Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Mapping user permissions from old domain to new domain

Posted on 2012-03-22
4
Medium Priority
?
676 Views
Last Modified: 2012-04-12
Is there a utility or script that can map user names and permissions in one domain and apply those same permissions to a file server?

The situation is:

We are migrating users to a new domain. They have a new logon name for the new domain and ideally we want the new user name to have the same permissions to things like files shares as their equivalent old user name.

In other words is there a utility or script that can map the permissions of "Domain_A\User_JSmith"  to "Domain_B\User_JSmith" and apply these on a file share or shared folder?  or is this a manual job?

Any advice or experience is welcome.
0
Comment
Question by:dannewton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
Charlie2012 earned 600 total points
ID: 37751977
Hi,

I think you can do it with the active directory migration wizard:

Active Directory Migration Tool
You can use ADMT to migrate objects in Active Directory forests. This tool includes wizards that automate migration tasks, such as migrating users, groups, service accounts, computers, and trusts and performing security translation.
You can perform ADMT tasks by using the ADMT console, a command line, or a script. When you run ADMT at the command line, it is often more efficient to use an option file to specify command-line options. You can use the ADMT option file reference in the following example to assist you in creating option files. Examples of command-line syntax are provided for each task that you must perform to restructure the domains within the forest.
The following listing shows common options that apply to several migration tasks. Each type of migration task has a section that lists options that are specific to that task. The section name corresponds to the task name when you run ADMT at the command line. You can comment out items with a semicolon. In the following listing, the default values are commented out.

http://www.microsoft.com/download/en/details.aspx?id=19188 (tool)
http://www.microsoft.com/download/en/details.aspx?id=17488 (doc how to)
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 462 total points
ID: 37753017
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 438 total points
ID: 37756170
Have a look at the subinacl tool, and specifically the /replace action.
/replace=[DomainName\]OldAccount=[DomainName\]New_Account

http://www.robvanderwoude.com/subinacl.php
http://support.microsoft.com/kb/265360
0
 

Author Closing Comment

by:dannewton
ID: 37837212
Thanks for all these responses, I am looking at all suggestions and taking the best parts of each for what I need to accomplish.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question