How do I migrate domain local groups that already contain global groups from target domain, and migrate data from a domain controller while maintaining permissions?
Server Consolidator 7.1
Domain Migration Administrator 7.1
You can use the following procedure to migrate the domain local groups to the target domain, and then migrate the data to a new server, and translate security for the new domain local groups.
- Create a project in DMA.
- Run the 'Select Objects' wizard and select the local groups to be migrated. Do not select the option to 'Automatically load associated members to project'.
- Run the 'Migrate Groups' wizard.
- Deselect the Migrate data using modeling database as source? and Use migration settings defined in the Migration Settings Wizard? checkboxes.
- On the 'Group Options' screen: DO NOT select Migrate the members of the groups selected or Migrate account SIDs to target domain.
- On the 'Advanced' button, use the default level of Slow.
- On the 'Naming Conflict' screen, select Replace and update conflicting accounts.
- The local groups will be created in the target domain, and the AD global groups that were members of the local groups, in the source domain, will be added to the new local groups in the target domain.
- Run the 'Translate Security Settings' wizard in DMA. During this wizard, you will select the local groups that have been migrated, and the domain controller in the source domain that contains the data to be migrated. It is recommend that you select Add mode.
- Migrate the data using the 'Migrate Files, Folders, and Shares' wizard in Server Consolidator, from the source domain controller to the member server in the target domain. In the 'File and Directory Collision Options', select Always replace. The data will come over with the ACL's showing both the source and target local groups.