Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remove Domain & SID History

Status
Not open for further replies.
patstone

patstone

IS-IT--Management
Aug 20, 2004
168
GB
I have just finished migrating 3000 user’s accounts, mailboxes & data from a Windows 2000 domain to a new Windows 2003 domain.

The permissions on all the shared folders & home folders on the Windows 2003 domain are an exact replica of the permissions on the Windows 2000 domain.

Now I need to break the trust and remove the Windows 200 domain, if I do this as we stand users will not be able to access their files because the SID history will no longer exist.

Does anybody know of a tool that can replace the old windows 2000 SID’s with the new Windows 2003 SID’s on all shared folders & home folders?
 
Sort by date Sort by votes
Yes. It's called "SubInACL" and it works great...


Post back if you get stuck or need help. Your basically running it command line, like this;

Changing domain groups on directories
c:\subinacl /noverbose /subdirectories d:\folder\*.* /changedomain=%OLDdomain%=%NEWdomain%

Changing domain groups on a server share
c:\subinacl /noverbose /share \\server\sharename /changedomain=%OLDdomain%=%NEWdomain%



(yay! shameless advertising. my side business)
 
Upvote 0 Downvote
Your a hereo, sounds like the tool I am looking for.
 
Upvote 0 Downvote
wdoellefeld,

Do you know if I can add the new SID rather then replace it on the folders ?
 
Upvote 0 Downvote
You mean so there are matching users for the new/old domains? I don't believe so. Not sure what the aim is with wanting to do that but if it is concern over changing a user who may not be in the new domain you can rest easy. If it cannot find a matching user in the new domain it will leave it there unchanged.

(yay! shameless advertising. my side business)
 
Upvote 0 Downvote
wdoellefeld,

I am testing this on a test server and it works fine for groups but not for users accounts.

When you used it did you manage to change SID's for your users accounts?

Command I am running :
subinacl /noverbose /subdirectories d:\folder\*.* /changedomain=%olddomain%=%newdomain%
 
Upvote 0 Downvote
Not to worry, used ADMT and it worked.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
591
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
359
ADB100
ADB100
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
481
DeepuM
DeepuM
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
823
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top