If the Map/Merge Groups task is executed to merge groups A, B, and C into a new group D, how is the Re-ACLing process handled?
Domain Migration Administrator 7.1
During Security Translation, an agent is created and given the mappings of 'source to target' security descriptors on the objects selected for translation. Once the agent is installed on the target machine, it reviews each ACL looking for a source security descriptor or SID. If the agent finds a SID that matches any of the source SIDs, it uses the mapping to either Add or Replace the target SID on the ACL. When the Map and Merge function is used, DMA stores the 'source to target' security descriptor in the same way it would any mapped object.
The re-ACLing process is handled in this way. When the agent performs security translation on a machine and finds security references to the source groups A, B, or C that were merged into D, the agent will find that the mapping for any of these source groups is group D. It will then Add or Replace the security descriptor with that of group D.
Please contact Technical Support to create a Support Request for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.