Solved

Copy NTFS Permission to a new domain

Posted on 2015-02-23
10
125 Views
Last Modified: 2016-11-23
Hi All

 
         Currently I have a domain server (physical one) also this is a file server as well, and the file storage is in a SAN Storage, and we will plan to install a new domain server with different domain name, and we will also plan to move the LUN from the SAN storage to map to the new domain server (in vm), just wonder will the NTFS Permission remain in the new domain server ? before the LUN move from the current domain server to a new one, we will build a trust between the 2 domain server and use a Quest Dell migration tool to migrate domain user, computer & SID to a new domain server, any help would be appreciated, Thanks !  


Keith
0
Comment
Question by:piaakit
  • 6
  • 4
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625725
The LUN will continue to hold the NTFS permissions itself but it will be for the original domain. Even with a forest trust you will still need to apply the permissions accordingly to the users in your new domain.

Once you have done this you can use the ADMT to migrate the server/shares to the new domain.

Will.
0
 

Author Comment

by:piaakit
ID: 40625990
So that I will need to move the Lun and map to the new domain vm server before using the migration tool to migrate user accounts ? i will be using dell migration tool and I will rename the current domain user to different name such as from "andychan" to "achan" (since the dell migration tool have a feature to rename account) , after I migrated for Andy, the NTFS permission for Andy will remain in the Lun ? But I still need to manually add "achan" in the NTFS Permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40626002
That is correct, when you attach your LUN to another domain all of the SID will not match up. If you have a trust with or migrate the users and keep SID history intact then it should work when you present the LUN to your new server in the other domain.

Note: if you have any Shares on this LUN you will need to re-create all of them as the Share Names are stored in the Registry of the server where it is being shared from.

Will.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:piaakit
ID: 40627145
As I only has shared the root parent folder with everyone full access, all the subfolders has NTFS permission, so that after the Lun move and mapped to new domain I only need to shared the parent folder out, and I wish that I do not need to modify any NTFS Permission after the Lun move and user migrated, will the NTFS permission automatically changed from "andychan" to "achan" in the NTFS permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627249
You will have to add the users from the new domain to this share unless you have a 2 way forest trust enabled.

Will.
0
 

Author Comment

by:piaakit
ID: 40627533
HI Will


yes 2 way forest trust will be enabled, as above i mentioned if i want the NTFS Permission automatically changed from andychan to achan after i migrate the domain user, computer & SID, am i correct ?


Keith
0
 

Author Comment

by:piaakit
ID: 40658952
my plan now is to move the LUN from the current domain controller to one of the member server in the current domain, and then trust the new domain, I think the ntfs permission will still remain in the member server
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40658993
I think the ntfs permission will still remain in the member server
That is correct. However, if you have any shares on this LUN you will need to re-create them. Shares are tied to the machine itself and this info is stored in the registry.

Will.
0
 

Author Comment

by:piaakit
ID: 40660173
luckly i only have shared permission created on the root folders, all the sub-folders are the NTFS Permission
0
 

Author Comment

by:piaakit
ID: 40661171
before using the migration tool, do I need to do anything on the client computer ? such as below ?

1.      add target domain administrator account in local admin group
2.      add new server’s dns ip address on client computer
3.      check window firewall, make sure Upnp and enable
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question