IT Employment

General discussion


Migrating Win2003 Fileserver

By eric.fondriest ·
I would like suggestions on the best method of moving a Win2003 fileserver (ServerA) that is currently a member server in an NT4 domain to an AD environment as a member server. ServerA uses local groups, which contain NT4 Global Groups, to provide access control to its fileshares. Obviously, when I have ServerA join the AD, no one on the AD will have access to the fileshares on ServerA. I have thought about scripting the creation of Domain Local Groups in the AD with the same names as the ServerA local groups. I could then use subinacl to swap the SIDS (i.e. ServerA\FinanceGroup's sids would be replaced with the AD Domain Local group FinanceGroup's sids.). This seems kind of hairy and would need to be thoroughly tested to give me peace of mind. I have also thought about using the sIDHistory attribute, but from what I have read this is only a short-term solution until all ACLs have been re-ACLed.

Any suggestions are welcome.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Additional Ideas

by BFilmFan In reply to Migrating Win2003 Fileser ...

Might try this:

Create a one-way trust where NT trusts AD.

Create domain security groups in AD.

Place the AD domain security groups into the local NT server groups.

Remove the NT server from NT domain and place it into the AD domain.


Might save you some time.

Collapse -

by eric.fondriest In reply to Additional Ideas

The fileserver is actually node1 of a 2-node cluster. I need to have the security based on domain level groups in order to still function in the event of a node failure.


Related Discussions

Related Forums