Hi Microsoft Community!
Background: New fileserver (WS2016) for new destination domain has the same folder structure as old fileserver (WS2008R2)from source domain
Also has the files copied over to the destination file server. Existing NTFS permissions (from source domain) was also copied over.
Most user accounts and security groups also have been already migrated.
For a folder example:
SrceF1 folder currently have NTFS permissions with the following:
CREATOR
SYSTEM
SRCLocal1\Administrators
SRCLocal1\Users
SRCDomain\Help1
DestF1 folder currently have NTFS permissions with the following:
CREATOR
SYSTEM
DESTLocal\Administrators
DESTDomain\Administrators
SRCDomain\Help1
Note: The above example is just top level folder. There will be subfolders with different NTFS permissions
Objective:
To add new domain NTFS permissions to destination folder(s) checking against existing NTFS permissions from source domain
DestF1 folder will have NTFS permissions like below
CREATOR
SYSTEM
DESTLocal\Administrators
DESTDomain\Administrators
SRCDomain\Help1
DESTDomain\Help1
Attempts:
(RUN as Admin)
Subinacl -
I exported source domain SIDs as well as destination domain SIDs in a mapped .txt file. The file has sourceSID = destinationSID
I then tried to use the subinacl command tool with the migratetodomain switch. The commands run successfully, but nothing changed.
I also tried using icacls -
I’m able to save the NTFS permissions to a file but able to restore the permissions on the destination server but this only works for the DestF1folder. Access denied is the error message I get when I try this on the other folders.
Domain admin (destination) user has Full Control and is also the owner of the folder(s).
Powershell -
I also tried with Powershell the Get-ACL command and Set-ACL. I exported the source NTFS permissions into 2 separate files; one for the top level folder and another file for the subfolders. I then tried the following commands.
Ran successfully, but again no changes.
Ran successful also, but actually removed the SRCDomain\Help1 permissions
Maybe I need to use a for(each) loop , but not sure how to.
Thank you for any suggestions or feedback