Solved

Preserving NTFS file permissions during server 2003 upgrade

Posted on 2014-03-31
3
506 Views
Last Modified: 2014-04-01
Soon I will be upgrading my 2003 server. I have two 2003 servers and both are domain controllers.

The plan is to erase the first 2003 server and do a clean install of 2012. This server has a D: Drive that contains users folders and shared directories. I am concerned about the NTFS permissions of the files. I'm not concerned about the share level permissions as those will need to be re-created.

Upon promoting the new server to the network, I'm hoping I can migrate the active directory information from the other domain controller to the new server.

Assuming all the above is possible, I am interested what will happen to the file permissions on the D: drive. I was told they will be lost and I will manually re-create them.

Is this true? If so, is there anyway I can preserve these permissions to avoid the task of re-creating everything?
0
Comment
Question by:JohnMan777
3 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39967718
Hi,

if you are planing to clean installation of 2003 server and then you will install 2012. so obviously you are again adding this server to domain. (as 2012 will again DC) so you will NOT lost the security settings.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39967773
As long as you are not formatting D drive (By keeping D drive intact and just format C: drive, your drive will retain all permissions in the form of security identifier
Because after replacing OS, server will be part of workgroup and then its not possible to interpret existing NTFS permissions in readable format.
After installation of new OS when you will join that server to domain again as member server, you will be able to see all NTFS permissions correctly

Only you will lose all Shares along with Sysvol and netlogon
There is one alternative for that

Point your server to be demoted to another DC 1st in DNS properties
Reboot the server once
Demote server gracefully to member server
This will remove Sysvol and netlogon shares but other shares remains intact
Then export shares registry at below location
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
Then format server C: drive with 2012 OS
Add it as a member server in existing domain
Restore exported shares registry key so that all share folder will be restored with share permissions and NTFS perms are already there
Then promote server as ADC in existing domain
Hopefully this will go smoothly

Mahesh.
0
 

Author Closing Comment

by:JohnMan777
ID: 39970312
Excellent advice. Thank you especially for the section on preserving the shares.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now