Bob Qin [MSFT]
Guest
|
 Posted:
Tue Dec 28, 2004 1:31 pm Post subject:
RE: ADMT migration group troubles |
|
|
Hi OCARRE,
Thanks for your posting here.
If a user is a member of a group has modify permissions and in other groups
without deny permission, it should have modify permission.
I assume that the permissions are assigned to the old NT domain groups.
Sometimes the SIDhistory cannot work properly. For example, the problem can
be caused that the SID Filtering was enabled (By Default) on the Windows
2003 domain. To disable SIDFiltering run the following command on Windows
2003 DC:
netdom trust <2000 domain FQDN> /domain:<2003 domain FQDN>
/usero:administrator /passwordo:<admin password or *> /quarantine:no
Setting the /Quarantine to no disabled SID Filtering and allowed users to
connect to their old resources.
You can type "netdom trust /?" command for more information.
Since you have move all the data to the new domain, and you will close the
old NT domain later, I would like to recommend that you use Security
Translation Wizard in ADMT to modify the data permissions. You can choose
Add security translation option, so both the older domain users and new
domain users have the persons to the file server.
Wish it helps!
Regards,
Bob Qin
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?T0NBUlJF?= <OCARRE@discussions.microsoft.com>
Subject: RE: ADMT migration group troubles
Date: Mon, 27 Dec 2004 06:35:02 -0800
Newsgroups: microsoft.public.windows.server.migration
One more thing, all my accounts are already in my windows 2003 domain
for a
while. the NT4 domain is a ressource domain that we want close
Regarda
"OCARRE" wrote:
| Quote: | Dear all,
I'm migrating a file server from NT to 2003 and encounter problems.
A trust relationship (dual) is setup and is working find.
I used the ADMTv2 tools to migrate the domain groups from NT4 to
2003 with
the SID, it seems to work because when I use ADSIEdit I can see the
SIDHistory.
I checked the ADMT logs and find no error.
I used Robocopy source dest /E /MIR /COPYALL /R:3 /V /LOG:log.txt
and I copy
all the data with the permissions.
My problem is when I try to access the data on the new server I've
got only
read access.
The share permissions are Full control
The user is member of a (migrated)group that have read NTFS
permission and
is member of another (migrated)group that have modifiy.
I saw in the NTFS advanced perms to find a Deny but no Deny.
Could you tell me if in Windows 2003 the permissions are least
restrictive
or most restrictive.
eg : NTFS Read + NTSF Modify = Modify or not
Merry christmas
Thx
O. CARRE |
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in