?
Solved

Mapping user permissions from old domain to new domain

Posted on 2012-03-22
4
Medium Priority
?
678 Views
Last Modified: 2012-04-12
Is there a utility or script that can map user names and permissions in one domain and apply those same permissions to a file server?

The situation is:

We are migrating users to a new domain. They have a new logon name for the new domain and ideally we want the new user name to have the same permissions to things like files shares as their equivalent old user name.

In other words is there a utility or script that can map the permissions of "Domain_A\User_JSmith"  to "Domain_B\User_JSmith" and apply these on a file share or shared folder?  or is this a manual job?

Any advice or experience is welcome.
0
Comment
Question by:dannewton
4 Comments
 
LVL 3

Accepted Solution

by:
Charlie2012 earned 600 total points
ID: 37751977
Hi,

I think you can do it with the active directory migration wizard:

Active Directory Migration Tool
You can use ADMT to migrate objects in Active Directory forests. This tool includes wizards that automate migration tasks, such as migrating users, groups, service accounts, computers, and trusts and performing security translation.
You can perform ADMT tasks by using the ADMT console, a command line, or a script. When you run ADMT at the command line, it is often more efficient to use an option file to specify command-line options. You can use the ADMT option file reference in the following example to assist you in creating option files. Examples of command-line syntax are provided for each task that you must perform to restructure the domains within the forest.
The following listing shows common options that apply to several migration tasks. Each type of migration task has a section that lists options that are specific to that task. The section name corresponds to the task name when you run ADMT at the command line. You can comment out items with a semicolon. In the following listing, the default values are commented out.

http://www.microsoft.com/download/en/details.aspx?id=19188 (tool)
http://www.microsoft.com/download/en/details.aspx?id=17488 (doc how to)
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 462 total points
ID: 37753017
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 438 total points
ID: 37756170
Have a look at the subinacl tool, and specifically the /replace action.
/replace=[DomainName\]OldAccount=[DomainName\]New_Account

http://www.robvanderwoude.com/subinacl.php
http://support.microsoft.com/kb/265360
0
 

Author Closing Comment

by:dannewton
ID: 37837212
Thanks for all these responses, I am looking at all suggestions and taking the best parts of each for what I need to accomplish.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question