none
File server W2k3 migration to W2k8R2 in a new domain without trusts

    Question

  • Hi,

    I have a W2k3 File services server with 2TB of data and a lot of share and folders stationed in oldness.com domain. Also, a new domain has been setup (lets call it qwerty.com) with W2k8 functionality level. The new file services server is W2K8. 

    There is no trust between the two domains. There is a 100Mbit management connection (two domains are stationed in separate locations).

    New GS & LS groups need to be added to the new domain. In the old domain, local security groups are not used. I know how robocopy works, but I need a efficient way to set permissions to shares and folders in qwerty.com.

    There are all new users and groups in the new domain. 

    Folder structure will be stay the same. 

     

    So, after the destination server is fully configured. All the folders are copied. What is the best way to set all the permissions without going true all the folders by hand.

     

    Wednesday, October 05, 2011 5:02 PM

Answers

All replies

  • If you concern is only with assigning the permission, you can use a script or xcals

    http://support.microsoft.com/kb/825751

    http://technet.microsoft.com/en-us/library/cc728458(WS.10).aspx


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
    Blogs - http://blogs.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Meinolf WeberMVP Wednesday, October 05, 2011 8:44 PM
    • Marked as answer by Bruce-Liu Tuesday, October 11, 2011 8:02 AM
    Wednesday, October 05, 2011 6:28 PM
  • You can also use fileacl to export permission in a text file and later import it.

    http://www.gbordier.com/gbtools/fileacl.asp

    http://www.gbordier.com/gbtools/fileacl29.htm

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/d0403d5c-d648-47e9-bd11-7ccd7ee9cf16/

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Thursday, October 06, 2011 7:24 AM
  • BinaryTree offers the SMART Active Directory Migration Suite that allows AD migration with or without trust relationship being in place and the SMART Windows Server Migrator.

    http://www.binarytree.com

    The SMART Windows Server Migrator allows moving data, files, folders, shares, NTFS permissions, local user and local groups from server to server or converting local accounts to domain accounts and maintaining NTFS and Share permissions.

    The software approach does not rely on sIDHistory alone. If a trust can not be established the software console is installed in both the source and target domains and actions are performed in the required domain independently of each domain.

    Once the collection of AD accounts (users, groups workstations and servers) and the recreation of accounts in the target domain  is complete, the source domain workstations and servers are re-ACLed to support the newly created accounts of the target domain.

    The unique quality of the SMART Active Directory Migration Suite is the ability reset (overide DHCP) DNS server and DNS Suffix list order to reflect that of the destination domain. Once this is accomplished, thecomputers can be remotely migrated into the new domain.

    At this point the workstations and servers are migrated to the target domain, the users log in to their workstations and maintain their profiles, settings and retain access to resources on servers.


    Microsoft Enterprise Solution Group

    Friday, June 21, 2013 6:31 PM
  • BinaryTree offers the SMART Active Directory Migration Suite that allows AD migration with or without trust relationship being in place and the SMART Windows Server Migrator.

    http://www.binarytree.com

    The SMART Windows Server Migrator allows moving data, files, folders, shares, NTFS permissions, local user and local groups from server to server or converting local accounts to domain accounts and maintaining NTFS and Share permissions.

    The software approach does not rely on sIDHistory alone. If a trust can not be established the software console is installed in both the source and target domains and actions are performed in the required domain independently of each domain.

    Once the collection of AD accounts (users, groups workstations and servers) and the recreation of accounts in the target domain  is complete, the source domain workstations and servers are re-ACLed to support the newly created accounts of the target domain.

    The unique quality of the SMART Active Directory Migration Suite is the ability reset (overide DHCP) DNS server and DNS Suffix list order to reflect that of the destination domain. Once this is accomplished, thecomputers can be remotely migrated into the new domain.

    At this point the workstations and servers are migrated to the target domain, the users log in to their workstations and maintain their profiles, settings and retain access to resources on servers.


    Microsoft Enterprise Solution Group

    Friday, June 21, 2013 6:32 PM