Remove From My Forums

How to reACL files and folders with new domain usernames and groups using SIDhistory

Question
0

Sign in to vote

Is there a process, script, tool, etc to reACL folders and files with a users new migrated domain account using SIDhistory? For examply, UserA has a home folder with domainA's username and permissions. UserA was migrated with SIDhistory to domainB and can still access his/her home folder via SIDhistory but I need to replace or add the home folder permissions with UserA's new domainB username.

We cannot use ADMT to translate permissions as the server storing the data is not a Windows server but runs CIFS and handles basic NTFS permissions. I need another process like a script to parse each folder/file and update the permissions of those folders and files with the matching user/group in domainB

What is not explicitly allowed should be implicitly denied

Tuesday, April 30, 2013 4:31 PM

Answers

0

Sign in to vote
Hi Brian,

Thanks for the post.

Based on my research, please check if this article could help you.

To translate security on member servers by using a script

http://technet.microsoft.com/en-us/library/cc974389%28v=ws.10%29.aspx

Hope this helps.

Jeremy Wu
TechNet Community Support
- Marked as answer by Jeremy_Wu Tuesday, May 7, 2013 2:24 AM
Friday, May 3, 2013 5:49 AM

All replies

0

Sign in to vote
Hi Brian,

Thanks for the post.

Based on my research, please check if this article could help you.

To translate security on member servers by using a script

http://technet.microsoft.com/en-us/library/cc974389%28v=ws.10%29.aspx

Hope this helps.

Jeremy Wu
TechNet Community Support
- Marked as answer by Jeremy_Wu Tuesday, May 7, 2013 2:24 AM
Friday, May 3, 2013 5:49 AM
0

Sign in to vote

Hi Brian,

I would like to check if you need further assistance.

Thanks.

Jeremy Wu
TechNet Community Support

Sunday, May 5, 2013 7:14 AM
0

Sign in to vote

No, like I said, I can't use ADMT because our file server is CIFS running on NetApp. All CIFS contains is the ACL and SID. I've tried using subinacl with no luck. It runs fine using the changedomain option but nothing changes on the folders or files.
What is not explicitly allowed should be implicitly denied

Tuesday, May 21, 2013 7:49 PM
0

Sign in to vote

Hello,

You can using SetACL.exe. It is free tool and created by Helge Klein a great German MVP guy.

Here is article:

HowTo: ReACLing a File Server in a Domain Migration with SetACL 3.0 (Helge Klein - MVP)

Here is other link:

Some Issues With Security Permissions

Regards

Wednesday, May 22, 2013 8:02 AM
0

Sign in to vote

His tool only works if the username did not change, in our case, the usernames changed during migration but the SID history remained intact.
What is not explicitly allowed should be implicitly denied

Monday, October 7, 2013 3:36 PM
0

Sign in to vote

His tool only works if the username did not change, in our case, the usernames changed during migration but the SID history remained intact.

What is not explicitly allowed should be implicitly denied

Hello,

This is not correct. Please read link again (Migration – the Flexible Way section). You can use CSV file.

HowTo: ReACLing a File Server in a Domain Migration with SetACL 3.0 (Helge Klein - MVP)

Regards

Tuesday, October 8, 2013 9:46 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

How to reACL files and folders with new domain usernames and groups using SIDhistory

Question

Answers

All replies