Hello, Do you mean rather CACLS or XACLS for reacling file system ? I think DSACLS is for permissioning Active Directory objects. Cheers, Yann
________________________________ De: [EMAIL PROTECTED] de la part de [EMAIL PROTECTED] Date: mer. 03/08/2005 22:23 À: [email protected] Objet : RE: [ActiveDir] copy or migrating local to domain accounts DSACLS will let you do the reacling without having to worry about manually doing it (although with one server it is probably not a big deal). I have used it with a text file that maps old user account to new user account to automate the repermissioning. You can also use this to repermission the registry files including the user.dat file in the registry as part of a profile move - although that applies to a workstation more then a server. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-230-2983 [EMAIL PROTECTED] "Grillenmeier, Guido" <[EMAIL PROTECTED] To: <[email protected]> com> cc: (bcc: James Day/Contractor/NPS) Sent by: Subject: RE: [ActiveDir] copy or migrating local to domain accounts [EMAIL PROTECTED] tivedir.org 08/03/2005 08:41 PM CET Please respond to ActiveDir there is an easier way, although you might not be able to leverage it, depending on your situation. 1. you could promote the server to be the DC of a new temp-forest (will take the local SAM and make "normal" AD accounts and groups out of it) 2. then create a trust to your target forest and use ADMT to migrate the groups and users incl. PW over to your target forest + reacl the server's resources to allow access from those target users/groups (pretty easy task as you don't have to chase any user profiles on other boxes and can just concentrate on that one machine for reacling...) 3. cut the trust and demote your temp-forest DC back to a standalone box and then join it as a server to your target domain done /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Dienstag, 2. August 2005 22:08 To: [email protected] Subject: RE: [ActiveDir] copy or migrating local to domain accounts How good are your scripting skills? 1) Dump the passwords from the local server using pwdump3e 2) Crack all the passwords using rainbow crack or l0phtcrack or whatever 3) Script the creation of the users in the domain setting those passwords you cracked Pretty easy. (And if you already know all the passwords, you can skip items 1 and 2 -- "net users" will list your local users and you can use "dsadd" to add them to the domain!) For extra credit: 4) Scan the filesystem finding all files with ACLs including the above users, write the filenames and ACLs to a file and after you've promoted the users and joined the domain, go back and re-ACL the files. That's a little harder. :-) I've "promoted" web servers to a domain this way several times. The real question is why does a local user no longer meet the needs on the local server? M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Tuesday, August 02, 2005 2:34 PM To: [email protected] Subject: [ActiveDir] copy or migrating local to domain accounts I think that I already know the answer to the question, but I will ask anyways. I have a test box (server) that is a stand-alone. I need to add it to a domain, but I have a lot of local users on this box. Is there any way to move, copy, or migrate the user accounts to the domain level? Thanks Lazy.. J List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
