Resolution
goal
How does Domain Migration Administrator handle EFS, i.e. when a source user encrypted files locally, can the target user still access the files?
fact
Domain Migration Administrator 7.x
fix
When a user is migrated to the target domain, the target account will not have access to files that were encrypted by the source user. By Microsoft design, only the person who encrypted the file, the specified Recovery Agent (usually the Local Administrator on the machine where the files reside) has the ability to decrypt the files. The user must logon with their source account and decrypt the files. Then they will be able to logon with their target account and re-encrypt the files. This could also be accomplished by the Recovery Agent.
note
note
How does Domain Migration Administrator handle EFS, i.e. when a source user encrypted files locally, can the target user still access the files?
fact
Domain Migration Administrator 7.x
fix
When a user is migrated to the target domain, the target account will not have access to files that were encrypted by the source user. By Microsoft design, only the person who encrypted the file, the specified Recovery Agent (usually the Local Administrator on the machine where the files reside) has the ability to decrypt the files. The user must logon with their source account and decrypt the files. Then they will be able to logon with their target account and re-encrypt the files. This could also be accomplished by the Recovery Agent.
note
Please refer to the following knowledge base article:
How would DMA/SC behave if attempt to migrate files that are encrypted with Microsoft's built-in EFS?
https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB4686
note
Please refer to Microsoft Knowledge Base for more information:
Step-by-Step Guide to Encrypting File System (EFS)
http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp
Additional Information
Formerly known as NETIQKB28083