Solved

Copy NTFS Permission to a new domain

Posted on 2015-02-23
10
126 Views
Last Modified: 2016-11-23
Hi All

 
         Currently I have a domain server (physical one) also this is a file server as well, and the file storage is in a SAN Storage, and we will plan to install a new domain server with different domain name, and we will also plan to move the LUN from the SAN storage to map to the new domain server (in vm), just wonder will the NTFS Permission remain in the new domain server ? before the LUN move from the current domain server to a new one, we will build a trust between the 2 domain server and use a Quest Dell migration tool to migrate domain user, computer & SID to a new domain server, any help would be appreciated, Thanks !  


Keith
0
Comment
Question by:piaakit
  • 6
  • 4
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625725
The LUN will continue to hold the NTFS permissions itself but it will be for the original domain. Even with a forest trust you will still need to apply the permissions accordingly to the users in your new domain.

Once you have done this you can use the ADMT to migrate the server/shares to the new domain.

Will.
0
 

Author Comment

by:piaakit
ID: 40625990
So that I will need to move the Lun and map to the new domain vm server before using the migration tool to migrate user accounts ? i will be using dell migration tool and I will rename the current domain user to different name such as from "andychan" to "achan" (since the dell migration tool have a feature to rename account) , after I migrated for Andy, the NTFS permission for Andy will remain in the Lun ? But I still need to manually add "achan" in the NTFS Permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40626002
That is correct, when you attach your LUN to another domain all of the SID will not match up. If you have a trust with or migrate the users and keep SID history intact then it should work when you present the LUN to your new server in the other domain.

Note: if you have any Shares on this LUN you will need to re-create all of them as the Share Names are stored in the Registry of the server where it is being shared from.

Will.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:piaakit
ID: 40627145
As I only has shared the root parent folder with everyone full access, all the subfolders has NTFS permission, so that after the Lun move and mapped to new domain I only need to shared the parent folder out, and I wish that I do not need to modify any NTFS Permission after the Lun move and user migrated, will the NTFS permission automatically changed from "andychan" to "achan" in the NTFS permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627249
You will have to add the users from the new domain to this share unless you have a 2 way forest trust enabled.

Will.
0
 

Author Comment

by:piaakit
ID: 40627533
HI Will


yes 2 way forest trust will be enabled, as above i mentioned if i want the NTFS Permission automatically changed from andychan to achan after i migrate the domain user, computer & SID, am i correct ?


Keith
0
 

Author Comment

by:piaakit
ID: 40658952
my plan now is to move the LUN from the current domain controller to one of the member server in the current domain, and then trust the new domain, I think the ntfs permission will still remain in the member server
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40658993
I think the ntfs permission will still remain in the member server
That is correct. However, if you have any shares on this LUN you will need to re-create them. Shares are tied to the machine itself and this info is stored in the registry.

Will.
0
 

Author Comment

by:piaakit
ID: 40660173
luckly i only have shared permission created on the root folders, all the sub-folders are the NTFS Permission
0
 

Author Comment

by:piaakit
ID: 40661171
before using the migration tool, do I need to do anything on the client computer ? such as below ?

1.      add target domain administrator account in local admin group
2.      add new server’s dns ip address on client computer
3.      check window firewall, make sure Upnp and enable
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question