• State Not Answered
  • Replies 1 reply
  • Subscribers 114 subscribers
  • Views 754 views
  • Users 0 members are here
Options
Related

Active Directory Domain Migration

ali jafri
10 months ago

Hi I have a question in regards to the domain migration, I have synced users and groups using ODM with SID history. Agent installation and actual cutover of computers will take time, at what point shall I migrate the files server which has all the shares including the home drive data (all NTFS). Its causing issues as if I migrate the computers users cannot access their shared drives, what permissions should i assign on the root level for it to be less convenience and less admin work for me to do. Cannot migrate file sever because not all the computers will be migrated by then, any suggestion, tips will be much appreciated.

Its a on premise migration, already set up new DCs with the new domain.

Thanks 

Parents
  • 0 10 months ago

    Hi Ali, you mentioned that you migrated SID history, which help with cross-environment resource access in many cases.  However, if there are any issues with the trust settings, this might not be giving  the users the full access they need. 

    The other recommendation for coexistence in your scenario is to run a File Share ReACL on the non-migrated server, which will explicitly add the target accounts and target groups to the permissions lists on the source shares instead of relying on SID history translation. The migrated users will still need network access to the source server, so keep that in mind if they need to connect to a VPN or if the NTFS needs to be updated to allow access from the target network.

Reply
  • 0 10 months ago

    Hi Ali, you mentioned that you migrated SID history, which help with cross-environment resource access in many cases.  However, if there are any issues with the trust settings, this might not be giving  the users the full access they need. 

    The other recommendation for coexistence in your scenario is to run a File Share ReACL on the non-migrated server, which will explicitly add the target accounts and target groups to the permissions lists on the source shares instead of relying on SID history translation. The migrated users will still need network access to the source server, so keep that in mind if they need to connect to a VPN or if the NTFS needs to be updated to allow access from the target network.

Children
No Data