[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


File server migration

Posted on 2011-10-02
Medium Priority
Last Modified: 2012-05-12
One of our client is planing to migrate from 2000 domain to 2008 domain.The domain name is same in the new infrastructure and the old infrastructure.Their is no trust between the old and new domain.All the groups and users would be same in both the domain.
I have moved all the data from the old file server to the new file server.How can I copy the folder permissions from the old Infrastructure to the new infrastructure
Question by:Malli Boppe
LVL 22

Expert Comment

ID: 36901663
Have you done this already (started already)?

Why not upgrade the existing domain?  Migrating the domain will mean a lot of extra work

Sounds like you already started because you mention you copied the file data.  Did you use the ADMT migration tool?  

Old file permissions will not copy to a new domain because the account SIDs will be different.  

You can try to export file ACLs from the old server with the icalcs tool.  then you can import/apply the ACLs to the new file server files with that icacls command.  The SIDs are differrent so you should try the  /substitute option for the SID issue.  It may work and it may be a lot of work too though.
I haven't tried it for your situation though, so I can say if it will work or not.

LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36901739
In this case you should use first ADMT to migrate users/group/computers and servers accounts from the old domain to the new one.
ADMT is free and can be downloaded from'

and of course, it requires two-way trust to be able to migrate accounts. Then SID History is set up and SID from objects from the old domain are saved in that object's list in the new one.

After that, users will not loose access to data resource.

Another tool at the end of that process to copy data is Robocopy

LVL 24

Expert Comment

ID: 36901971
I guess migration term is used wrongly becasue as far as i know, you can't setup trust between the domains sharing either same netbios name, SID of the domain or FQDN name. Quest allows to migrate object from one domain to another w/o trust but it doesn't migrate SID histroy where as ADMT's min one of the prerequisites are one way trust. You might have upgraded the infrastructure to windows 2008.

You can use Robocopy tool or in-built tool File server migration tool in windows 2008 to migrate file with NTFS permission intact or Xcopy.

Awinish Vishwakarma
MY BLOG:  http://awinish.wordpress.com
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 23

Author Comment

by:Malli Boppe
ID: 36907593

We can't have trust relationship.
I did use robocopy to copy the data, but wouldn't copy the permissions.


Its the client decision to rebuild from scratch.
Can you tell what the icacls command to to import and export permissions.
LVL 22

Accepted Solution

chakko earned 2000 total points
ID: 36907687
this page has the help file for it


Syntax (Store acls for all matching names into aclfile
         for later use with /restore)
      ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
Syntax (restore folder)
      ICACLS directory [/substitute SidOld SidNew [...]]
          /restore aclfile [/C] [/L] [/Q]

 /T  Traverse all subfolders to match files/directories.
   /C  Continue on file errors (access denied)  Error messages are still displayed.
   /L  Perform the operation on a symbolic link itself, not its target.

   /Q  Quiet - supress success messages.

Note:  I read that it mentions SIDs in the help syntax but that it should accept user names also.

LVL 23

Author Closing Comment

by:Malli Boppe
ID: 36940615
Didn't test it so don't know whether its going to work

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question