Solved

Preserving NTFS file permissions during server 2003 upgrade

Posted on 2014-03-31
3
514 Views
Last Modified: 2014-04-01
Soon I will be upgrading my 2003 server. I have two 2003 servers and both are domain controllers.

The plan is to erase the first 2003 server and do a clean install of 2012. This server has a D: Drive that contains users folders and shared directories. I am concerned about the NTFS permissions of the files. I'm not concerned about the share level permissions as those will need to be re-created.

Upon promoting the new server to the network, I'm hoping I can migrate the active directory information from the other domain controller to the new server.

Assuming all the above is possible, I am interested what will happen to the file permissions on the D: drive. I was told they will be lost and I will manually re-create them.

Is this true? If so, is there anyway I can preserve these permissions to avoid the task of re-creating everything?
0
Comment
Question by:JohnMan777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39967718
Hi,

if you are planing to clean installation of 2003 server and then you will install 2012. so obviously you are again adding this server to domain. (as 2012 will again DC) so you will NOT lost the security settings.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39967773
As long as you are not formatting D drive (By keeping D drive intact and just format C: drive, your drive will retain all permissions in the form of security identifier
Because after replacing OS, server will be part of workgroup and then its not possible to interpret existing NTFS permissions in readable format.
After installation of new OS when you will join that server to domain again as member server, you will be able to see all NTFS permissions correctly

Only you will lose all Shares along with Sysvol and netlogon
There is one alternative for that

Point your server to be demoted to another DC 1st in DNS properties
Reboot the server once
Demote server gracefully to member server
This will remove Sysvol and netlogon shares but other shares remains intact
Then export shares registry at below location
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
Then format server C: drive with 2012 OS
Add it as a member server in existing domain
Restore exported shares registry key so that all share folder will be restored with share permissions and NTFS perms are already there
Then promote server as ADC in existing domain
Hopefully this will go smoothly

Mahesh.
0
 

Author Closing Comment

by:JohnMan777
ID: 39970312
Excellent advice. Thank you especially for the section on preserving the shares.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question