Announcement

Collapse
No announcement yet.

How to import just the users (SIDs)?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to import just the users (SIDs)?

    Hi to all,

    First of all it is very nice to find a community like this. I hope you can help me.

    We have a DC (Windows 2003 Standard Edition, DNS, DHCP and WINS). We lost the AD stability while we try to remove BDC from AD with using ntdsutil. Now all replications (File, DNS, AD etc.) is gone and I think not possible to recover AD because we mass things up pretty bad. And also we don't have a backup. We get massive errors from Event logs.

    We decide to reinstall the DC (same name like "blabla.com") again with DNS, DHCP and WINS services. There is one problem. I need the old users because of their SIDs. On the DC there are D:, E: and F: drives. And users have special permissions on some folders and files on these drives.

    Full AD backup is not good for me because it is in bad condition. I just need the users (SIDs). How can I import just the users? Is this a solution for my case?

    Thanks in advance. Looking forward to hear from you.

  • #2
    Re: How to import just the users (SIDs)?

    Can you tell us more about your environment -- what do you have in the way of DCs
    What errors are you getting?
    Is the old domain still running?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: How to import just the users (SIDs)?

      Originally posted by Ossian View Post
      Can you tell us more about your environment -- what do you have in the way of DCs
      What errors are you getting?
      Is the old domain still running?
      I don't want to recover my OLD DC. I just want to install a new DC and import the users. Things really messed up. Is this possible?

      Comment


      • #4
        Re: How to import just the users (SIDs)?

        It'll be worth looking into migration then. Look at ADMT
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: How to import just the users (SIDs)?

          Are you talking about a new DC in an existing domain or a totally new domain?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: How to import just the users (SIDs)?

            Originally posted by Ossian View Post
            Are you talking about a new DC in an existing domain or a totally new domain?
            Totally new domain but same name for example. I mean I format the DC and reinstall it then dcpromo with the same name.

            Old domain: blabla.com

            New domain: blabla.com

            Comment


            • #7
              Re: How to import just the users (SIDs)?

              Originally posted by L4ndy View Post
              It'll be worth looking into migration then. Look at ADMT
              I just need the users. AD Migration brings failed objects.

              Comment


              • #8
                Re: How to import just the users (SIDs)?

                I am not quite sure myself if this will work actually and I'd love to know otherwise but, you could try a two step migration with ADMT using SID history

                1 blabla.com - blabla1.com

                2 blabla1.com -blabla.com

                All you need is an extra physical server (Should have two in there anyway if best practices are followed)
                Caesar's cipher - 3

                ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                SFX JNRS FC U6 MNGR

                Comment


                • #9
                  Re: How to import just the users (SIDs)?

                  It will allow the users to be moved. SID history will need to also be enabled as the SID will change when moved to the other domain and then back again.

                  However, with all other objects being recreated, not sure if just migrating users will work. It perhaps saves time with recreating them all again.

                  Comment


                  • #10
                    Re: How to import just the users (SIDs)?

                    Originally posted by Virtual View Post
                    It will allow the users to be moved. SID history will need to also be enabled as the SID will change when moved to the other domain and then back again.

                    However, with all other objects being recreated, not sure if just migrating users will work. It perhaps saves time with recreating them all again.
                    Ok I understand. Let's say I recreate all users. Newly created users can't reach their special files or folders by default. Is it possible to open these files or folders? Can I as the new domain admin reach the files or folders and assign the new permissions?

                    If files are gone (permission denied) I am dead.

                    My most important problem is reach the files after the new DC.
                    Last edited by ctopaloglu; 21st May 2009, 12:26.

                    Comment


                    • #11
                      Re: How to import just the users (SIDs)?

                      You can take ownership of any files or folders and then re-assign permissions
                      SECURITY--ADVANCED--OWNER
                      Are the permissions documented?

                      Is your old domain still running (any DC belonging to original domain) or has it been totally replaced by the new one(all new DCs)?
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: How to import just the users (SIDs)?

                        If you are only worried about the files then just go for a straight rebuild of your AD and reassign permissions once the files and folders have been moved. Files and folders will be "stripped" of their existing ACL info and inherit the permissions of the drive where they'll be moved to.
                        This is by far the tidiest way of doing it if downtime is not taken into account.
                        Caesar's cipher - 3

                        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                        SFX JNRS FC U6 MNGR

                        Comment


                        • #13
                          Re: How to import just the users (SIDs)?

                          Originally posted by Ossian View Post
                          You can take ownership of any files or folders and then re-assign permissions
                          SECURITY--ADVANCED--OWNER
                          Are the permissions documented?

                          Is your old domain still running (any DC belonging to original domain) or has it been totally replaced by the new one(all new DCs)?
                          You mean I (as a new domain admin) can reach files no matter what? That's a relief! Permissions not documented but that's no problem. Can I take ownership (reset the default permissions) one by one or whole drive?O

                          Our old domain (DC) is still running by the way. But it is in bad condition not stable.
                          Last edited by ctopaloglu; 21st May 2009, 12:44.

                          Comment


                          • #14
                            Re: How to import just the users (SIDs)?

                            Does your old domain and old DC have the same name as the new domain and DC?

                            Note the DC is NOT the same as the domain!

                            You can seize permissions on a whole drive by applying the change to subfolders as well as the parent
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment


                            • #15
                              Re: How to import just the users (SIDs)?

                              You as the domain admin of both the old domain and new domain can reach the files from both servers.

                              From the new server access the old server like this: \\oldserver\sharename, when prompted for credentials provide the domain admin username and password for the old domain. Copy the files you need to the new server.

                              You can do the same thing from the old server by accessing the new server like this: \\newserver\sharename, when prompted for credentials provide the domain admin username and password for the new domain. Copy the files you need to the new server.

                              You could also transfer the files from the old domain to an external hard drive and then transfer them to the new server. In the process the files will lose the permissions from the old domain share and inherit the permissions of the new domain share.

                              Comment

                              Working...
                              X