File server migration

One of our client is planing to migrate from 2000 domain to 2008 domain.The domain name is same in the new infrastructure and the old infrastructure.Their is no trust between the old and new domain.All the groups and users would be same in both the domain.
I have moved all the data from the old file server to the new file server.How can I copy the folder permissions from the old Infrastructure to the new infrastructure
LVL 23
Malli BoppeAsked:
Who is Participating?
this page has the help file for it

Syntax (Store acls for all matching names into aclfile
         for later use with /restore)
      ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
Syntax (restore folder)
      ICACLS directory [/substitute SidOld SidNew [...]]
          /restore aclfile [/C] [/L] [/Q]

 /T  Traverse all subfolders to match files/directories.
   /C  Continue on file errors (access denied)  Error messages are still displayed.
   /L  Perform the operation on a symbolic link itself, not its target.

   /Q  Quiet - supress success messages.

Note:  I read that it mentions SIDs in the help syntax but that it should accept user names also.

Have you done this already (started already)?

Why not upgrade the existing domain?  Migrating the domain will mean a lot of extra work

Sounds like you already started because you mention you copied the file data.  Did you use the ADMT migration tool?  

Old file permissions will not copy to a new domain because the account SIDs will be different.  

You can try to export file ACLs from the old server with the icalcs tool.  then you can import/apply the ACLs to the new file server files with that icacls command.  The SIDs are differrent so you should try the  /substitute option for the SID issue.  It may work and it may be a lot of work too though.
I haven't tried it for your situation though, so I can say if it will work or not.

Krzysztof PytkoSenior Active Directory EngineerCommented:
In this case you should use first ADMT to migrate users/group/computers and servers accounts from the old domain to the new one.
ADMT is free and can be downloaded from'

and of course, it requires two-way trust to be able to migrate accounts. Then SID History is set up and SID from objects from the old domain are saved in that object's list in the new one.

After that, users will not loose access to data resource.

Another tool at the end of that process to copy data is Robocopy

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

I guess migration term is used wrongly becasue as far as i know, you can't setup trust between the domains sharing either same netbios name, SID of the domain or FQDN name. Quest allows to migrate object from one domain to another w/o trust but it doesn't migrate SID histroy where as ADMT's min one of the prerequisites are one way trust. You might have upgraded the infrastructure to windows 2008.

You can use Robocopy tool or in-built tool File server migration tool in windows 2008 to migrate file with NTFS permission intact or Xcopy.

Awinish Vishwakarma
Malli BoppeAuthor Commented:

We can't have trust relationship.
I did use robocopy to copy the data, but wouldn't copy the permissions.


Its the client decision to rebuild from scratch.
Can you tell what the icacls command to to import and export permissions.
Malli BoppeAuthor Commented:
Didn't test it so don't know whether its going to work
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.