| Author |
Message |
Can anyonehelp
Guest
|
 Posted:
Mon Sep 12, 2005 12:52 pm Post subject:
Apending ACL in file mirgration between forests |
|
|
this may be a simple Quetion, have looked at MS Files Server Mirgration tool
and it looks like it will do most of the thing required ( need to test it out
) but I also need to duplicate the group in ACl
For exapmle if I have three gropud call:
Domain1\usergroup1 - full right
Domain1\usergroup1 - read only
I need to keep these in tack and add:
Domain2\usergroup1 - full right
Domain2\usergroup1 - read only
so as user are mirgated to the new domain they will stbe able to access the
file regless to what domain they log on via
Plus ie their away to delete groups in ACL when we turn off the old domain
this could be seval months |
|
| Back to top |
|
 |
Ken Zhao [MSFT]
Guest
|
| Posted:
Mon Sep 12, 2005 12:52 pm Post subject:
RE: Apending ACL in file mirgration between forests |
|
|
Hello,
Thank you for using newsgroup!
In fact, you can use FSMT to migrate data from a file server in one domain
to a file server in another domain in the same forest. You can also migrate
data from a file server in one forest to a file server in another forest if
cross-forest trusts are in place so that you can be a member of the local
Administrators group on the source and target file servers. For more
detailed FAQs about FSMT, please refer to:
File Server Migration Toolkit Requirements and Compatibility: Frequently
Asked Questions
<http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
s.mspx>
Meanwhile, you need to migrate user rights from old domain to the new
domain by using the Computer Account Migration Wizard in Active Directory
Migration Tool (ADMT console). For related information, please refer to:
Migration of Workstations and Member Servers
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx>
More related information:
=============
Establishing Migration Accounts for Your Migration
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx>
Users cannot write to a shared folder after migration to Windows Server 2003
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx>
326480: How to use Active Directory Migration Tool version 2 to migrate
from Windows 2000 to Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
Hope the information helps!
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroup Web Interface Upgrade
Please complete a one-time registration process on your first visit to the
Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
code mspp2005 when prompted. This secure code will be valid for 6 months
after which you will need to update your registration by entering the new
secure code. We will post announcements in the newsgroups prior to
expiration. Once you have entered the secure code mspp2005 , you will be
able to update your profile and access the the partner newsgroups. Please
update your Favorites link to the newsgroups web page, your current link
will redirect until November 1, 2005.
Please post any comment, questions or concerns to the
microsoft.private.directaccess.partnerfeedback newsgroup. For more
information, please go to:
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
4662
--------------------
| Thread-Topic: Apending ACL in file mirgration between forests
| thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
| X-WBNR-Posting-Host: 212.113.21.170
| From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
@discussions.microsoft.com>
| Subject: Apending ACL in file mirgration between forests
| Date: Mon, 12 Sep 2005 02:07:01 -0700
| Lines: 21
| Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11924
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| this may be a simple Quetion, have looked at MS Files Server Mirgration
tool
| and it looks like it will do most of the thing required ( need to test it
out
| ) but I also need to duplicate the group in ACl
|
| For exapmle if I have three gropud call:
| Domain1\usergroup1 - full right
| Domain1\usergroup1 - read only
|
| I need to keep these in tack and add:
| Domain2\usergroup1 - full right
| Domain2\usergroup1 - read only
|
| so as user are mirgated to the new domain they will stbe able to access
the
| file regless to what domain they log on via
|
|
| Plus ie their away to delete groups in ACL when we turn off the old
domain
|
| this could be seval months
|
|
| |
|
| Back to top |
|
|
Can anyonehelp
Guest
|
| Posted:
Tue Sep 13, 2005 4:52 pm Post subject:
RE: Apending ACL in file mirgration between forests |
|
|
Thank you
but can you add some more details
isit possible to amend the ACL to have the same group with both in orginal
and target domain tag
Gary
"Ken Zhao [MSFT]" wrote:
| Quote: | Hello,
Thank you for using newsgroup!
In fact, you can use FSMT to migrate data from a file server in one domain
to a file server in another domain in the same forest. You can also migrate
data from a file server in one forest to a file server in another forest if
cross-forest trusts are in place so that you can be a member of the local
Administrators group on the source and target file servers. For more
detailed FAQs about FSMT, please refer to:
File Server Migration Toolkit Requirements and Compatibility: Frequently
Asked Questions
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
s.mspx
Meanwhile, you need to migrate user rights from old domain to the new
domain by using the Computer Account Migration Wizard in Active Directory
Migration Tool (ADMT console). For related information, please refer to:
Migration of Workstations and Member Servers
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx
More related information:
=============
Establishing Migration Accounts for Your Migration
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx
Users cannot write to a shared folder after migration to Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx
326480: How to use Active Directory Migration Tool version 2 to migrate
from Windows 2000 to Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
Hope the information helps!
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroup Web Interface Upgrade
Please complete a one-time registration process on your first visit to the
Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
code mspp2005 when prompted. This secure code will be valid for 6 months
after which you will need to update your registration by entering the new
secure code. We will post announcements in the newsgroups prior to
expiration. Once you have entered the secure code mspp2005 , you will be
able to update your profile and access the the partner newsgroups. Please
update your Favorites link to the newsgroups web page, your current link
will redirect until November 1, 2005.
Please post any comment, questions or concerns to the
microsoft.private.directaccess.partnerfeedback newsgroup. For more
information, please go to:
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
4662
--------------------
| Thread-Topic: Apending ACL in file mirgration between forests
| thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
| X-WBNR-Posting-Host: 212.113.21.170
| From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
@discussions.microsoft.com
| Subject: Apending ACL in file mirgration between forests
| Date: Mon, 12 Sep 2005 02:07:01 -0700
| Lines: 21
| Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11924
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| this may be a simple Quetion, have looked at MS Files Server Mirgration
tool
| and it looks like it will do most of the thing required ( need to test it
out
| ) but I also need to duplicate the group in ACl
|
| For exapmle if I have three gropud call:
| Domain1\usergroup1 - full right
| Domain1\usergroup1 - read only
|
| I need to keep these in tack and add:
| Domain2\usergroup1 - full right
| Domain2\usergroup1 - read only
|
| so as user are mirgated to the new domain they will stbe able to access
the
| file regless to what domain they log on via
|
|
| Plus ie their away to delete groups in ACL when we turn off the old
domain
|
| this could be seval months
|
|
|
|
|
|
| Back to top |
|
|
Ken Zhao [MSFT]
Guest
|
| Posted:
Wed Sep 14, 2005 8:52 am Post subject:
RE: Apending ACL in file mirgration between forests |
|
|
Hello Gary,
I notice Vincent Xu has replied the similar question on another thread.
Based on our research, only the FSMT may not achieve your purpose. Because
it can only keep the same ACL. We need to migrate the file server as a
member server by using ADMT->computer migration or security migration.
Translate security on servers to add the SIDs of the user and group
accounts in the target domain to the ACLs of the resources. After objects
are migrated to the target domain, the objects contain the ACL entries from
both the source and the target domains.
You can translate security in add mode on objects by using the ADMT
console, by using the ADMT command-line option, or by using a script.
1. On the domain controller in the target domain on which you installed
ADMT, log on by using the ADMT account migration account.
2. Open the Active Directory Migration Tool, and then select Security
Translation Wizard.
3. Complete the Security Translation Wizard.
For more detailed information, please refer to the following article:
Translating Security in Add Mode
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/a421ccd9-1775-4cc6-8f62-18e4e9845887.mspx>
Hope that helps!
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroup Web Interface Upgrade
Please complete a one-time registration process on your first visit to the
Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
code mspp2005 when prompted. This secure code will be valid for 6 months
after which you will need to update your registration by entering the new
secure code. We will post announcements in the newsgroups prior to
expiration. Once you have entered the secure code mspp2005 , you will be
able to update your profile and access the the partner newsgroups. Please
update your Favorites link to the newsgroups web page, your current link
will redirect until November 1, 2005.
Please post any comment, questions or concerns to the
microsoft.private.directaccess.partnerfeedback newsgroup. For more
information, please go to:
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
4662
--------------------
| Thread-Topic: Apending ACL in file mirgration between forests
| thread-index: AcW4ZpBnFGD82902SU2eaiyHt3oGOQ==
| X-WBNR-Posting-Host: 212.113.21.170
| From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?="
<Cananyonehelp@discussions.microsoft.com>
| References: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
<RMXSJd4tFHA.780@TK2MSFTNGXA01.phx.gbl>
| Subject: RE: Apending ACL in file mirgration between forests
| Date: Tue, 13 Sep 2005 06:25:09 -0700
| Lines: 136
| Message-ID: <7CEC4BAB-C86E-40CD-A46C-5A499FAADD64@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11942
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Thank you
|
| but can you add some more details
|
| isit possible to amend the ACL to have the same group with both in
orginal
| and target domain tag
|
| Gary
|
| "Ken Zhao [MSFT]" wrote:
|
| > Hello,
| >
| > Thank you for using newsgroup!
| >
| > In fact, you can use FSMT to migrate data from a file server in one
domain
| > to a file server in another domain in the same forest. You can also
migrate
| > data from a file server in one forest to a file server in another
forest if
| > cross-forest trusts are in place so that you can be a member of the
local
| > Administrators group on the source and target file servers. For more
| > detailed FAQs about FSMT, please refer to:
| >
| > File Server Migration Toolkit Requirements and Compatibility:
Frequently
| > Asked Questions
| >
<http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
| > s.mspx>
| >
| > Meanwhile, you need to migrate user rights from old domain to the new
| > domain by using the Computer Account Migration Wizard in Active
Directory
| > Migration Tool (ADMT console). For related information, please refer to:
| >
| > Migration of Workstations and Member Servers
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx>
| >
| > More related information:
| > =============
| > Establishing Migration Accounts for Your Migration
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx>
| >
| > Users cannot write to a shared folder after migration to Windows Server
2003
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
| > ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx>
| >
| > 326480: How to use Active Directory Migration Tool version 2 to migrate
| > from Windows 2000 to Windows Server 2003
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
| >
| > Hope the information helps!
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > Newsgroup Web Interface Upgrade
| > Please complete a one-time registration process on your first visit to
the
| > Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the
secure
| > code mspp2005 when prompted. This secure code will be valid for 6
months
| > after which you will need to update your registration by entering the
new
| > secure code. We will post announcements in the newsgroups prior to
| > expiration. Once you have entered the secure code mspp2005 , you will
be
| > able to update your profile and access the the partner newsgroups.
Please
| > update your Favorites link to the newsgroups web page, your current
link
| > will redirect until November 1, 2005.
| > Please post any comment, questions or concerns to the
| > microsoft.private.directaccess.partnerfeedback newsgroup. For more
| > information, please go to:
| >
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
| > 4662
| >
| >
| > --------------------
| > | Thread-Topic: Apending ACL in file mirgration between forests
| > | thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
| > | X-WBNR-Posting-Host: 212.113.21.170
| > | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
| > @discussions.microsoft.com>
| > | Subject: Apending ACL in file mirgration between forests
| > | Date: Mon, 12 Sep 2005 02:07:01 -0700
| > | Lines: 21
| > | Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.migration:11924
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | this may be a simple Quetion, have looked at MS Files Server
Mirgration
| > tool
| > | and it looks like it will do most of the thing required ( need to
test it
| > out
| > | ) but I also need to duplicate the group in ACl
| > |
| > | For exapmle if I have three gropud call:
| > | Domain1\usergroup1 - full right
| > | Domain1\usergroup1 - read only
| > |
| > | I need to keep these in tack and add:
| > | Domain2\usergroup1 - full right
| > | Domain2\usergroup1 - read only
| > |
| > | so as user are mirgated to the new domain they will stbe able to
access
| > the
| > | file regless to what domain they log on via
| > |
| > |
| > | Plus ie their away to delete groups in ACL when we turn off the old
| > domain
| > |
| > | this could be seval months
| > |
| > |
| > |
| >
| >
| |
|
| Back to top |
|
|
Can anyonehelp
Guest
|
| Posted:
Wed Sep 14, 2005 4:52 pm Post subject:
RE: Apending ACL in file mirgration between forests |
|
|
Yes and NO
yes as it gives me answer just not the one I was looking for
and after think out of the box have come up with the following (just start
to builda test bench to test out the logic) using ideas you and other from
this most help full site
build server on current domian forest
set up DFS to allow me to replicat files and rights to new server
run amdt to add the extra right (this give me a easy roll back)
FSMT the new file and and permision to new forest SAN
I think gives me an on line roll back along with a one hit mirgration of
five servers and about 2TB of data
if you think this is a bad / not so cool way please give me addtional advise
but just to recap
This is the first time I have used the site and aprt from the fact I missed
used the site at first tring to get my question across I think the answer you
gave where very good just did not want to here a negitive in that way
my main aim is to keep the current servers untouched for a simple and as low
of risk roll back as possible
rgds
cananyonehelp
"Ken Zhao [MSFT]" wrote:
| Quote: | Hello Gary,
I notice Vincent Xu has replied the similar question on another thread.
Based on our research, only the FSMT may not achieve your purpose. Because
it can only keep the same ACL. We need to migrate the file server as a
member server by using ADMT->computer migration or security migration.
Translate security on servers to add the SIDs of the user and group
accounts in the target domain to the ACLs of the resources. After objects
are migrated to the target domain, the objects contain the ACL entries from
both the source and the target domains.
You can translate security in add mode on objects by using the ADMT
console, by using the ADMT command-line option, or by using a script.
1. On the domain controller in the target domain on which you installed
ADMT, log on by using the ADMT account migration account.
2. Open the Active Directory Migration Tool, and then select Security
Translation Wizard.
3. Complete the Security Translation Wizard.
For more detailed information, please refer to the following article:
Translating Security in Add Mode
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
it/a421ccd9-1775-4cc6-8f62-18e4e9845887.mspx
Hope that helps!
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroup Web Interface Upgrade
Please complete a one-time registration process on your first visit to the
Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
code mspp2005 when prompted. This secure code will be valid for 6 months
after which you will need to update your registration by entering the new
secure code. We will post announcements in the newsgroups prior to
expiration. Once you have entered the secure code mspp2005 , you will be
able to update your profile and access the the partner newsgroups. Please
update your Favorites link to the newsgroups web page, your current link
will redirect until November 1, 2005.
Please post any comment, questions or concerns to the
microsoft.private.directaccess.partnerfeedback newsgroup. For more
information, please go to:
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
4662
--------------------
| Thread-Topic: Apending ACL in file mirgration between forests
| thread-index: AcW4ZpBnFGD82902SU2eaiyHt3oGOQ==
| X-WBNR-Posting-Host: 212.113.21.170
| From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?="
Cananyonehelp@discussions.microsoft.com
| References: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com
RMXSJd4tFHA.780@TK2MSFTNGXA01.phx.gbl
| Subject: RE: Apending ACL in file mirgration between forests
| Date: Tue, 13 Sep 2005 06:25:09 -0700
| Lines: 136
| Message-ID: <7CEC4BAB-C86E-40CD-A46C-5A499FAADD64@microsoft.com
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11942
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Thank you
|
| but can you add some more details
|
| isit possible to amend the ACL to have the same group with both in
orginal
| and target domain tag
|
| Gary
|
| "Ken Zhao [MSFT]" wrote:
|
| > Hello,
|
| > Thank you for using newsgroup!
|
| > In fact, you can use FSMT to migrate data from a file server in one
domain
| > to a file server in another domain in the same forest. You can also
migrate
| > data from a file server in one forest to a file server in another
forest if
| > cross-forest trusts are in place so that you can be a member of the
local
| > Administrators group on the source and target file servers. For more
| > detailed FAQs about FSMT, please refer to:
|
| > File Server Migration Toolkit Requirements and Compatibility:
Frequently
| > Asked Questions
|
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
| > s.mspx
|
| > Meanwhile, you need to migrate user rights from old domain to the new
| > domain by using the Computer Account Migration Wizard in Active
Directory
| > Migration Tool (ADMT console). For related information, please refer to:
|
| > Migration of Workstations and Member Servers
|
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx
|
| > More related information:
| > =============
| > Establishing Migration Accounts for Your Migration
|
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx
|
| > Users cannot write to a shared folder after migration to Windows Server
2003
|
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
| > ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx
|
| > 326480: How to use Active Directory Migration Tool version 2 to migrate
| > from Windows 2000 to Windows Server 2003
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
|
| > Hope the information helps!
|
| > Thanks & Regards,
|
| > Ken Zhao
|
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
|
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
| > Newsgroup Web Interface Upgrade
| > Please complete a one-time registration process on your first visit to
the
| > Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the
secure
| > code mspp2005 when prompted. This secure code will be valid for 6
months
| > after which you will need to update your registration by entering the
new
| > secure code. We will post announcements in the newsgroups prior to
| > expiration. Once you have entered the secure code mspp2005 , you will
be
| > able to update your profile and access the the partner newsgroups.
Please
| > update your Favorites link to the newsgroups web page, your current
link
| > will redirect until November 1, 2005.
| > Please post any comment, questions or concerns to the
| > microsoft.private.directaccess.partnerfeedback newsgroup. For more
| > information, please go to:
|
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
| > 4662
|
|
| > --------------------
| > | Thread-Topic: Apending ACL in file mirgration between forests
| > | thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
| > | X-WBNR-Posting-Host: 212.113.21.170
| > | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
| > @discussions.microsoft.com
| > | Subject: Apending ACL in file mirgration between forests
| > | Date: Mon, 12 Sep 2005 02:07:01 -0700
| > | Lines: 21
| > | Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.migration:11924
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | this may be a simple Quetion, have looked at MS Files Server
Mirgration
| > tool
| > | and it looks like it will do most of the thing required ( need to
test it
| > out
| > | ) but I also need to duplicate the group in ACl
| > |
| > | For exapmle if I have three gropud call:
| > | Domain1\usergroup1 - full right
| > | Domain1\usergroup1 - read only
| > |
| > | I need to keep these in tack and add:
| > | Domain2\usergroup1 - full right
| > | Domain2\usergroup1 - read only
| > |
| > | so as user are mirgated to the new domain they will stbe able to
access
| > the
| > | file regless to what domain they log on via
| > |
| > |
| > | Plus ie their away to delete groups in ACL when we turn off the old
| > domain
| > |
| > | this could be seval months
| > |
| > |
| > |
|
|
|
|
|
|
| Back to top |
|
|
Ken Zhao [MSFT]
Guest
|
| Posted:
Thu Sep 15, 2005 8:53 am Post subject:
RE: Apending ACL in file mirgration between forests |
|
|
Hello,
After discussing with Vincent Xu, we think that is doable steps. Also we
think that article will assist you.
This following paper enumerates the scenarios in which a multiforest
environment might be necessary or desirable and analyzes the consequences
of such an environment on the total cost of ownership of the enterprise.
For more related information and considerations, please refer to:
Multiple Forest Considerations in Windows 2000 and Windows Server 2003
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies
/directory/activedirectory/mtfstwp.mspx>
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroup Web Interface Upgrade
Please complete a one-time registration process on your first visit to the
Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
code mspp2005 when prompted. This secure code will be valid for 6 months
after which you will need to update your registration by entering the new
secure code. We will post announcements in the newsgroups prior to
expiration. Once you have entered the secure code mspp2005 , you will be
able to update your profile and access the the partner newsgroups. Please
update your Favorites link to the newsgroups web page, your current link
will redirect until November 1, 2005.
Please post any comment, questions or concerns to the
microsoft.private.directaccess.partnerfeedback newsgroup. For more
information, please go to:
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
4662
--------------------
| Thread-Topic: Apending ACL in file mirgration between forests
| thread-index: AcW5O59VtOrFYCdIT5iPc9a0eL62bQ==
| X-WBNR-Posting-Host: 212.113.21.170
| From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?="
<Cananyonehelp@discussions.microsoft.com>
| References: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
<RMXSJd4tFHA.780@TK2MSFTNGXA01.phx.gbl>
<7CEC4BAB-C86E-40CD-A46C-5A499FAADD64@microsoft.com>
<$0yA3eQuFHA.768@TK2MSFTNGXA01.phx.gbl>
| Subject: RE: Apending ACL in file mirgration between forests
| Date: Wed, 14 Sep 2005 07:50:17 -0700
| Lines: 284
| Message-ID: <CC2ACE18-C06B-448B-AAAB-6D1AC8A93F95@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11966
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Yes and NO
|
| yes as it gives me answer just not the one I was looking for
|
| and after think out of the box have come up with the following (just
start
| to builda test bench to test out the logic) using ideas you and other
from
| this most help full site
|
| build server on current domian forest
| set up DFS to allow me to replicat files and rights to new server
| run amdt to add the extra right (this give me a easy roll back)
| FSMT the new file and and permision to new forest SAN
|
| I think gives me an on line roll back along with a one hit mirgration of
| five servers and about 2TB of data
|
| if you think this is a bad / not so cool way please give me addtional
advise
|
| but just to recap
|
| This is the first time I have used the site and aprt from the fact I
missed
| used the site at first tring to get my question across I think the answer
you
| gave where very good just did not want to here a negitive in that way
|
| my main aim is to keep the current servers untouched for a simple and as
low
| of risk roll back as possible
|
| rgds
|
| cananyonehelp
|
| "Ken Zhao [MSFT]" wrote:
|
| > Hello Gary,
| >
| > I notice Vincent Xu has replied the similar question on another thread.
| >
| > Based on our research, only the FSMT may not achieve your purpose.
Because
| > it can only keep the same ACL. We need to migrate the file server as a
| > member server by using ADMT->computer migration or security migration.
| > Translate security on servers to add the SIDs of the user and group
| > accounts in the target domain to the ACLs of the resources. After
objects
| > are migrated to the target domain, the objects contain the ACL entries
from
| > both the source and the target domains.
| >
| > You can translate security in add mode on objects by using the ADMT
| > console, by using the ADMT command-line option, or by using a script.
| >
| > 1. On the domain controller in the target domain on which you installed
| > ADMT, log on by using the ADMT account migration account.
| > 2. Open the Active Directory Migration Tool, and then select Security
| > Translation Wizard.
| > 3. Complete the Security Translation Wizard.
| >
| > For more detailed information, please refer to the following article:
| > Translating Security in Add Mode
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > it/a421ccd9-1775-4cc6-8f62-18e4e9845887.mspx>
| >
| > Hope that helps!
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| > Newsgroup Web Interface Upgrade
| > Please complete a one-time registration process on your first visit to
the
| > Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the
secure
| > code mspp2005 when prompted. This secure code will be valid for 6
months
| > after which you will need to update your registration by entering the
new
| > secure code. We will post announcements in the newsgroups prior to
| > expiration. Once you have entered the secure code mspp2005 , you will
be
| > able to update your profile and access the the partner newsgroups.
Please
| > update your Favorites link to the newsgroups web page, your current
link
| > will redirect until November 1, 2005.
| > Please post any comment, questions or concerns to the
| > microsoft.private.directaccess.partnerfeedback newsgroup. For more
| > information, please go to:
| >
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
| > 4662
| >
| >
| > --------------------
| > | Thread-Topic: Apending ACL in file mirgration between forests
| > | thread-index: AcW4ZpBnFGD82902SU2eaiyHt3oGOQ==
| > | X-WBNR-Posting-Host: 212.113.21.170
| > | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?="
| > <Cananyonehelp@discussions.microsoft.com>
| > | References: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
| > <RMXSJd4tFHA.780@TK2MSFTNGXA01.phx.gbl>
| > | Subject: RE: Apending ACL in file mirgration between forests
| > | Date: Tue, 13 Sep 2005 06:25:09 -0700
| > | Lines: 136
| > | Message-ID: <7CEC4BAB-C86E-40CD-A46C-5A499FAADD64@microsoft.com>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.migration
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.migration:11942
| > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > |
| > | Thank you
| > |
| > | but can you add some more details
| > |
| > | isit possible to amend the ACL to have the same group with both in
| > orginal
| > | and target domain tag
| > |
| > | Gary
| > |
| > | "Ken Zhao [MSFT]" wrote:
| > |
| > | > Hello,
| > | >
| > | > Thank you for using newsgroup!
| > | >
| > | > In fact, you can use FSMT to migrate data from a file server in one
| > domain
| > | > to a file server in another domain in the same forest. You can also
| > migrate
| > | > data from a file server in one forest to a file server in another
| > forest if
| > | > cross-forest trusts are in place so that you can be a member of the
| > local
| > | > Administrators group on the source and target file servers. For
more
| > | > detailed FAQs about FSMT, please refer to:
| > | >
| > | > File Server Migration Toolkit Requirements and Compatibility:
| > Frequently
| > | > Asked Questions
| > | >
| >
<http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs/msfst_faq
| > | > s.mspx>
| > | >
| > | > Meanwhile, you need to migrate user rights from old domain to the
new
| > | > domain by using the Computer Account Migration Wizard in Active
| > Directory
| > | > Migration Tool (ADMT console). For related information, please
refer to:
| > | >
| > | > Migration of Workstations and Member Servers
| > | >
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > | > it/399d74c0-e88e-4ad5-aaa3-0b05383f2ed0.mspx>
| > | >
| > | > More related information:
| > | > =============
| > | > Establishing Migration Accounts for Your Migration
| > | >
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
| > | > it/3f558ac5-8694-4e5a-a71a-5c80af8a8bfd.mspx>
| > | >
| > | > Users cannot write to a shared folder after migration to Windows
Server
| > 2003
| > | >
| >
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Oper
| > | > ations/74e6bd62-1268-4e18-9060-45ca1d8330ff.mspx>
| > | >
| > | > 326480: How to use Active Directory Migration Tool version 2 to
migrate
| > | > from Windows 2000 to Windows Server 2003
| > | > http://support.microsoft.com/default.aspx?scid=kb;en-us;326480
| > | >
| > | > Hope the information helps!
| > | >
| > | > Thanks & Regards,
| > | >
| > | > Ken Zhao
| > | >
| > | > Microsoft Online Partner Support
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | >
| > | > Newsgroup Web Interface Upgrade
| > | > Please complete a one-time registration process on your first visit
to
| > the
| > | > Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering
the
| > secure
| > | > code mspp2005 when prompted. This secure code will be valid for 6
| > months
| > | > after which you will need to update your registration by entering
the
| > new
| > | > secure code. We will post announcements in the newsgroups prior to
| > | > expiration. Once you have entered the secure code mspp2005 , you
will
| > be
| > | > able to update your profile and access the the partner newsgroups.
| > Please
| > | > update your Favorites link to the newsgroups web page, your current
| > link
| > | > will redirect until November 1, 2005.
| > | > Please post any comment, questions or concerns to the
| > | > microsoft.private.directaccess.partnerfeedback newsgroup. For more
| > | > information, please go to:
| > | >
| >
https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
| > | > 4662
| > | >
| > | >
| > | > --------------------
| > | > | Thread-Topic: Apending ACL in file mirgration between forests
| > | > | thread-index: AcW3eVY9LoFJSGCfQpCK6XDCA66eVA==
| > | > | X-WBNR-Posting-Host: 212.113.21.170
| > | > | From: "=?Utf-8?B?Q2FuIGFueW9uZWhlbHA=?=" <Can anyonehelp
| > | > @discussions.microsoft.com>
| > | > | Subject: Apending ACL in file mirgration between forests
| > | > | Date: Mon, 12 Sep 2005 02:07:01 -0700
| > | > | Lines: 21
| > | > | Message-ID: <4F6219F9-EF25-48E4-BC97-AA911E05BAD2@microsoft.com>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | > | Newsgroups: microsoft.public.windows.server.migration
| > | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.migration:11924
| > | > | X-Tomcat-NG: microsoft.public.windows.server.migration
| > | > |
| > | > | this may be a simple Quetion, have looked at MS Files Server
| > Mirgration
| > | > tool
| > | > | and it looks like it will do most of the thing required ( need to
| > test it
| > | > out
| > | > | ) but I also need to duplicate the group in ACl
| > | > |
| > | > | For exapmle if I have three gropud call:
| > | > | Domain1\usergroup1 - full right
| > | > | Domain1\usergroup1 - read only
| > | > |
| > | > | I need to keep these in tack and add:
| > | > | Domain2\usergroup1 - full right
| > | > | Domain2\usergroup1 - read only
| > | > |
| > | > | so as user are mirgated to the new domain they will stbe able to
| > access
| > | > the
| > | > | file regless to what domain they log on via
| > | > |
| > | > |
| > | > | Plus ie their away to delete groups in ACL when we turn off the
old
| > | > domain
| > | > |
| > | > | this could be seval months
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| >
| >
| |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in