Solved

Copy NTFS Permission to a new domain

Posted on 2015-02-23
10
128 Views
Last Modified: 2016-11-23
Hi All

 
         Currently I have a domain server (physical one) also this is a file server as well, and the file storage is in a SAN Storage, and we will plan to install a new domain server with different domain name, and we will also plan to move the LUN from the SAN storage to map to the new domain server (in vm), just wonder will the NTFS Permission remain in the new domain server ? before the LUN move from the current domain server to a new one, we will build a trust between the 2 domain server and use a Quest Dell migration tool to migrate domain user, computer & SID to a new domain server, any help would be appreciated, Thanks !  


Keith
0
Comment
Question by:piaakit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40625725
The LUN will continue to hold the NTFS permissions itself but it will be for the original domain. Even with a forest trust you will still need to apply the permissions accordingly to the users in your new domain.

Once you have done this you can use the ADMT to migrate the server/shares to the new domain.

Will.
0
 

Author Comment

by:piaakit
ID: 40625990
So that I will need to move the Lun and map to the new domain vm server before using the migration tool to migrate user accounts ? i will be using dell migration tool and I will rename the current domain user to different name such as from "andychan" to "achan" (since the dell migration tool have a feature to rename account) , after I migrated for Andy, the NTFS permission for Andy will remain in the Lun ? But I still need to manually add "achan" in the NTFS Permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40626002
That is correct, when you attach your LUN to another domain all of the SID will not match up. If you have a trust with or migrate the users and keep SID history intact then it should work when you present the LUN to your new server in the other domain.

Note: if you have any Shares on this LUN you will need to re-create all of them as the Share Names are stored in the Registry of the server where it is being shared from.

Will.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:piaakit
ID: 40627145
As I only has shared the root parent folder with everyone full access, all the subfolders has NTFS permission, so that after the Lun move and mapped to new domain I only need to shared the parent folder out, and I wish that I do not need to modify any NTFS Permission after the Lun move and user migrated, will the NTFS permission automatically changed from "andychan" to "achan" in the NTFS permission ?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40627249
You will have to add the users from the new domain to this share unless you have a 2 way forest trust enabled.

Will.
0
 

Author Comment

by:piaakit
ID: 40627533
HI Will


yes 2 way forest trust will be enabled, as above i mentioned if i want the NTFS Permission automatically changed from andychan to achan after i migrate the domain user, computer & SID, am i correct ?


Keith
0
 

Author Comment

by:piaakit
ID: 40658952
my plan now is to move the LUN from the current domain controller to one of the member server in the current domain, and then trust the new domain, I think the ntfs permission will still remain in the member server
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40658993
I think the ntfs permission will still remain in the member server
That is correct. However, if you have any shares on this LUN you will need to re-create them. Shares are tied to the machine itself and this info is stored in the registry.

Will.
0
 

Author Comment

by:piaakit
ID: 40660173
luckly i only have shared permission created on the root folders, all the sub-folders are the NTFS Permission
0
 

Author Comment

by:piaakit
ID: 40661171
before using the migration tool, do I need to do anything on the client computer ? such as below ?

1.      add target domain administrator account in local admin group
2.      add new server’s dns ip address on client computer
3.      check window firewall, make sure Upnp and enable
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question