How do I migrate data if global groups are used for NTFS permissions? (NETIQKB9141)

  • 7709141
  • 02-Feb-2007
  • 08-Aug-2007

Resolution

goal
How do I migrate data if global groups are used for NTFS permissions?

fact
Server Consolidator 7.x

fix

Here are two ways to accomplish this. The recommended method is to translate security on the server while it is in the source domain, as described in Scenario One.

SCENARIO ONE

  1. Migrate the user and group accounts from the source domain to the target domain with Domain Migration Administrator (DMA). 
  2. Use DMA to translate security for all migrated accounts on the source file server.
    1.  Select the Add mode, in the wizard, to add security references for the new accounts to the ACL, and leave source references intact. 
    2. At this point, both source and target accounts have access to the source server.
  3. Use Server Consolidator to copy over the data to the new server using the Migrate Files, Folders, and Shares wizard.
    1. Server Consolidator will copy Access Control Entries (ACE's) exactly as they are on the source server, refer to the following knowledgte base article:

       https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB914
    2. At this point the target server ACL will be accessible by both source and target domain accounts.
  4. Translate security on the target server in the Remove mode to remove ACL references to source domain objects.

    For the local groups on the source server, also perform these steps with Server Consolidator:
      1. Migrate the local groups using the Migrate Machine Local Groups wizard. 
      2. Domain user accounts that have been migrated with DMA will be placed in the new local group during this step. 
  5. Translate security using the Translate Local Security Settings wizard in order to update the ACL's on the new server.


SCENARIO TWO

  1. Migrate the user and group accounts from the source domain to the target domain with DMA.
  2. Use Server Consolidator to copy over the data to the new server.
    •  Server Consolidator will copy Access Control Entries (AC.
      E's) exactly as they are on the source server, so at this point the target server ACL will be accessible only by source domain accounts.
  3. Use DMA to translate security for all migrated accounts on the target server. 
    • You may select either the Replace or Add option. Use Replace to replace the source accounts with target accounts on ACL's in one pass. Or, choose Add to add access for target accounts and leave source references in place. After choosing  Add, you can choose Remove at a later date when you want to remove source accounts from ACL's on the new server.
  4. For the local groups on the source server, also perform these steps with Server Consolidator:
    1.  Migrate the local groups using the Migrate Machine Local Groups wizard.
    2.  Domain user accounts that have been migrated with DMA will be placed in the new local group during this step.
  5. Translate security using the Translate Local Security Settings wizard in order to update the ACL's on the new server.
.


Additional Information

Formerly known as NETIQKB9141

Feedback service temporarily unavailable. For content questions or problems, please contact Support.