Solved

Preserving NTFS file permissions during server 2003 upgrade

Posted on 2014-03-31
3
510 Views
Last Modified: 2014-04-01
Soon I will be upgrading my 2003 server. I have two 2003 servers and both are domain controllers.

The plan is to erase the first 2003 server and do a clean install of 2012. This server has a D: Drive that contains users folders and shared directories. I am concerned about the NTFS permissions of the files. I'm not concerned about the share level permissions as those will need to be re-created.

Upon promoting the new server to the network, I'm hoping I can migrate the active directory information from the other domain controller to the new server.

Assuming all the above is possible, I am interested what will happen to the file permissions on the D: drive. I was told they will be lost and I will manually re-create them.

Is this true? If so, is there anyway I can preserve these permissions to avoid the task of re-creating everything?
0
Comment
Question by:JohnMan777
3 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39967718
Hi,

if you are planing to clean installation of 2003 server and then you will install 2012. so obviously you are again adding this server to domain. (as 2012 will again DC) so you will NOT lost the security settings.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39967773
As long as you are not formatting D drive (By keeping D drive intact and just format C: drive, your drive will retain all permissions in the form of security identifier
Because after replacing OS, server will be part of workgroup and then its not possible to interpret existing NTFS permissions in readable format.
After installation of new OS when you will join that server to domain again as member server, you will be able to see all NTFS permissions correctly

Only you will lose all Shares along with Sysvol and netlogon
There is one alternative for that

Point your server to be demoted to another DC 1st in DNS properties
Reboot the server once
Demote server gracefully to member server
This will remove Sysvol and netlogon shares but other shares remains intact
Then export shares registry at below location
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
Then format server C: drive with 2012 OS
Add it as a member server in existing domain
Restore exported shares registry key so that all share folder will be restored with share permissions and NTFS perms are already there
Then promote server as ADC in existing domain
Hopefully this will go smoothly

Mahesh.
0
 

Author Closing Comment

by:JohnMan777
ID: 39970312
Excellent advice. Thank you especially for the section on preserving the shares.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question