Solved

File Server Domain Change

Posted on 2012-03-14
6
712 Views
Last Modified: 2012-03-20
I currently have 2 domains. xyz.com and wxy.local. I inherited wxy.local in an aquisition and am looking to move to a single domain xyz.com. Currently the 2 domains are in a trust and since we use Citrix on xyz.com users have an account in both domains as well for Citrix authentication. The question I have is, if I set all their xyz.com permissions on the file servers in wxy.local and move the server to the xyz.com domain. Will I lose all the permission settings? Or since the accounts were placed there prior to the domain change wiill they still work?
0
Comment
Question by:ChrisHornfeldt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Accepted Solution

by:
Dangle79 earned 250 total points
ID: 37722437
Typically the ACL's would remain intact since a domain membership change on a host would take forever if it had to parse every file and folder on the disk to update the security tab. Same deal as if you were dealing with non-domain computers and swapped a HDD from one to another that had explicit permissions on the files. If those users don't exist on the new box you'd be out of luck.

You should actually be able to test that very easily if you've got appropriate rights on both domains. Set up some dummy shares on a PC in the old domain and then migrate it to the new one and verify the folder ACLs stay intact. It shouldn't behave any differently based on whether it's a server or desktop.
0
 
LVL 78

Expert Comment

by:arnold
ID: 37723284
Do you have a capacity on an existing file server to transfer the data and reconfigure the shares?

You could use cacls to check the current security settings.
There are scripts available online and referenced in posts on EE that can help in transferring share configurations from one system to another.
0
 

Author Comment

by:ChrisHornfeldt
ID: 37723299
Sadly no capacity to do it any other way but to pull the trigger and hope the xyz.com settings stick when I move it from one domain to the other. Or pull the trigger and spend all night rebuilding the permission structure before everyone comes in the next day.

I will test the workstation idea tomorrow, wish I had thought of doing it before posting the question and I will update after I see what happens.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 26

Expert Comment

by:Leon Fester
ID: 37725107
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 250 total points
ID: 37726965
The ACL's and SID's are written into the MFT of the file server.  If you move the File server to the new domain, those ACL's & SID's are still there and still valid.

However, for them to be of any real use, a trust has to exist because when the OS goes to check the permissions of the file, it is going to look at the user's security token, which must contain the same token as the ACL on the file.  The security token won't contain that if the user logs into a different domain, unless the sidHistory attribute is set with the old domain sid of the user.

So in short - it will work just fine as long as your users don't move.  If your users move, or their groups change, then the security token may not contain the needed information to access those files, and you'll have to re-ACL the files.  (that's a good idea to do anyway, but does not need to be rushed.).

Coralon
0
 

Author Closing Comment

by:ChrisHornfeldt
ID: 37744196
Thank you guys for the help. I was able to test and moving from Domain B to Domain A after setting A's permissions on the folders worked flawlessly and the permissions stayed in tact. I appreciate the help
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question