sonetinc
asked on
How to copy data between Windows domains?
Hi Experts,
I am trying to copy files between two domains. Both domains/networks are connected with a router. I can ping and connect remotely.
Domain A: Windows 2003 Server at 10.0.0.x
Domain B: Windows 2011 SBS at 10.0.1.x
How do I make the following work?
net use B: \\10.0.1.10\Data
xcopy C:\ServerA_Data\*.* B:\
The first command fails with "Logon failure: account currently disabled."
What needs to be done for users in domain B to be able to have write access to the files copied over?
Thank you for any help...
I am trying to copy files between two domains. Both domains/networks are connected with a router. I can ping and connect remotely.
Domain A: Windows 2003 Server at 10.0.0.x
Domain B: Windows 2011 SBS at 10.0.1.x
How do I make the following work?
net use B: \\10.0.1.10\Data
xcopy C:\ServerA_Data\*.* B:\
The first command fails with "Logon failure: account currently disabled."
What needs to be done for users in domain B to be able to have write access to the files copied over?
Thank you for any help...
If you dont want to implement the trust between domains, just logon to the shared folder by providing a valid credentials in domain B prior to copy the files.
when you try to open the share as \\server_ip, it should ask you for credentials.
when you try to open the share as \\server_ip, it should ask you for credentials.
here is a good example:
http://www.rebelpeon.com/copy_files_between_untrusted_domains_programmatically/
http://www.rebelpeon.com/copy_files_between_untrusted_domains_programmatically/
ASKER
This should be handled within a batch file. I don't want to store passwords in it. What type of trust do I need to setup? Do I set it up on both servers?
You can create a normal user account in domain B to store its password instead of using your own password.
its more easier than the trust configuration. for trust you need to configure DNS and AD on both domains.
If you want to use the trust method here is a link
http://technet.microsoft.com/en-us/library/cc740018(v=ws.10).aspx
its more easier than the trust configuration. for trust you need to configure DNS and AD on both domains.
If you want to use the trust method here is a link
http://technet.microsoft.com/en-us/library/cc740018(v=ws.10).aspx
One of the limitations of SBS is it will not support domain trusts. You will need to map the drive with the appropriate credentials:
net use B: \\10.0.1.10\Data password /USER:[OtherDomainName\username]
xcopy C:\ServerA_Data\*.* B:\
Unfortunately it means saving passwords in clear text.
net use B: \\10.0.1.10\Data password /USER:[OtherDomainName\username]
xcopy C:\ServerA_Data\*.* B:\
Unfortunately it means saving passwords in clear text.
ASKER
I'm afraid that the user option is not going to work. I've created the user on the destination server B. Granted him full access to all directories/files with:
0 \\ServerA\Data\
2012/08/10 21:58:52 ERROR 5 (0x00000005) Copying NTFS Security to Destination Directory \\ServerA\Data\
Access is denied.
Without the security parameter:
New File 101067 file.dat
2012/08/10 22:27:58 ERROR 1314 (0x00000522) Copying NTFS Security to Destination Directory \\ServerA\Data\file.dat
A required privilege is not held by the client.
Is there a way to get around this problem? I would prefer to maintain the NTFS permissions.
I've the DNS working on both sides. Which type of trust do I need to setup to make the above work?
cacls d:\data\* /E /T /C /G "sync-user":F
For the copy/sync I am using robocopy:@ECHO OFF
echo Start at %date% %time%
::http://www.ss64.com/nt/robocopy.html
SETLOCAL
SET _source=\\ServerA\Data
SET _dest=\\ServerB\Data
net use S: %_dest% pass /user:sync-user
SET _what=/COPYALL /B /SEC /MIR
:: /COPYALL :: COPY ALL file info
:: /B :: copy files in Backup mode.
:: /SEC :: copy files with SECurity
:: /MIR :: MIRror a directory tree
SET _options=/R:0 /W:0 /LOG:Sync.log
:: /R:n :: number of Retries
:: /W:n :: Wait time between retries
:: /LOG :: Output log file
:: /NFL :: No file logging
:: /NDL :: No dir logging
ROBOCOPY %_source% S:\ %_what% %_options%
net use S: /delete
echo Completed at %date% %time%
With the sec parameter I am getting the following errors:0 \\ServerA\Data\
2012/08/10 21:58:52 ERROR 5 (0x00000005) Copying NTFS Security to Destination Directory \\ServerA\Data\
Access is denied.
Without the security parameter:
New File 101067 file.dat
2012/08/10 22:27:58 ERROR 1314 (0x00000522) Copying NTFS Security to Destination Directory \\ServerA\Data\file.dat
A required privilege is not held by the client.
Is there a way to get around this problem? I would prefer to maintain the NTFS permissions.
I've the DNS working on both sides. Which type of trust do I need to setup to make the above work?
ASKER
My plan is to add the server B admin to the server A's data NTFS permissions... but first I will need the trust. Is there any better/more efficient option?
As mentioned SBS will not support a trust relationship.
SBS has 3 key limitations:
-a maximum of 75 users or devices
-it must be a DC, and retain all FSMO roles
-cannot support domains trusts.
http://social.technet.microsoft.com/wiki/contents/articles/1906.i-overview-of-sbs-2011.aspx
SBS has 3 key limitations:
-a maximum of 75 users or devices
-it must be a DC, and retain all FSMO roles
-cannot support domains trusts.
http://social.technet.microsoft.com/wiki/contents/articles/1906.i-overview-of-sbs-2011.aspx
ASKER
Coming to back to my original problem: how to transfer the data from A to B?
You will need to provide credentials when the connection is made, thus the recommendation of:
net use B: \\10.0.1.10\Data password /USER:[OtherDomainName\use rname]
The other option might be to use 3rd party sync software like Second Copy http://www.secondcopy.com/
net use B: \\10.0.1.10\Data password /USER:[OtherDomainName\use
The other option might be to use 3rd party sync software like Second Copy http://www.secondcopy.com/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How did you establish a trust? This is not possible with any version of SBS.
ASKER
Solved the problem by myself.
Domain A must trust domain B in order to grant users in domain B access to shares in domain A.