none
ADMT Migration share access

    Question

  • Going trough AD intra forest migration from 2008 to 2008.  Enabled two way forest trusts, disabled sid quarantine/enabled sid history and Migrated user SID's to the target domain using a test user.  The migration compltes fine and the user can access shares on the source domain controller but not on different file servers.  Is this by design and the file server must be migrated to the new target domain or is something wrong and the user should be able to access different file servers in the source domain without changing any file level permissions while logged on to the new target domain.  Thanks and pls advise!
    Wednesday, February 22, 2012 6:20 PM

Answers

All replies

  • Intra or Inter?

    >> The migration compltes fine and the user can access shares on the source domain controller but not on different file servers.  

    Did you migrate users with SID history?

    How did the permission configured on these file servers?  Is it using user account or groups?


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    Wednesday, February 22, 2012 6:38 PM
  • Thanks Santosh it was Inter and yes it was a share permission setup for domain users on the source domain.  After allowing the test user good to!  Have not seen documentation for moving the built in groups like domain users from source to target.  Is this possible and are there some resources/suggestions?  Thanks again!
    Wednesday, February 22, 2012 9:41 PM
  • As per my understanding you can't migrate built-in groups to another domain using ADMT tool due to same SID of the groups.ADMT is not capable to migrate built-in grouups.

    http://technet.microsoft.com/en-us/library/cc974332%28v=ws.10%29.aspx

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, February 23, 2012 11:01 AM
  • This is not true, if you migrate account with SID hostility they will retain the permission in the old domain post migration which is not restricted to the DC only. It might be some network connectivity issue or dns issue. Can you reach the file server using the migrated domain users system?

    As per my understanding you can't migrate built-in groups to another domain using ADMT tool due to same SID of the groups.ADMT is not capable to migrate built-in groups.

    http://technet.microsoft.com/en-us/library/cc974332%28v=ws.10%29.aspx

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, February 23, 2012 11:19 AM
  • >>> moving the built in groups like domain users from source to target. 

    You can’t move or migrate built-in groups.  If your permission is configured with built-in groups,  you need to manually change permission with a security group.


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    Thursday, February 23, 2012 3:26 PM
  • The following workaround is possible for handling built-in groups with ADMT and preserve permissions:
     
    ----------------------------------------------------------
    Regards
    Christoffer Andersson – Principal Advisor
    Enfo Zipper

    "Awinish" wrote in message news:776ae086-f846-4f22-b38d-98f9f0794b83...

    As per my understanding you can't migrate built-in groups to another domain using ADMT tool due to same SID of the groups.ADMT is not capable to migrate built-in grouups.

    http://technet.microsoft.com/en-us/library/cc974332%28v=ws.10%29.aspx

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    Enfo Zipper Christoffer Andersson – Principal Advisor
    Wednesday, February 29, 2012 10:15 AM
  • The following workaround is possible for handling built-in groups with ADMT and preserve permissions:
     
    ----------------------------------------------------------
    Regards
    Christoffer Andersson – Principal Advisor
    Enfo Zipper

    "Santhosh Sivarajan-" wrote in message news:5970fbb7-bf43-42f2-bce9-7de792a21bec...

    >>> moving the built in groups like domain users from source to target. 

    You can’t move or migrate built-in groups.  If your permission is configured with built-in groups,  you need to manually change permission with a security group.


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.


    Enfo Zipper Christoffer Andersson – Principal Advisor
    Wednesday, February 29, 2012 10:15 AM


  • That was a good work around Chris.  But would only work for Security Translation.  He won’t be able to migrate any bult-in
    objects

    moving the built in groups like domain users from source to target.”



    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    Wednesday, February 29, 2012 7:06 PM
  • This is an old thread.  Please create a new thread with your questions!

    Santhosh Sivarajan | Houston, TX

    Windows 2012 Book - Migrating from 2008 to Windows Server 2012

    http://www.sivarajan.com/
    FaceBookTwitter LinkedIn SS Tech Forum
    This post is provided ASIS with no warran

    Tuesday, October 22, 2013 2:26 PM