Solved

Preserving NTFS file permissions during server 2003 upgrade

Posted on 2014-03-31
3
511 Views
Last Modified: 2014-04-01
Soon I will be upgrading my 2003 server. I have two 2003 servers and both are domain controllers.

The plan is to erase the first 2003 server and do a clean install of 2012. This server has a D: Drive that contains users folders and shared directories. I am concerned about the NTFS permissions of the files. I'm not concerned about the share level permissions as those will need to be re-created.

Upon promoting the new server to the network, I'm hoping I can migrate the active directory information from the other domain controller to the new server.

Assuming all the above is possible, I am interested what will happen to the file permissions on the D: drive. I was told they will be lost and I will manually re-create them.

Is this true? If so, is there anyway I can preserve these permissions to avoid the task of re-creating everything?
0
Comment
Question by:JohnMan777
3 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39967718
Hi,

if you are planing to clean installation of 2003 server and then you will install 2012. so obviously you are again adding this server to domain. (as 2012 will again DC) so you will NOT lost the security settings.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39967773
As long as you are not formatting D drive (By keeping D drive intact and just format C: drive, your drive will retain all permissions in the form of security identifier
Because after replacing OS, server will be part of workgroup and then its not possible to interpret existing NTFS permissions in readable format.
After installation of new OS when you will join that server to domain again as member server, you will be able to see all NTFS permissions correctly

Only you will lose all Shares along with Sysvol and netlogon
There is one alternative for that

Point your server to be demoted to another DC 1st in DNS properties
Reboot the server once
Demote server gracefully to member server
This will remove Sysvol and netlogon shares but other shares remains intact
Then export shares registry at below location
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
Then format server C: drive with 2012 OS
Add it as a member server in existing domain
Restore exported shares registry key so that all share folder will be restored with share permissions and NTFS perms are already there
Then promote server as ADC in existing domain
Hopefully this will go smoothly

Mahesh.
0
 

Author Closing Comment

by:JohnMan777
ID: 39970312
Excellent advice. Thank you especially for the section on preserving the shares.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question