locked
Migration of files/folder from one domain to another domain RRS feed

  • Question

  • Hi

    We having 2 different domans without any trust relationship.

    In this senerio how to migrate files/folders (Without loosing any permissions) from one domain (2003) to another domain (2008 R2)?

    After migration i don't want to manually assing permissions to all files/folders.

    Is it possible?

    Thursday, February 16, 2012 9:46 AM

Answers

  • >>>>(Without loosing any permissions)

    What are you trying to accomplish?  You have 2 separate domains.  Permission will be different.  What permission are you trying to
    retain?  Are you planning to perform a
    user and group migration?  If so, please
    provide more information.



    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Thursday, February 16, 2012 3:17 PM
  • Hello,

    with 2 forests you cannnot use the permissios from the foreign domain on the new one. You have to use the SIDhistory and so the new forests user accoutns get the SID from the other forest also, that way you can have the permissions applied.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Friday, February 17, 2012 7:11 AM
  • Since, its a inter-forest migration, you need to be dependent on the migration tool to migrate permission from one forest to another. Also, performing migration is not as simple as it looks on documents, you need to perform testing in a lab to measure the behavior before you could implement in production. If you plan to use ADMT tool, ADMT guide is the first source of information.

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Friday, February 17, 2012 8:19 AM
  • Hi,

    If AD users and groups are not migrated to the new domain, which means the 2 domains have different users/groups, you may not able to migrate file with permission. Even user/group names are the same as the original domain, the SIDs are different, so the migrated permission will not be recognized in new domain. So we need to use ADMT perform the security translation, which can translate user account SID from domain1 to domain2.

    For more information on how to us ADMT, please refer to:

    ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188

    Active Directory Migration Tool version 3.1
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17918


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:43 AM
    Monday, February 20, 2012 3:16 AM

All replies

  • Hello,

    wtihout any trust, none that i am aware of. How should the any other domain resolve the NTFS permissions for not existing account SIDs?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 16, 2012 9:56 AM
  • You can use ADMT tool(the min prerequisite for ADMT is one way trust) where as Quest can perform migration w/o trust but you can't migrate SIDHistory used to retain the permission post migration. You need to use one of the tool to perform migration either ADMT or Quest, if you don't want to reassign permission manually. You can move the file server from one domain to another but you need to perform security translation.

    For starter, i would read ADMT guide first, if i plan to use ADMT tool.

    http://awinish.wordpress.com/tag/admt/

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, February 16, 2012 10:14 AM
  • >>>>(Without loosing any permissions)

    What are you trying to accomplish?  You have 2 separate domains.  Permission will be different.  What permission are you trying to
    retain?  Are you planning to perform a
    user and group migration?  If so, please
    provide more information.



    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Thursday, February 16, 2012 3:17 PM
  • Hi ,

    Just in simpleway having trust relationship between 2 domains.

    I am planning to move all files/floders from file server (DomainA) to another files server (DomainB), In this case what is the procedure, after moving the files/folders should retain the same permission as in Domain A)

    Friday, February 17, 2012 3:16 AM
  • Hello,

    with 2 forests you cannnot use the permissios from the foreign domain on the new one. You have to use the SIDhistory and so the new forests user accoutns get the SID from the other forest also, that way you can have the permissions applied.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Friday, February 17, 2012 7:11 AM
  • Since, its a inter-forest migration, you need to be dependent on the migration tool to migrate permission from one forest to another. Also, performing migration is not as simple as it looks on documents, you need to perform testing in a lab to measure the behavior before you could implement in production. If you plan to use ADMT tool, ADMT guide is the first source of information.

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Aiden_Cao Monday, February 20, 2012 3:09 AM
    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:42 AM
    Friday, February 17, 2012 8:19 AM
  • Hi,

    If AD users and groups are not migrated to the new domain, which means the 2 domains have different users/groups, you may not able to migrate file with permission. Even user/group names are the same as the original domain, the SIDs are different, so the migrated permission will not be recognized in new domain. So we need to use ADMT perform the security translation, which can translate user account SID from domain1 to domain2.

    For more information on how to us ADMT, please refer to:

    ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188

    Active Directory Migration Tool version 3.1
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17918


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by Aiden_Cao Monday, February 27, 2012 1:43 AM
    Monday, February 20, 2012 3:16 AM