?
Solved

Copy NTFS Permission to a new domain

Posted on 2015-02-23
10
Medium Priority
?
131 Views
Last Modified: 2016-11-23
Hi All

 
         Currently I have a domain server (physical one) also this is a file server as well, and the file storage is in a SAN Storage, and we will plan to install a new domain server with different domain name, and we will also plan to move the LUN from the SAN storage to map to the new domain server (in vm), just wonder will the NTFS Permission remain in the new domain server ? before the LUN move from the current domain server to a new one, we will build a trust between the 2 domain server and use a Quest Dell migration tool to migrate domain user, computer & SID to a new domain server, any help would be appreciated, Thanks !  


Keith
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40625725
The LUN will continue to hold the NTFS permissions itself but it will be for the original domain. Even with a forest trust you will still need to apply the permissions accordingly to the users in your new domain.

Once you have done this you can use the ADMT to migrate the server/shares to the new domain.

Will.
0
 

Author Comment

by:piaakit
ID: 40625990
So that I will need to move the Lun and map to the new domain vm server before using the migration tool to migrate user accounts ? i will be using dell migration tool and I will rename the current domain user to different name such as from "andychan" to "achan" (since the dell migration tool have a feature to rename account) , after I migrated for Andy, the NTFS permission for Andy will remain in the Lun ? But I still need to manually add "achan" in the NTFS Permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40626002
That is correct, when you attach your LUN to another domain all of the SID will not match up. If you have a trust with or migrate the users and keep SID history intact then it should work when you present the LUN to your new server in the other domain.

Note: if you have any Shares on this LUN you will need to re-create all of them as the Share Names are stored in the Registry of the server where it is being shared from.

Will.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:piaakit
ID: 40627145
As I only has shared the root parent folder with everyone full access, all the subfolders has NTFS permission, so that after the Lun move and mapped to new domain I only need to shared the parent folder out, and I wish that I do not need to modify any NTFS Permission after the Lun move and user migrated, will the NTFS permission automatically changed from "andychan" to "achan" in the NTFS permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627249
You will have to add the users from the new domain to this share unless you have a 2 way forest trust enabled.

Will.
0
 

Author Comment

by:piaakit
ID: 40627533
HI Will


yes 2 way forest trust will be enabled, as above i mentioned if i want the NTFS Permission automatically changed from andychan to achan after i migrate the domain user, computer & SID, am i correct ?


Keith
0
 

Author Comment

by:piaakit
ID: 40658952
my plan now is to move the LUN from the current domain controller to one of the member server in the current domain, and then trust the new domain, I think the ntfs permission will still remain in the member server
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40658993
I think the ntfs permission will still remain in the member server
That is correct. However, if you have any shares on this LUN you will need to re-create them. Shares are tied to the machine itself and this info is stored in the registry.

Will.
0
 

Author Comment

by:piaakit
ID: 40660173
luckly i only have shared permission created on the root folders, all the sub-folders are the NTFS Permission
0
 

Author Comment

by:piaakit
ID: 40661171
before using the migration tool, do I need to do anything on the client computer ? such as below ?

1.      add target domain administrator account in local admin group
2.      add new server’s dns ip address on client computer
3.      check window firewall, make sure Upnp and enable
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A look at what happened in the Verizon cloud breach.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question