Post Migration Question

Discussion in 'Server Migration' started by Alex, Jun 24, 2004.

  1. Alex

    Alex Guest


    When we did our migration, we migrated security principals (e.g. user and
    group accounts) with sidHistory. We also use Add mode for security
    translation on each computer.

    Because of the Add mode, we are seeing double ACEs on the NTFS scurity tab,
    one belonging to the old domain and one belonging to the new domain and both
    resolve to the same friendly name and you really can't tell which is which.
    Does anyone knows of any easy way or utility that can help to remove all
    ACEs that belongs to the old domain just by specifying the old domain name?
    I had tried subinacl but you need to specify the account name which is very
    tedious on our large file server.

    Thanks in advance,
    Alex, Jun 24, 2004
    1. Advertisements

  2. Hi Alex,

    Thanks for your posting here.

    You can try to run the following command on the file server.

    Subinacl /subdirectories folder_path /cleandeletedsidsfrom=OldDomainName

    Note1:OldDomainName is the Netbios domain name.
    Note2:If you would like to remove all the SIDs from old domain, please try
    this commands.

    Subinacl /subdirectories / /cleandeletedsidsfrom=OldDomainName

    Have a nice day!

    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! -

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Bob Qin [MSFT], Jun 25, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.