I am currently attempting to migrate users and roaming profiles between
domains in seperate forests both at a functional level of Windows Server 2003
(mix of 2003 and 2003 R2 DC's).
The setup is straight forward on both domains, there is a parent domain
which contains no users and is used for structure and all various windows
servers are attached to that domain. There are then a number of children
domains (various offices), which contains the AD users.
I am attempting to migrate a user from one child domain in the first forest
to a child domain in the new forest (this new forest will ultimately replace
the old one entirely).
So far with test users I can migrate a user between domains maintaining SID
history, however I was unable to translate the roaming profile, it has
permission problems and this I know comes down to the fact that we are using
a Netapp FAS270 NAS to store our roaming profile data and that device is
attached to the older domain, which means that the older domain has
administrative rights but it does not have the functionality to be able to
give specific users permission from other domains etc.
Thats fine, I know that is a problem and the solution will probably just be
to move the device to the newer domain, however as a test I have moved a user
from the newer domain to the older domain.
This worked, the roaming profile according to ADMT was translated with no
errors, so I went and logged in with that user on the new domain ... and no
profile. SID history works, I can manually browse to that profiles path and
view the contents.
Looking at the security and file ownership, for some reason it has added the
owner as testuser@forest root domain, rather than of the child domain to
which I migrated it. Which makes no sense. There is no such user, I checked
the parent to make sure it hadnt created it and it definately doesnt exist.
Why would it reown the files for the parent domain rather than the specific
domain to which I moved it?
|
Similar Threads
Linear Mode
