Copy file permissions between domains without a trust


I'm looking to copy NTFS file permissions between 2 different windows 2008R2 domains.

The domains have no trust between them and the users accounts have been recreated in the same format in the new domain but the SIDs don't match.

If I copy the files over is there an easy way to recreate the NTFS permissions of a folder structure from domain A to Domain B.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
No - as the SIDs do not match you will have to re-create the permissions manually.
Depending on how complex your structure is and how many diffenrent users we are talking about you could theoretically use Icacls to save the acl structure to a file modify the resulting file replacing old sid with corresponding new sids and then apply this file also using icacls to the new server file structure.
SandeshdubeySenior Server EngineerCommented:
In the above senario the same cannot be achieved as the sid is different of users.If you want the sid same you can create trust and do user migration with ADMT.
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Just check the trust levels between the domains and make sure they have trusted and trusting trusts in place.

I imagine without this, the systems would have problems trying to access resources on each other.

Please take this information lightly as I'm very new to server scene and I would hate to cause a problem. :
Z1ggyAuthor Commented:
SET ACL allowed me to do what I was after. Unfortunately I couldn't create a trust between the 2 domains but the Set ACL tool allowed me to achieve what I needed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Z1ggyAuthor Commented:
Solved the issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.