Announcement

Collapse
No announcement yet.

Problem accessing shares after ad migration 2000-->2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem accessing shares after ad migration 2000-->2003

    I have a 2k AD with 2 dc, 2 file servers,1 exchange 5.5, 200 clients. Every server is running win2k server. I need to migrate to a new AD 2003. i used ADMT tool to copy users and groups on the new one, preserving SIDs and disabling SIDs filtering during the migration. Obviously there is a trust between the two AD.
    Users are working fine (accessing the domain, etc), if i put as the primary winnt account the new one mailboxes are accessible, but i cannot access the shares on my FileServer (still on the old AD and with old permissions related to AD2k users)

    Is it possible to preserver rights on the shares or is it needed to re-create every permission and right?


    Thank you.

  • #2
    Re: Problem accessing shares after ad migration 2000-->2003

    > preserving SIDs and disabling SIDs filtering : during the migration.

    Are you _sure_ you disabled SID filtering, and did it on the correct end of the trust? This really looks like SID's are blocked.

    > Is it possible to preserver rights on the shares or is it needed to re-create every permission and right?

    Sidhistory will do that for you, and since you say you migrated the SIDs there is no need for new permissions. Note that replacing the old with the new SIDs is best practice!

    Comment


    • #3
      Re: Problem accessing shares after ad migration 2000-->2003

      yes, i used netdom in both my two AD. How can i verify if the SIDs are ok?


      thank you
      Last edited by Kiowa; 13th October 2005, 15:05.

      Comment


      • #4
        Re: Problem accessing shares after ad migration 2000-->2003

        I dont think that netdom save the SID-History... Try to use ADMT 3.0.

        Regards,

        Yuval
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: Problem accessing shares after ad migration 2000-->2003

          > I dont think that netdom save the SID-History... Try to use ADMT 3.0.

          Netdom not a migration tool, is may be used to switch sidfiltering.

          > How can i verify if the SIDs are ok?

          Install adsiedit (support tools) on a DC in the new domain. Open the properties of a migrated user, and check for the presence of the attribute sIDHistory - it should be set to a nonzero value. If it is zero (not set), your migration failed to migrate Sidhistory.

          Comment


          • #6
            Re: Problem accessing shares after ad migration 2000-->2003

            Originally posted by wkasdo
            > I dont think that netdom save the SID-History... Try to use ADMT 3.0.

            Netdom not a migration tool, is may be used to switch sidfiltering.
            Yes, i used netdom to disable sid filtering, and i'm using admt tool 2.0 to migrate user and preserve sids


            Originally posted by wkasdo
            > How can i verify if the SIDs are ok?

            Install adsiedit (support tools) on a DC in the new domain. Open the properties of a migrated user, and check for the presence of the attribute sIDHistory - it should be set to a nonzero value. If it is zero (not set), your migration failed to migrate Sidhistory.
            I'll try, but yesterday i tried an empiric system :runned once again netdom and then migrated a test user. now it seems to work. may be netdom didn't work the first time. I'll keep you up-to-dated.

            Thank you for your kind support

            Comment


            • #7
              Re: Problem accessing shares after ad migration 2000-->2003

              Please use only ADMT to migate users computers + accounts.
              It should reslove this issue.

              Yuval
              Best Regards,

              Yuval Sinay

              LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

              Comment

              Working...
              X