Link to home
Start Free TrialLog in
Avatar of sonetinc
sonetinc

asked on

How to copy data between Windows domains?

Hi Experts,

I am trying to copy files between two domains. Both domains/networks are connected with a router. I can ping and connect remotely.

Domain A: Windows 2003 Server at 10.0.0.x
Domain B: Windows 2011 SBS at 10.0.1.x

How do I make the following work?

net use B: \\10.0.1.10\Data
xcopy C:\ServerA_Data\*.* B:\

The first command fails with "Logon failure: account currently disabled."

What needs to be done for users in domain B to be able to have write access to the files copied over?

Thank you for any help...
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image

You need to configure a trust relationship between the two domains.

Domain A must trust domain B in order to grant users in domain B access to shares in domain A.
If you dont want to implement the trust between domains, just logon to the shared folder by providing a valid credentials in domain B prior to copy the files.

when you try to open the share as \\server_ip, it should ask you for credentials.
Avatar of sonetinc
sonetinc

ASKER

This should be handled within a batch file. I don't want to store passwords in it. What type of trust do I need to setup? Do I set it up on both servers?
You can create a normal user account in domain B to store its password instead of using your own password.

its more easier than the trust configuration. for trust you need to configure DNS and AD on both domains.

If you want to use the trust method here is a link

http://technet.microsoft.com/en-us/library/cc740018(v=ws.10).aspx
One of the limitations of SBS is it will not support domain trusts. You will need to map the drive with the appropriate credentials:
net use B: \\10.0.1.10\Data  password  /USER:[OtherDomainName\username]
xcopy C:\ServerA_Data\*.* B:\

Unfortunately it means saving passwords in clear text.
I'm afraid that the user option is not going to work. I've created the user on the destination server B. Granted him full access to all directories/files with:

cacls d:\data\* /E /T /C /G "sync-user":F

Open in new window

For the copy/sync I am using robocopy:

@ECHO OFF
echo Start at %date% %time%
::http://www.ss64.com/nt/robocopy.html
SETLOCAL
SET _source=\\ServerA\Data
SET _dest=\\ServerB\Data
net use S: %_dest% pass /user:sync-user
SET _what=/COPYALL /B /SEC /MIR
:: /COPYALL :: COPY ALL file info
:: /B :: copy files in Backup mode. 
:: /SEC :: copy files with SECurity
:: /MIR :: MIRror a directory tree 
SET _options=/R:0 /W:0 /LOG:Sync.log
:: /R:n :: number of Retries
:: /W:n :: Wait time between retries
:: /LOG :: Output log file
:: /NFL :: No file logging
:: /NDL :: No dir logging
ROBOCOPY %_source% S:\ %_what% %_options%
net use S: /delete
echo Completed at %date% %time%

Open in new window

With the sec parameter I am getting the following errors:
      0      \\ServerA\Data\
2012/08/10 21:58:52 ERROR 5 (0x00000005) Copying NTFS Security to Destination Directory \\ServerA\Data\
Access is denied.

Without the security parameter:
          New File                101067      file.dat
2012/08/10 22:27:58 ERROR 1314 (0x00000522) Copying NTFS Security to Destination Directory \\ServerA\Data\file.dat
A required privilege is not held by the client.

Is there a way to get around this problem? I would prefer to maintain the NTFS permissions.

I've the DNS working on both sides. Which type of trust do I need to setup to make the above work?
My plan is to add the server B admin to the server A's data NTFS permissions... but first I will need the trust. Is there any better/more efficient option?
As mentioned SBS will not support a trust relationship.
SBS has 3 key limitations:
-a maximum of 75 users or devices
-it must be a DC, and retain all FSMO roles
-cannot support domains trusts.
http://social.technet.microsoft.com/wiki/contents/articles/1906.i-overview-of-sbs-2011.aspx
Coming to back to my original problem: how to transfer the data from A to B?
You will need to provide credentials when the connection is made, thus the recommendation of:
net use B: \\10.0.1.10\Data  password  /USER:[OtherDomainName\username]
The other option might be to use 3rd party sync software like Second Copy  http://www.secondcopy.com/
another third party option is all way sync:

http://allwaysync.com/
ASKER CERTIFIED SOLUTION
Avatar of sonetinc
sonetinc

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
How did you establish a trust?  This is not possible with any version of SBS.
Solved the problem by myself.