+ Post New Thread
Results 1 to 5 of 5
Windows Thread, ADMT and or Scripting ACL changes. in Technical; I've just moved users, their passwords and SIDs from an NT4 domain to a 2003 one, I backed up the ...
  1. #1


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,686
    Thank Post
    279
    Thanked 784 Times in 611 Posts
    Rep Power
    225

    ADMT and or Scripting ACL changes.

    I've just moved users, their passwords and SIDs from an NT4 domain to a 2003 one, I backed up the files on the old DC/fileserver using microsoft backup and am now restoring on the new dc/fileserver.

    As the SIDs moved over ok, I was kind of expecting the permissions to reflect new domain membership, but they haven't (though they have retained old domain acls, and can use them - 2-way trust).

    Have I missed something? If not, is there an easy way to script ACL changes such that an acl with OLDDOMAIN\JoeBloggs is converted to NEWDOMAIN\JoeBloggs? Is it possible to script this kind of search and replace with acls?

    Sorry, I didn't rtfm before I posted - just noticed subinacl does have search and replace functionality.

  2. #2

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    784
    Thank Post
    1
    Thanked 33 Times in 31 Posts
    Rep Power
    24

    Re: ADMT and or Scripting ACL changes.

    It is possible to script ACL changes. I would write a script to set or remove permissions as required, something like this should do the trick

    Code:
      for /f "Tokens=1,2 Delims=," %%a in (createusers.txt) do (
    	cacls "userhomefolderpath\%%a" /T /G "newdomain\%%a":F /e
                    cacls "userhomefolderpath\%%a" /T /E /R "olddomain\%%a"
    )
    To run this script you will need to export usernames from the active driectory to a txt file.

  3. #3

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183

    Re: ADMT and or Scripting ACL changes.

    Also read the thread at http://edugeek.net/index.php?name=Fo...ewtopic&t=3314 for a script that might do what you want

  4. #4
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: ADMT and or Scripting ACL changes.

    Did you use ADMT to migrate user accounts? If you did, then the new user accounts should have the old SIDs in the SID History fields.

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,686
    Thank Post
    279
    Thanked 784 Times in 611 Posts
    Rep Power
    225

    Re: ADMT and or Scripting ACL changes.

    Thanks all,

    Since the permissions from the old domain are still there I dumped a list of users and groups and then just called subinacl to replace domain1\user with domain\user2.

    However, the permissions make no sense (in terms of who can access what), so I need to grab a deputy head and make them to write down who should have what.

    @ajbritton,
    Yeah, I did. I was expecting olddomain\account to be automatically translated into newdomain\account when I looked at file > properties > security, but it didn't happen.

    Migrating files from a ~ 10 year old file share is interesting.cn



SHARE:
+ Post New Thread

Similar Threads

  1. Scripting Resources
    By ChrisH in forum Scripts
    Replies: 20
    Last Post: 27th March 2012, 12:39 PM
  2. New to scripting
    By FN-GM in forum Scripts
    Replies: 26
    Last Post: 10th August 2007, 11:31 PM
  3. ADMT v2
    By Actcomp in forum Windows
    Replies: 8
    Last Post: 23rd October 2006, 01:02 AM
  4. ADMT V3
    By wesleyw in forum Windows
    Replies: 4
    Last Post: 15th August 2006, 08:14 AM
  5. Scripting IP configuration.
    By Dos_Box in forum Scripts
    Replies: 3
    Last Post: 2nd September 2005, 10:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •