Jump to content
  • entries
  • comments
  • views

File Server in-place Domain Migration




File Server in-place Domain Migration
When migrating to a new domain a major part is the file server, especially if there are a lot of data and different permissions.
Thankfully Microsoft has a very helpful tool called SubInACL. This tool can be used to read and update security permissions and is much helpful for file server in-place domain migration. The tool can be downloaded here: https://www.microsoft.com/en-us/download/details.aspx?id=23510
But after searching a lot there is not a specific guide that someone has followed and worked. So I started testing and came up with the following steps that worked for me:

  1. Open an elevated Command Prompt window and navigate to the folder containing the subinacl.exe
  2. Export the permissions of the drive’s root:
    subinacl /noverbose /output=C:permissionsE.txt /file E:
  3. Export the permissions of the all subfolders and files:
    subinacl /noverbose /output=C:permissionsEsub.txt /subdirectories E:
  4. Copy the contents of the “permissionsE.txt” to the start of the “permissionsEsub.txt” file.
  5. Open the “permissionsEsub.txt” file and replace the old domain name with the new domain name.
  6. View the shares:
    net view computername
  7. Export the shares’ permissions:
    subinacl /noverbose /output=C:shares.txt /share \computernamefileshare
  8. Disjoin and join the Server to the new domain
  9. Import the NTFS permissions
    Subinacl /playfile C:permissionsEsub.txt
  10. Import the shares’ permissions:
    Subinacl /playfile C:shares.txt

Some commends from the field
The export process is very fast but the import process takes much longer time.
The subinacl process is single threaded (uses only one core) so in order to speed up the whole process you can split the permissions file and run it multiple times on different command prompt windows. Every subinacl.exe will create a single process that will use one core so if you have four cores create four processes.
The import process completely removes the permissions and applies the new ones. So no User IDs will stay at the files/folders.


The post File Server in-place Domain Migration appeared first on Proxima's IT Corner.





Recommended Comments

There are no comments to display.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...