On Fri, Oct 23, 2009 at 10:03 AM, Rick Sheikh <[email protected]> wrote:
> Your end-goal (purpose) involves not having to re-ACL the resources when
> the data is moved, that task will involve migrating the groups with SID,
> (adding to the sIDhistory attribute), you can use ADMT. But in order to
> migrate SID, you need trust. Not sure what your other options are.
>
>
>
I'm wondering if something like this might work:
Domain of acquisition = xyz
Domain where xyz will eventually be joined to = 123
In domain 123, create security groups that will eventually be used by xyz
when it moves over to 123. Export with some tool.
Create test environment with copies of both domains on single servers -
create trust - import groups from previous export
In test enviroment - join users from domain xyz to new groups
export groups and/or users .
import changes to LIVE xyz domain (groups and/or users)
apply new groups to file structure (so they propagate and have equal
permissions down the tree)
Then when I colapse the old xyz domain, join it to 123 domain the group
permissions will be there..
I'm sure I'm missing something, but that's my general idea..
You may now rip my idea to shreds and send me to my room without dinner.
Jeff-
~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~
~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
