Copy file permissions between domains without a trust

Posted on 2013-10-19
Medium Priority
Last Modified: 2013-11-02

I'm looking to copy NTFS file permissions between 2 different windows 2008R2 domains.

The domains have no trust between them and the users accounts have been recreated in the same format in the new domain but the SIDs don't match.

If I copy the files over is there an easy way to recreate the NTFS permissions of a folder structure from domain A to Domain B.

Question by:Z1ggy
LVL 70

Expert Comment

ID: 39585412
No - as the SIDs do not match you will have to re-create the permissions manually.

Expert Comment

ID: 39586800
Depending on how complex your structure is and how many diffenrent users we are talking about you could theoretically use Icacls to save the acl structure to a file modify the resulting file replacing old sid with corresponding new sids and then apply this file also using icacls to the new server file structure.
LVL 24

Expert Comment

ID: 39589056
In the above senario the same cannot be achieved as the sid is different of users.If you want the sid same you can create trust and do user migration with ADMT.
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!


Expert Comment

ID: 39591198
Just check the trust levels between the domains and make sure they have trusted and trusting trusts in place.

I imagine without this, the systems would have problems trying to access resources on each other.

Please take this information lightly as I'm very new to server scene and I would hate to cause a problem. :

Accepted Solution

Z1ggy earned 0 total points
ID: 39605884
SET ACL allowed me to do what I was after. Unfortunately I couldn't create a trust between the 2 domains but the Set ACL tool allowed me to achieve what I needed.

Author Closing Comment

ID: 39618542
Solved the issue

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question