Solved

Copy NTFS permissions with domain to another server with NEW domain....

Posted on 2010-09-16
20
1,479 Views
Last Modified: 2012-06-22
Hi,

I need to Copy NTFS permissions with domain to another server with NEW domain:
How I can do it if I open the same users?
0
Comment
Question by:REUVEN
  • 7
  • 7
  • 5
  • +1
20 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33689823
Could you clarify it a little bit more, please?
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 33689886
Have you got a trust relationship?
0
 

Author Comment

by:REUVEN
ID: 33689977
Hi,
Ok, We don't have trust - I going to install new server with new domain name and I need to move all the files & users from old domain to new one. (Server 2003 old to server 2008 new)

Thanks.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33689997
use robocopy to copy files to other drive
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

but if you do not set up trust it could be difficult to access data
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 33690035
Without a trust your copid SIDs will not be understood by the new server.
0
 

Author Comment

by:REUVEN
ID: 33690039
Hi,

Then - I need to open or copy from old domain the users to new server,
I can do trust domain - no problems...
But if I copy the NTFS permissions  to new server with new SID it will be ok?????

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33690096
nope. in this scenario you need to use admt 3.1 to migrate your users/groups/computers accounts from the old domain to the new one

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE279D01-7DCA-413C-A9D2-B42DFB746059

then you can copy datausing robocopy. and you will be able to access data.

to use admt you need two-way trust relationship
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 33690147
Setting up the trust means that the new server (domain) will understand the SIDs from the old domain. So if you copy the files (e.g. with robocopy) the SIDs (ACL) could be resolved by the new domain.
For user migration use ADMT (ActiveDirectory Migration Tool) so SID-history will be copied.
0
 

Author Comment

by:REUVEN
ID: 33690174
Hi,

Ok, Thenks -
Than I can yous the robcopy for NTFS?
Did you know some utils to print or view all the NTFS files permissions ?

Thanks,
Reuven Cohen
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33690197
you can use built-in command cacls or download

xcacls
http://www.microsoft.com/downloads/en/details.aspx?familyid=7a3e2241-d7d0-42b6-b86e-6eda88726c01&displaylang=en

or SubInACL which is powerful and great
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en

to view resources permission. robocopy only copies data from one place to another
0
 

Author Comment

by:REUVEN
ID: 33690239
Thanks,

The client computers - how to move the client computers profiles from old domain to new domain?

0
 
LVL 5

Expert Comment

by:mittermueller
ID: 33690342
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33690543
if they are local, you don't need after admt migration. if they are roaming you have to read above article :)
0
 

Author Comment

by:REUVEN
ID: 33690566
hi,

They local... but it will be new domain then the local computers change the logon domain auto?
0
 

Author Comment

by:REUVEN
ID: 33690583
One more....

They have Exchange 2003 and the new domain will be exchange 2010 - I found only one option to import the exchange it is PTS export and import.....
Did you have some more options?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33690591
nope. when you use admt to migrate user/group/computer account it will be moved to the new domain with new sid and on sid's history list will be added the old one sid to allow accessing resources.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33690598
unfortunately I'm not an expert from exchange technology. So, I dont' tell you that, sorry.
0
 
LVL 19

Expert Comment

by:R--R
ID: 33695667
Installing exchange 2010 in different domain is possible, but it should be in the same forest.
you have to run setup /PrepareDomain for that domain.
Then you can migrate the mailbox from exchange 2003 to exchange 2010.
0
 

Author Comment

by:REUVEN
ID: 33710426
Hi,

Thanks, but it is not same forest....
It is new domain and new forest.

0
 
LVL 5

Accepted Solution

by:
mittermueller earned 500 total points
ID: 33714605
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question