Syncrhonizing File Rights Across Domains

  • Thread starter Thread starter MEI
  • Start date Start date
M

MEI

I have two Domains. An older domain which has roughly 1 Terabyte of Data and
a newer domain I am migrating to. There is a full trust in place between the
two domains.. I would like users to be able to authenticate on to the newer
domain but be able to pull up files on the older domain using only a single
sign-on.
My understanding was if the users account name was the same, along with
their password that this would automatically push through to the second
domain and pull up the proper NTFS rights. This does not seem to be the
case. Is there a step I am missing??

Many Thanks,
MEI
 
I have two Domains. An older domain which has roughly 1
Terabyte of Data and
a newer domain I am migrating to. There is a full trust in
place between the
two domains.. I would like users to be able to authenticate on
to the newer
domain but be able to pull up files on the older domain using
only a single
sign-on.
My understanding was if the users account name was the same,
along with
their password that this would automatically push through to
the second
domain and pull up the proper NTFS rights. This does not seem
to be the
case. Is there a step I am missing??

Many Thanks,
MEI
Click to expand...

The reason it does not work is because the ACLs (access control list)
on the data specifies the SIDs of the users in the OLD domain. As you
created the users (although with the same name) in the NEW domain they
will NOT have access. That would be to easy if just creating a user
would give you access to the data other users with the same name have.
The same applies to groups

What you need to do is to use ADMTv3 (Active Directory Migration Tool)
and migrate groups, users, memberships from the OLD domain to the NEW
domain including SIDhistory. This way the users in the NEW domain have
access to the OLD data
After that you need to MIGRATE the data and reacl (also with ADMT)
where the OLD SIDs in the ACLs are replaced with the NEW SIDs. After
data you can cleanup SIDhistory

Fore more info on ADMT and migration see:
http://www.microsoft.com/downloads/...7B-533A-466D-A8E8-AFF85AD3D212&displaylang=en

http://www.microsoft.com/downloads/...A0-76F0-4E25-8DE0-19544062A6E6&displaylang=en

http://whitepapers.silicon.com/0,39024759,60088469p-39000357q,00.htm

Also search for migration ebooks/white papers at Quest, NetIQ
 
Back
Top