Solved

How to migrate a Windows 2003 file server to another domain?

Posted on 2011-02-20
9
1,189 Views
Last Modified: 2012-05-11
Hi,

I have a Windows 2003 file server from DomainA and I want to move it into DomainB. What is the proceadure for doing  that to make sure that all folders and files securities will follow?
0
Comment
Question by:SAM2009
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 7

Accepted Solution

by:
holthd earned 167 total points
ID: 34940493
There are no ways of migrating a server and retaining the filesystem NTFS permissions (usable) to my knowledge. There are several ways to get keep the permissions but unless you have a 1:1 copy of the Active Directory securtiy groups and users in domain A and B they'll be no good to you.
All objects in Active Directory have a SID which is unique and is the actual reference used when performing lookups from the fileserver to the domain. To maintain the SIDs of the objects you must have a copy of all the users and/or security groups that has been granted access to the filesystem in Domain A in Domain B. It does not help to give the objects an identical name and put them in the identical containers.
I recommend you use XCACLS.vbs (Microsoft, free) to export all permissions to a text file and re-establish the filesystem ACL's in Domain B.

-Daniel  
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34940525
If there is a trust between the domains then the NTFS permissions should remain in-tact (TEST FIRST).
0
 
LVL 9

Assisted Solution

by:abolinhas
abolinhas earned 167 total points
ID: 34941632
0
 
LVL 1

Assisted Solution

by:pedronrivera
pedronrivera earned 166 total points
ID: 34944223
For migrations I use admt which will migrate users groups and computer accounts.  Do some research on the active directory migration tool.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:SAM2009
ID: 34945488
The trust is activated between both domains. Whatd does it work with fsmigrate? Does it keep the security grp and users?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34945507
If there's a trust, then the GUIDs (which are NOT removed) can be looked up and security should apply properly.
0
 
LVL 7

Expert Comment

by:holthd
ID: 34946758
Keep in mind that once you remove the trust or the DC's in the trusted domain becomes unavailable ACL lookups on this server cannot be performed any longer. Hence rendering files and folders inaccessible.
If the trust is used in a transition period you'll have to look at AD migration or another solution.
0
 
LVL 1

Author Comment

by:SAM2009
ID: 34948117
Ya trust will be deactivated cuz the purpose is to get just one domain at the end.
0
 
LVL 1

Author Closing Comment

by:SAM2009
ID: 34967278
Thank you for all your suggestions!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Super Scope, DHCP 5 51
execution of the windows script host failed. (access is denied.) 3 52
How do i move AD Contacts to O365? 2 31
Auto Login Script 3 15
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now