File server migration

One of our client is planing to migrate from 2000 domain to 2008 domain.The domain name is same in the new infrastructure and the old infrastructure.Their is no trust between the old and new domain.All the groups and users would be same in both the domain.
I have moved all the data from the old file server to the new file server.How can I copy the folder permissions from the old Infrastructure to the new infrastructure
LVL 23
Malli BoppeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chakkoCommented:
Have you done this already (started already)?

Why not upgrade the existing domain?  Migrating the domain will mean a lot of extra work

Sounds like you already started because you mention you copied the file data.  Did you use the ADMT migration tool?  

Old file permissions will not copy to a new domain because the account SIDs will be different.  

You can try to export file ACLs from the old server with the icalcs tool.  then you can import/apply the ACLs to the new file server files with that icacls command.  The SIDs are differrent so you should try the  /substitute option for the SID issue.  It may work and it may be a lot of work too though.
I haven't tried it for your situation though, so I can say if it will work or not.

Krzysztof PytkoSenior Active Directory EngineerCommented:
In this case you should use first ADMT to migrate users/group/computers and servers accounts from the old domain to the new one.
ADMT is free and can be downloaded from'
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17918

and of course, it requires two-way trust to be able to migrate accounts. Then SID History is set up and SID from objects from the old domain are saved in that object's list in the new one.

After that, users will not loose access to data resource.

Another tool at the end of that process to copy data is Robocopy
http://www.microsoft.com/download/en/details.aspx?id=17657

Regards,
Krzysztof
AwinishCommented:
I guess migration term is used wrongly becasue as far as i know, you can't setup trust between the domains sharing either same netbios name, SID of the domain or FQDN name. Quest allows to migrate object from one domain to another w/o trust but it doesn't migrate SID histroy where as ADMT's min one of the prerequisites are one way trust. You might have upgraded the infrastructure to windows 2008.

You can use Robocopy tool or in-built tool File server migration tool in windows 2008 to migrate file with NTFS permission intact or Xcopy.
http://betterrobocopygui.codeplex.com/
http://blogs.technet.com/b/josebda/archive/2009/06/30/microsoft-file-server-migration-toolkit-1-2-available-as-a-free-download.aspx
http://www.microsoft.com/download/en/details.aspx?id=10268

Regards
________________________________________
Awinish Vishwakarma
MY BLOG:  http://awinish.wordpress.com
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Malli BoppeAuthor Commented:
@Awinish

We can't have trust relationship.
I did use robocopy to copy the data, but wouldn't copy the permissions.

@chakko

Its the client decision to rebuild from scratch.
Can you tell what the icacls command to to import and export permissions.
chakkoCommented:
this page has the help file for it

http://ss64.com/nt/icacls.html

Syntax (Store acls for all matching names into aclfile
         for later use with /restore)
      ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
   
Syntax (restore folder)
      ICACLS directory [/substitute SidOld SidNew [...]]
          /restore aclfile [/C] [/L] [/Q]


 /T  Traverse all subfolders to match files/directories.
   
   /C  Continue on file errors (access denied)  Error messages are still displayed.
 
   /L  Perform the operation on a symbolic link itself, not its target.

   /Q  Quiet - supress success messages.


Note:  I read that it mentions SIDs in the help syntax but that it should accept user names also.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Malli BoppeAuthor Commented:
Didn't test it so don't know whether its going to work
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.