Preserving permissions in a cross-forest move

Archived from groups: microsoft.public.win2000.security (More info?)

I am trying to move file server data from our current W2K mixed-mode
environment to a completely new forest/domain running Windows 2003. I
have setup domain trusts and tried using the latest version of the
Microsoft File Server Migration Toolkit to copy the data. Although the
data copies successfully, the permissions don't seem to carry over.
When I look at the security of some folders after the copy, the only
permissions it has are the Administrator. Before I ran the copy, I
manually created new AD accounts in the new environment that matched
the names of the accounts in the old environment. Is there some way I
can do this cross-forest copy and still maintain my permissions even
though the users on the target server are members of a different domain?
2 answers Last reply
More about preserving permissions cross forest move
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I understand what you're saying and will look into using that tool.
    Thanks very much for the reply.

    Robert
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    <rlooney@cg.state.sc.us> wrote in message
    news:1119887962.311766.201470@g49g2000cwa.googlegroups.com...
    > I am trying to move file server data from our current W2K mixed-mode
    > environment to a completely new forest/domain running Windows 2003. I
    > have setup domain trusts and tried using the latest version of the
    > Microsoft File Server Migration Toolkit to copy the data. Although the
    > data copies successfully, the permissions don't seem to carry over.

    No, they will not "carry over" since everyone will get a new SID
    in the new domain there is no trivial way to do that.

    Probably your best bet is SubInACL.exe to change the user/groups
    to the new sids of the (new) users groups.


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]

    > When I look at the security of some folders after the copy, the only
    > permissions it has are the Administrator. Before I ran the copy, I
    > manually created new AD accounts in the new environment that matched
    > the names of the accounts in the old environment. Is there some way I
    > can do this cross-forest copy and still maintain my permissions even
    > though the users on the target server are members of a different domain?
    >
Ask a new question

Read More

Domain Permissions File Server Security Microsoft Windows