Replace specific AD security groups when migrating folders to a new server

We use folder and server specific AD security groups to manage access to our shared folders, and need to replace some of the groups as we are migrating them to a new server.

The folder specific groupss are ServerA-dir-folder-rw, serverA-dir-folder-ro
The server specific groups is ServerA-dir-rw, ServerA-dir-ro

We need to rename the folder groups to ServerB-dir-folder-rw, serverB-dir-folder-ro - whch attributes should we rename - cn,name,samaccountname,etc?

We need tor replace the server specific groups with ServerB-dir-rw, ServerB-dir-ro - we cannot rename those, as they are still in use on Server A. How do I replace these?
The issue is we have a lot of blocked inheritance down the folder structure, so we cant just replace them at the top level.

Thank you!

PowershellWindows Server 2012Windows OSWindows Server 2008Active Directory

Last Comment

rookie_b

8/22/2022 - Mon

Alex

1/15/2020

renaming the group shouldn't cause any issues since it'll be referenced by either a SID or GUID. I think it's a SID for AD groups, essentially renaming the group shouldn't impact and it should automatically update the name of the group on the file server when it references it again.

If it were me, I'd create a group, assign it to a folder, rename it to confirm it still works as expected and then do your live groups.

Regards
Alex

rookie_b

1/15/2020

ASKER

Hi Alex,

Thanks for the quick response. I suppose I can test that, and see which attributes get renamed and which don't, and see if I can then set any remaining ones manually.

Any ideas on how to replace the groups that cannot be renamed as they are still in use on the other server? Basically something that can scan the directory, find a specific group and replace it with its counterpart. As I said, there is a lot of blocked inheritance, so we can't just do it at the top level folder.

SOLUTION

Mahesh

1/15/2020

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

Alex

1/15/2020

Any ideas on how to replace the groups that cannot be renamed as they are still in use

You're not understanding, if you test it with a new group, verify it still works, it makes zero difference whether they are in use or not due to the fact the SID will be dealing with the communication. You can rename a live group without impacting.

Regards
Alex

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!

James Murphy

rookie_b

1/15/2020

ASKER

I have done some testing. Using powershell:

Rename-ADObject -identity "cn=ServerA_folder_rw......" -newname "Server_B_folder_rw"

The only issue I came across is it did not change the SamAccountName. I changed the SamAccountName manually in ADUC. The SID and ObjectGUID were not affected.

Is there a reason for the SamAccount name not changing initially?

ASKER CERTIFIED SOLUTION

Alex

1/15/2020

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

⚡ FREE TRIAL OFFER

Try out a week of full access for free.

Find out why thousands trust the EE community with their toughest problems.

rookie_b

1/15/2020

ASKER

Thank you. I think the renaming part is clear. I will spilt the replacement part to a new question. The reason why we can't rename the server specific groups is they are still needed with their old names on the old server. The folder specific groups we will rename, as the entire folder is moving and will no longer exist on the old server. Thank you so much for helping with this!