Solved

Mapping user permissions from old domain to new domain

Posted on 2012-03-22
4
666 Views
Last Modified: 2012-04-12
Is there a utility or script that can map user names and permissions in one domain and apply those same permissions to a file server?

The situation is:

We are migrating users to a new domain. They have a new logon name for the new domain and ideally we want the new user name to have the same permissions to things like files shares as their equivalent old user name.

In other words is there a utility or script that can map the permissions of "Domain_A\User_JSmith"  to "Domain_B\User_JSmith" and apply these on a file share or shared folder?  or is this a manual job?

Any advice or experience is welcome.
0
Comment
Question by:dannewton
4 Comments
 
LVL 3

Accepted Solution

by:
Charlie2012 earned 200 total points
ID: 37751977
Hi,

I think you can do it with the active directory migration wizard:

Active Directory Migration Tool
You can use ADMT to migrate objects in Active Directory forests. This tool includes wizards that automate migration tasks, such as migrating users, groups, service accounts, computers, and trusts and performing security translation.
You can perform ADMT tasks by using the ADMT console, a command line, or a script. When you run ADMT at the command line, it is often more efficient to use an option file to specify command-line options. You can use the ADMT option file reference in the following example to assist you in creating option files. Examples of command-line syntax are provided for each task that you must perform to restructure the domains within the forest.
The following listing shows common options that apply to several migration tasks. Each type of migration task has a section that lists options that are specific to that task. The section name corresponds to the task name when you run ADMT at the command line. You can comment out items with a semicolon. In the following listing, the default values are commented out.

http://www.microsoft.com/download/en/details.aspx?id=19188 (tool)
http://www.microsoft.com/download/en/details.aspx?id=17488 (doc how to)
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 154 total points
ID: 37753017
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 146 total points
ID: 37756170
Have a look at the subinacl tool, and specifically the /replace action.
/replace=[DomainName\]OldAccount=[DomainName\]New_Account

http://www.robvanderwoude.com/subinacl.php
http://support.microsoft.com/kb/265360
0
 

Author Closing Comment

by:dannewton
ID: 37837212
Thanks for all these responses, I am looking at all suggestions and taking the best parts of each for what I need to accomplish.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question