File server migration

Posted on 2011-10-02
Last Modified: 2012-05-12
One of our client is planing to migrate from 2000 domain to 2008 domain.The domain name is same in the new infrastructure and the old infrastructure.Their is no trust between the old and new domain.All the groups and users would be same in both the domain.
I have moved all the data from the old file server to the new file server.How can I copy the folder permissions from the old Infrastructure to the new infrastructure
Question by:Malli Boppe
    LVL 22

    Expert Comment

    Have you done this already (started already)?

    Why not upgrade the existing domain?  Migrating the domain will mean a lot of extra work

    Sounds like you already started because you mention you copied the file data.  Did you use the ADMT migration tool?  

    Old file permissions will not copy to a new domain because the account SIDs will be different.  

    You can try to export file ACLs from the old server with the icalcs tool.  then you can import/apply the ACLs to the new file server files with that icacls command.  The SIDs are differrent so you should try the  /substitute option for the SID issue.  It may work and it may be a lot of work too though.
    I haven't tried it for your situation though, so I can say if it will work or not.

    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    In this case you should use first ADMT to migrate users/group/computers and servers accounts from the old domain to the new one.
    ADMT is free and can be downloaded from'

    and of course, it requires two-way trust to be able to migrate accounts. Then SID History is set up and SID from objects from the old domain are saved in that object's list in the new one.

    After that, users will not loose access to data resource.

    Another tool at the end of that process to copy data is Robocopy

    LVL 24

    Expert Comment

    I guess migration term is used wrongly becasue as far as i know, you can't setup trust between the domains sharing either same netbios name, SID of the domain or FQDN name. Quest allows to migrate object from one domain to another w/o trust but it doesn't migrate SID histroy where as ADMT's min one of the prerequisites are one way trust. You might have upgraded the infrastructure to windows 2008.

    You can use Robocopy tool or in-built tool File server migration tool in windows 2008 to migrate file with NTFS permission intact or Xcopy.

    Awinish Vishwakarma
    MY BLOG:
    LVL 23

    Author Comment

    by:Malli Boppe

    We can't have trust relationship.
    I did use robocopy to copy the data, but wouldn't copy the permissions.


    Its the client decision to rebuild from scratch.
    Can you tell what the icacls command to to import and export permissions.
    LVL 22

    Accepted Solution

    this page has the help file for it

    Syntax (Store acls for all matching names into aclfile
             for later use with /restore)
          ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    Syntax (restore folder)
          ICACLS directory [/substitute SidOld SidNew [...]]
              /restore aclfile [/C] [/L] [/Q]

     /T  Traverse all subfolders to match files/directories.
       /C  Continue on file errors (access denied)  Error messages are still displayed.
       /L  Perform the operation on a symbolic link itself, not its target.

       /Q  Quiet - supress success messages.

    Note:  I read that it mentions SIDs in the help syntax but that it should accept user names also.

    LVL 23

    Author Closing Comment

    by:Malli Boppe
    Didn't test it so don't know whether its going to work

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now