Copy NTFS permissions with domain to another server with NEW domain....

Hi,

I need to Copy NTFS permissions with domain to another server with NEW domain:
How I can do it if I open the same users?
REUVENAsked:
Who is Participating?
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Could you clarify it a little bit more, please?
0
 
mittermuellerCommented:
Have you got a trust relationship?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
REUVENAuthor Commented:
Hi,
Ok, We don't have trust - I going to install new server with new domain name and I need to move all the files & users from old domain to new one. (Server 2003 old to server 2008 new)

Thanks.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
use robocopy to copy files to other drive
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

but if you do not set up trust it could be difficult to access data
0
 
mittermuellerCommented:
Without a trust your copid SIDs will not be understood by the new server.
0
 
REUVENAuthor Commented:
Hi,

Then - I need to open or copy from old domain the users to new server,
I can do trust domain - no problems...
But if I copy the NTFS permissions  to new server with new SID it will be ok?????

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
nope. in this scenario you need to use admt 3.1 to migrate your users/groups/computers accounts from the old domain to the new one

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=AE279D01-7DCA-413C-A9D2-B42DFB746059

then you can copy datausing robocopy. and you will be able to access data.

to use admt you need two-way trust relationship
0
 
mittermuellerCommented:
Setting up the trust means that the new server (domain) will understand the SIDs from the old domain. So if you copy the files (e.g. with robocopy) the SIDs (ACL) could be resolved by the new domain.
For user migration use ADMT (ActiveDirectory Migration Tool) so SID-history will be copied.
0
 
REUVENAuthor Commented:
Hi,

Ok, Thenks -
Than I can yous the robcopy for NTFS?
Did you know some utils to print or view all the NTFS files permissions ?

Thanks,
Reuven Cohen
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
you can use built-in command cacls or download

xcacls
http://www.microsoft.com/downloads/en/details.aspx?familyid=7a3e2241-d7d0-42b6-b86e-6eda88726c01&displaylang=en

or SubInACL which is powerful and great
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en

to view resources permission. robocopy only copies data from one place to another
0
 
REUVENAuthor Commented:
Thanks,

The client computers - how to move the client computers profiles from old domain to new domain?

0
 
mittermuellerCommented:
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
if they are local, you don't need after admt migration. if they are roaming you have to read above article :)
0
 
REUVENAuthor Commented:
hi,

They local... but it will be new domain then the local computers change the logon domain auto?
0
 
REUVENAuthor Commented:
One more....

They have Exchange 2003 and the new domain will be exchange 2010 - I found only one option to import the exchange it is PTS export and import.....
Did you have some more options?
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
nope. when you use admt to migrate user/group/computer account it will be moved to the new domain with new sid and on sid's history list will be added the old one sid to allow accessing resources.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
unfortunately I'm not an expert from exchange technology. So, I dont' tell you that, sorry.
0
 
R--RCommented:
Installing exchange 2010 in different domain is possible, but it should be in the same forest.
you have to run setup /PrepareDomain for that domain.
Then you can migrate the mailbox from exchange 2003 to exchange 2010.
0
 
REUVENAuthor Commented:
Hi,

Thanks, but it is not same forest....
It is new domain and new forest.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.