Hi Tom,
1) Yes.
2) Also Yes.
3) No, SIDhistory is used to access the resource in SOURCE domain.
4) Yes, it works. Actually, computer migration does two things 1) Join the
computer into new domain 2) Run security translation. Now, you have to
perform securtiy translation manually since you have manually joined the
computer into new domain.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! -
www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
>>Thread-Topic: ADMT migration/security translation
>>thread-index: Acas+oXsFm7ZSBoIRYqUaAPCrAqwAQ==
>>X-WBNR-Posting-Host: 68.234.176.5
>>From: =?Utf-8?B?VG9t?= <Tom.TakeThisOut@discussions.microsoft.com>
>>Subject: ADMT migration/security translation
>>Date: Fri, 21 Jul 2006 12:19:01 -0700
>>Lines: 27
>>Message-ID: <89337FEE-1AF2-4D0D-8C91-ADBB0E9015A8.TakeThisOut@microsoft.com>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="Utf-8"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Content-Class: urn:content-classes:message
>>Importance: normal
>>Priority: normal
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
>>Newsgroups: microsoft.public.windows.server.migration
>>Path: TK2MSFTNGXA01.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:24535
>>NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
>>X-Tomcat-NG: microsoft.public.windows.server.migration
>>
>>Hello all,
>>
>>Regarding Intra-Forest migration using ADMT, four small (i think)
questions.
>>Any help appreciated.
>>
>>1) We are trying to migrate a file server that is also a DC from one
domain
>>to another with least work. I am thinking you must have at least one DC
left
>>in the source domain to run a secuirty translation on a migrated
>>workstation/server. Also, the file server/domain controller would need to
be
>>demoted to a member server first, migrated to new domain, and then run
>>security translation wizard. Sound correct? Any feedback appreicated.
>>
>>2) If My Docs folder is redirected from local profile to a shared network
>>folder will migrated users need to adjust this redirection at all either
>>before or after file server is migrated?
>>
>>3) Also,the SIDhistory will still work for access too when both file
server
>>and user accounts are in target domain, correct?
>>
>>4) Will security translation work on a server that has not been migrated
via
>>ADMT if a SID mapping file is employed? Example, if NTbackup or other
copy
>>program is used to copy file shares with original ACL from file server in
>>source domain to one in the target domain, can the ADMT "secuirty
translation
>>wizard" (using a SID map file) be used to change the source acct ACLs to
the
>>target acct ACLs?
>>
>>Thank You.
>>
FAQ
Profile
Private Messages
Log in
