?).

Anyhow, moving Active Directory with all the users is the easier part.

On your new server, run dcpromo and install AD on the new Domain Controller.

On the primary domain controller (your current one), you will transfer roles from it to your new DC and make that the primary domain controller in the new domain.  Once you transfer all the roles over, you can then demote your current DC.

This article will help you in that process with step by step instructions.

http://support.microsoft.com/kb/324801

As far as the NTFS security and folders, you will have to copy the folders over to the new DC and reapply the appropriate permissions.  If you're going to do this all on the same network, there is a free utility software you can use to quickly transfer all the folders to the new DC.  It's called FastCopy and you can download it here:

http://ipmsg.org/tools/fastcopy.html.en

Your policies however will replicate over once you create the new DC.  
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 1200 total points
ID: 33462176
For the change of NTFS-permissions, you can use subinacl.exe part of resource kit. The changedomain option should do what you want to do.

subinacl /subdirectories c:\path\to\folder /changedomain=OldDomain=NewDomain

Make sure you download the latest version from MS instead of using the (buggy) version that was distributed with resource kit pack as the older version of the command didn't have any effect.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463403
It will be a complete new domain, not a chile domain and there will be absolutly no A.D. transfer.

Is your suggestion still applies?

Thanks,
Rene
0
 
LVL 10

Author Comment

by:ReneGe
ID: 33463879
==> henjoh09, It seems that subinacl would do the trick.

I seems that I'll have to do some reading from the following link: http://analogduck.com/blog/subinacl

I'll give you the points now and I will create a new thread if required.

Thanks to you all for your contribution & for your help.

Cheers,
Rene
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month15 days, 6 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question