Solved

Mapping user permissions from old domain to new domain

Posted on 2012-03-22
4
669 Views
Last Modified: 2012-04-12
Is there a utility or script that can map user names and permissions in one domain and apply those same permissions to a file server?

The situation is:

We are migrating users to a new domain. They have a new logon name for the new domain and ideally we want the new user name to have the same permissions to things like files shares as their equivalent old user name.

In other words is there a utility or script that can map the permissions of "Domain_A\User_JSmith"  to "Domain_B\User_JSmith" and apply these on a file share or shared folder?  or is this a manual job?

Any advice or experience is welcome.
0
Comment
Question by:dannewton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
Charlie2012 earned 200 total points
ID: 37751977
Hi,

I think you can do it with the active directory migration wizard:

Active Directory Migration Tool
You can use ADMT to migrate objects in Active Directory forests. This tool includes wizards that automate migration tasks, such as migrating users, groups, service accounts, computers, and trusts and performing security translation.
You can perform ADMT tasks by using the ADMT console, a command line, or a script. When you run ADMT at the command line, it is often more efficient to use an option file to specify command-line options. You can use the ADMT option file reference in the following example to assist you in creating option files. Examples of command-line syntax are provided for each task that you must perform to restructure the domains within the forest.
The following listing shows common options that apply to several migration tasks. Each type of migration task has a section that lists options that are specific to that task. The section name corresponds to the task name when you run ADMT at the command line. You can comment out items with a semicolon. In the following listing, the default values are commented out.

http://www.microsoft.com/download/en/details.aspx?id=19188 (tool)
http://www.microsoft.com/download/en/details.aspx?id=17488 (doc how to)
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 154 total points
ID: 37753017
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 146 total points
ID: 37756170
Have a look at the subinacl tool, and specifically the /replace action.
/replace=[DomainName\]OldAccount=[DomainName\]New_Account

http://www.robvanderwoude.com/subinacl.php
http://support.microsoft.com/kb/265360
0
 

Author Closing Comment

by:dannewton
ID: 37837212
Thanks for all these responses, I am looking at all suggestions and taking the best parts of each for what I need to accomplish.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question