Mapping user objects to other user objects in trust forest

Discussion in 'Active Directory' started by Dha, Sep 23, 2004.

  1. Dha

    Dha Guest

    I have a AD forest ( trusting another AD forest (
    Both are Win2K3 functional level. There are management changes recently.
    my AD forest ( is not allowed to have user accounts anymore
    (only service accounts and such). has already populated with
    users. Is there any tools that I can automatically remove the user in my
    forestA and replace it with users in ForestB. This is for file permissions
    as well as MS SQL. I known for sure that MS SQL is more complicated.

    Dha, Sep 23, 2004
    1. Advertisements

  2. Hello,
    Have a look at MIIS or simplesync to sync data between forests.

    Christoffer Andersson
    Microsoft MVP - Directory Services

    No email replies please - reply in the newsgroup
    Chriss3 [MVP], Sep 23, 2004
    1. Advertisements

  3. Active Directory Migration tool would help you out with this.

    FutureMVPHopeful, Sep 24, 2004
  4. Dha

    Dha Guest

    ADMT would re-create a user object on the other forest. I don't want that.
    I just want to:

    1. Delete all current users object in my forest.
    2. Replace all the file permissions to same username but from other forest.
    (i.e replace with ).
    3. Do same on all my SQL servers.

    I'm sure someone out there must have written a script on these....
    Dha, Sep 24, 2004
  5. What are saying that you want to do?

    futureMVPHopeful, Sep 24, 2004
  6. Most tools that will do this are based on sidHistory, so if your users in
    ForestB were mgirated from ForestA and kept sidHistory then there are a
    number of tools that will help you out with this.

    NetIQs DMA and Quests Migration suite both have options for repermissioning
    objects, although NetIQs tool will only fix permissions on a SQL server if
    you are using either: All SQL based authentication, or All Windows based
    authentication. If you have a mixed authentication setup (some SQL, some
    Windows) then NetIQ won't do the security translation. Quests product will do
    security translation on SQL servers with mixed authentication.

    A note on both of those products: translation does not need to be done when
    the objects are migrated, it can be done at a later date as long as
    sidHistory is maintained.

    Phillip Renouf, Sep 28, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.