Solved

Copy NTFS Permission to a new domain

Posted on 2015-02-23
10
127 Views
Last Modified: 2016-11-23
Hi All

 
         Currently I have a domain server (physical one) also this is a file server as well, and the file storage is in a SAN Storage, and we will plan to install a new domain server with different domain name, and we will also plan to move the LUN from the SAN storage to map to the new domain server (in vm), just wonder will the NTFS Permission remain in the new domain server ? before the LUN move from the current domain server to a new one, we will build a trust between the 2 domain server and use a Quest Dell migration tool to migrate domain user, computer & SID to a new domain server, any help would be appreciated, Thanks !  


Keith
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625725
The LUN will continue to hold the NTFS permissions itself but it will be for the original domain. Even with a forest trust you will still need to apply the permissions accordingly to the users in your new domain.

Once you have done this you can use the ADMT to migrate the server/shares to the new domain.

Will.
0
 

Author Comment

by:piaakit
ID: 40625990
So that I will need to move the Lun and map to the new domain vm server before using the migration tool to migrate user accounts ? i will be using dell migration tool and I will rename the current domain user to different name such as from "andychan" to "achan" (since the dell migration tool have a feature to rename account) , after I migrated for Andy, the NTFS permission for Andy will remain in the Lun ? But I still need to manually add "achan" in the NTFS Permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40626002
That is correct, when you attach your LUN to another domain all of the SID will not match up. If you have a trust with or migrate the users and keep SID history intact then it should work when you present the LUN to your new server in the other domain.

Note: if you have any Shares on this LUN you will need to re-create all of them as the Share Names are stored in the Registry of the server where it is being shared from.

Will.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:piaakit
ID: 40627145
As I only has shared the root parent folder with everyone full access, all the subfolders has NTFS permission, so that after the Lun move and mapped to new domain I only need to shared the parent folder out, and I wish that I do not need to modify any NTFS Permission after the Lun move and user migrated, will the NTFS permission automatically changed from "andychan" to "achan" in the NTFS permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627249
You will have to add the users from the new domain to this share unless you have a 2 way forest trust enabled.

Will.
0
 

Author Comment

by:piaakit
ID: 40627533
HI Will


yes 2 way forest trust will be enabled, as above i mentioned if i want the NTFS Permission automatically changed from andychan to achan after i migrate the domain user, computer & SID, am i correct ?


Keith
0
 

Author Comment

by:piaakit
ID: 40658952
my plan now is to move the LUN from the current domain controller to one of the member server in the current domain, and then trust the new domain, I think the ntfs permission will still remain in the member server
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40658993
I think the ntfs permission will still remain in the member server
That is correct. However, if you have any shares on this LUN you will need to re-create them. Shares are tied to the machine itself and this info is stored in the registry.

Will.
0
 

Author Comment

by:piaakit
ID: 40660173
luckly i only have shared permission created on the root folders, all the sub-folders are the NTFS Permission
0
 

Author Comment

by:piaakit
ID: 40661171
before using the migration tool, do I need to do anything on the client computer ? such as below ?

1.      add target domain administrator account in local admin group
2.      add new server’s dns ip address on client computer
3.      check window firewall, make sure Upnp and enable
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question