• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1566
  • Last Modified:

Copy NTFS permissions with domain to another server with NEW domain....

Hi,

I need to Copy NTFS permissions with domain to another server with NEW domain:
How I can do it if I open the same users?
0
REUVEN
Asked:
REUVEN
  • 7
  • 7
  • 5
  • +1
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
Could you clarify it a little bit more, please?
0
 
mittermuellerCommented:
Have you got a trust relationship?
0
 
REUVENAuthor Commented:
Hi,
Ok, We don't have trust - I going to install new server with new domain name and I need to move all the files & users from old domain to new one. (Server 2003 old to server 2008 new)

Thanks.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Krzysztof PytkoActive Directory EngineerCommented:
use robocopy to copy files to other drive
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

but if you do not set up trust it could be difficult to access data
0
 
mittermuellerCommented:
Without a trust your copid SIDs will not be understood by the new server.
0
 
REUVENAuthor Commented:
Hi,

Then - I need to open or copy from old domain the users to new server,
I can do trust domain - no problems...
But if I copy the NTFS permissions  to new server with new SID it will be ok?????

0
 
Krzysztof PytkoActive Directory EngineerCommented:
nope. in this scenario you need to use admt 3.1 to migrate your users/groups/computers accounts from the old domain to the new one

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE279D01-7DCA-413C-A9D2-B42DFB746059

then you can copy datausing robocopy. and you will be able to access data.

to use admt you need two-way trust relationship
0
 
mittermuellerCommented:
Setting up the trust means that the new server (domain) will understand the SIDs from the old domain. So if you copy the files (e.g. with robocopy) the SIDs (ACL) could be resolved by the new domain.
For user migration use ADMT (ActiveDirectory Migration Tool) so SID-history will be copied.
0
 
REUVENAuthor Commented:
Hi,

Ok, Thenks -
Than I can yous the robcopy for NTFS?
Did you know some utils to print or view all the NTFS files permissions ?

Thanks,
Reuven Cohen
0
 
Krzysztof PytkoActive Directory EngineerCommented:
you can use built-in command cacls or download

xcacls
http://www.microsoft.com/downloads/en/details.aspx?familyid=7a3e2241-d7d0-42b6-b86e-6eda88726c01&displaylang=en

or SubInACL which is powerful and great
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en

to view resources permission. robocopy only copies data from one place to another
0
 
REUVENAuthor Commented:
Thanks,

The client computers - how to move the client computers profiles from old domain to new domain?

0
 
mittermuellerCommented:
0
 
Krzysztof PytkoActive Directory EngineerCommented:
if they are local, you don't need after admt migration. if they are roaming you have to read above article :)
0
 
REUVENAuthor Commented:
hi,

They local... but it will be new domain then the local computers change the logon domain auto?
0
 
REUVENAuthor Commented:
One more....

They have Exchange 2003 and the new domain will be exchange 2010 - I found only one option to import the exchange it is PTS export and import.....
Did you have some more options?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
nope. when you use admt to migrate user/group/computer account it will be moved to the new domain with new sid and on sid's history list will be added the old one sid to allow accessing resources.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
unfortunately I'm not an expert from exchange technology. So, I dont' tell you that, sorry.
0
 
R--RCommented:
Installing exchange 2010 in different domain is possible, but it should be in the same forest.
you have to run setup /PrepareDomain for that domain.
Then you can migrate the mailbox from exchange 2003 to exchange 2010.
0
 
REUVENAuthor Commented:
Hi,

Thanks, but it is not same forest....
It is new domain and new forest.

0
 
mittermuellerCommented:
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 7
  • 7
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now