locked
File server migration - cross forest, keeping messed permissions intact RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

     I've got a task to move a file server (file1) from one domain with 2 x 2003 DCs to a newer domain with 4 x 2012 DCs (both forests are at 2003 functional levels). There's a 2 way trust in place.

    Most users and computers have been migrated years ago from the old domain to the new domain. File1 has several shares and provides access for around 100 users, but the share permissions are a mess:

    - File1 is used by accounts in both domains.

    - File1 permissions are set mostly using groups, but there are some explicit user accounts set.

    - Block inheritance and custom permissions have been set on some folders.

    My task is to migrate the file server and still provide share access to accounts in both domains, what's the best way of doing this?

    Thanks

     

    IT Support/Everything

    Thursday, June 18, 2020 11:48 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,

    Thank you for posting in our TechNet forum.

    As far as I know, firstly we need to use ADMT perform the security translation, which can translate user account SID from domain1 to domain2. 

    For more information, we could refer to: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b9ac234a-c58d-4b77-85a2-a9b3f0794347/migration-of-filesfolder-from-one-domain-to-another-domain

    Then we could migrate file shares&file server using Robocopy with NTFS permissions,

    More information about Robocopy, we could refer to:
    https://technet.microsoft.com/en-us/library/cc733145.aspx

    Robocopy will assure you that NTFS permissions will be the same. Sharing permissions are part of the registry. In my experience, robocopy will not successfully copy shares. You need to manually recreate the share.

    For sharing permissions, you only need to share the folder again and grant full control permissions to everyone. In this way, once the user tries to access the share remotely, NTFS and share permissions will be merged and the set NTFS permissions will be applied.

    You can refer to the links:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/861ff1cd-8ce7-4798-8316-0775d1389c74/cross-forest-file-server-migration?forum=winserverfiles

    https://www.experts-exchange.com/questions/28995105/Robocopy-Doesn't-Retain-Shared-Folders-After-Copying.html

    For any question, please feel free to contact us.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 19, 2020 5:40 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,

    Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?

    Thank you so much for your time and support.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 22, 2020 3:15 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

     The links you mentioned imply that there are 2 file servers involved - a source and target. I'm moving the same file server from one domain to another, so I don't think Robocopy or the FSMT is applicable. Please can you advise?

    IT Support/Everything

    Monday, June 22, 2020 3:30 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,

    Thank you so much for your kindly reply.

    According to our description, below is my understanding: 

    We have Domain A and Domain B, which are two way trusted. Now we are planing to migrate the file server in Domain A to Domain B. After the migration, there will be no file server in Domain A. This is what we said the same file server from one domain to another. 

    If anything I misunderstand, please don’t hesitate to let me know.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 23, 2020 8:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Hannah,

     Yes, that's correct.

    IT Support/Everything

    Thursday, June 25, 2020 10:34 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,

    Thank you so much for your feedback.

    Based on my understanding, if so, we could delete the file server in Domain A after migration. 

    Thanks again and have a nice day.


    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 29, 2020 8:53 AM