Remove From My Forums

Migration from one domain to another- Permission questions.

Question
0

Sign in to vote

Hello all,

I'm planning on migrating 100 users from domain abc to domain xyz. Both domains have a two way forrest trust. I have a file server on abc with AD premissions of the users in abc. For example test@abc.com has permssions to a folder called marketing. When I migrate the user over to xyz the user will be called test@xyz.com. When I migrate the user it will have have an attribute called SIDhistory so the user in theory with have two sids.

Once the user has been migrated with the user still have permission to the marketing folder? If so, once I decom the abc domain will it still have access. I'm thinking once I migrate the file server over to yxz domain I will have to redo all the permissions on all the folders which will be a lot of work.

Any help would be great.

Thursday, August 23, 2012 11:32 PM

Answers

0

Sign in to vote
Hello,

I suggest you refer this thread for domain Migration:http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6de907ea-a4df-4179-8696-c345d1b02fa3/

Anyways, A useful guide for your information:Configuring the Source and Target Domains for SID History Migration:http://technet.microsoft.com/en-us/library/cc974410(v=ws.10)
Regards, Ravikumar P
- Proposed as answer by Andy Qi Friday, August 24, 2012 9:28 AM
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Friday, August 24, 2012 2:14 AM
0

Sign in to vote
Hello,

ADMT is the (free) way to go for the domain http://msmvps.com/blogs/mweber/archive/2010/03/25/migrating-active-directory-to-a-new-forest.aspx and using SIDhistory. This requires some testing and learning BEFORE using ADMT on the production domain.

Quest Migration tool(not free) is another option to use.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Andy Qi Friday, August 24, 2012 9:29 AM
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Friday, August 24, 2012 9:22 AM
0

Sign in to vote
Hi

ADMT tool is very good way to move users from one domain to another

Current version of tool is 3.2 and you can download it from MIcrosoft official page http://www.microsoft.com/en-us/download/details.aspx?id=8377

You will also need guid. You can dowload guide from here http://www.microsoft.com/en-us/download/details.aspx?id=19188

Basically you must to:

1. Set up two way trusts

2. Set up DNS

3. Set up security

then you can move AD objects (in this order)

4. Moving OU-s

5. Moving groups

6. Moving computers

7. Moving users

If you need you can move SID (I had this need, for my domain migration)

But more, and much detailed you can find in guide
Best regards
Dubravko Marak
MCP
Blog: Windows Server Administration
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Please VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Saturday, August 25, 2012 7:24 PM

All replies

0

Sign in to vote
Hello,

I suggest you refer this thread for domain Migration:http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/6de907ea-a4df-4179-8696-c345d1b02fa3/

Anyways, A useful guide for your information:Configuring the Source and Target Domains for SID History Migration:http://technet.microsoft.com/en-us/library/cc974410(v=ws.10)
Regards, Ravikumar P
- Proposed as answer by Andy Qi Friday, August 24, 2012 9:28 AM
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Friday, August 24, 2012 2:14 AM
0

Sign in to vote
Hello,

ADMT is the (free) way to go for the domain http://msmvps.com/blogs/mweber/archive/2010/03/25/migrating-active-directory-to-a-new-forest.aspx and using SIDhistory. This requires some testing and learning BEFORE using ADMT on the production domain.

Quest Migration tool(not free) is another option to use.
Best regards

Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/

Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Andy Qi Friday, August 24, 2012 9:29 AM
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Friday, August 24, 2012 9:22 AM
0

Sign in to vote
Hi

ADMT tool is very good way to move users from one domain to another

Current version of tool is 3.2 and you can download it from MIcrosoft official page http://www.microsoft.com/en-us/download/details.aspx?id=8377

You will also need guid. You can dowload guide from here http://www.microsoft.com/en-us/download/details.aspx?id=19188

Basically you must to:

1. Set up two way trusts

2. Set up DNS

3. Set up security

then you can move AD objects (in this order)

4. Moving OU-s

5. Moving groups

6. Moving computers

7. Moving users

If you need you can move SID (I had this need, for my domain migration)

But more, and much detailed you can find in guide
Best regards
Dubravko Marak
MCP
Blog: Windows Server Administration
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Please VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Thursday, August 30, 2012 6:43 AM
Saturday, August 25, 2012 7:24 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Migration from one domain to another- Permission questions.

Question

Answers

All replies