Sign in with
Sign up | Sign in
Your question

Preserving permissions in a cross-forest move

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
June 27, 2005 12:59:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I am trying to move file server data from our current W2K mixed-mode
environment to a completely new forest/domain running Windows 2003. I
have setup domain trusts and tried using the latest version of the
Microsoft File Server Migration Toolkit to copy the data. Although the
data copies successfully, the permissions don't seem to carry over.
When I look at the security of some folders after the copy, the only
permissions it has are the Administrator. Before I ran the copy, I
manually created new AD accounts in the new environment that matched
the names of the accounts in the old environment. Is there some way I
can do this cross-forest copy and still maintain my permissions even
though the users on the target server are members of a different domain?
June 28, 2005 5:00:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I understand what you're saying and will look into using that tool.
Thanks very much for the reply.

Robert
Anonymous
a b 8 Security
June 28, 2005 6:53:30 PM

Archived from groups: microsoft.public.win2000.security (More info?)

<rlooney@cg.state.sc.us> wrote in message
news:1119887962.311766.201470@g49g2000cwa.googlegroups.com...
> I am trying to move file server data from our current W2K mixed-mode
> environment to a completely new forest/domain running Windows 2003. I
> have setup domain trusts and tried using the latest version of the
> Microsoft File Server Migration Toolkit to copy the data. Although the
> data copies successfully, the permissions don't seem to carry over.

No, they will not "carry over" since everyone will get a new SID
in the new domain there is no trivial way to do that.

Probably your best bet is SubInACL.exe to change the user/groups
to the new sids of the (new) users groups.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> When I look at the security of some folders after the copy, the only
> permissions it has are the Administrator. Before I ran the copy, I
> manually created new AD accounts in the new environment that matched
> the names of the accounts in the old environment. Is there some way I
> can do this cross-forest copy and still maintain my permissions even
> though the users on the target server are members of a different domain?
>
!