If the Map/Merge Groups task is executed to merge groups A, B, and C into a new group D, how is the (NETIQKB1150)

  • 7701150
  • 02-Feb-2007
  • 09-Oct-2007

Resolution

goal
If the Map/Merge Groups task is executed to merge groups A, B, and C into a new group D, how is the Re-ACLing process handled?

fact
Domain Migration Administrator 7.1

fix
During Security Translation, an agent is created and given the mappings of 'source to target' security descriptors on the objects selected for translation. Once the agent is installed on the target machine, it reviews each ACL looking for a source security descriptor or SID. If the agent finds a SID that matches any of the source SIDs, it uses the mapping to either Add or Replace the target SID on the ACL. When the Map and Merge function is used, DMA stores the 'source to target' security descriptor in the same way it would any mapped object.

The re-ACLing process is handled in this way. When the agent performs security translation on a machine and finds security references to the source groups A, B, or C that were merged into D, the agent will find that the mapping for any of these source groups is group D. It will then Add or Replace the security descriptor with that of group D.



note

Please contact Technical Support to create a Support Request for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.



Additional Information

Formerly known as NETIQKB1150

Feedback service temporarily unavailable. For content questions or problems, please contact Support.