Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » subinacl to remove unknown sids
subinacl to remove unknown sids [message #156263] Fri, 12 June 2009 15:22 Go to next message
study  is currently offline study
Messages: 13
Registered: June 2009
Junior Member
After the domain migration, I'd like to remove the dead sids that are left
from the folder/files after decommissioning the old domain.
What would be the actual subinacl command to remove dead sids (old domain's
local groups like old domain/domain users, old domain/domain admins)
from the folder and file ntfs permissions?

I've tried the below but doesn't seem to be working...
subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain

Thanks
Re: subinacl to remove unknown sids [message #156269 is a reply to message #156263] Fri, 12 June 2009 16:21 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello study,

Try this one:

subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain

for a test before use:

subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain /testmode

I used it with the NetBios name and it works. Also make sure if you use 2008,
to use an elevated command prompt, even for the administrator account.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> After the domain migration, I'd like to remove the dead sids that are
> left
> from the folder/files after decommissioning the old domain.
> What would be the actual subinacl command to remove dead sids (old
> domain's
> local groups like old domain/domain users, old domain/domain admins)
> from the folder and file ntfs permissions?
> I've tried the below but doesn't seem to be working... subinacl
> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>
> Thanks
>
Re: subinacl to remove unknown sids [message #156270 is a reply to message #156263] Fri, 12 June 2009 17:22 Go to previous messageGo to next message
SubstituteThisWithMyF  is currently offline SubstituteThisWithMyF  Netherlands
Messages: 85
Registered: October 2009
Member
shouldn't that be
subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------ ------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------ ------------------------------
#################################################
#################################################
------------------------------------------------------------ ------------------------------

"study" <study@discussions.microsoft.com> wrote in message
news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> After the domain migration, I'd like to remove the dead sids that are left
> from the folder/files after decommissioning the old domain.
> What would be the actual subinacl command to remove dead sids (old
> domain's
> local groups like old domain/domain users, old domain/domain admins)
> from the folder and file ntfs permissions?
>
> I've tried the below but doesn't seem to be working...
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
>
> Thanks
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4151 (20090612) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4151 (20090612) __________

The message was checked by ESET Smart Security.

http://www.eset.com
Re: subinacl to remove unknown sids [message #156271 is a reply to message #156270] Fri, 12 June 2009 17:44 Go to previous messageGo to next message
study  is currently offline study
Messages: 13
Registered: June 2009
Junior Member
Hello Meinolf and Jorge,

Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain

but it just shows
Elapsed Time: 00 00:00:00
Done: 0, Modified 0, Failed 0, Syntex errors 0

Any ideas?

"Jorge de Almeida Pinto [MVP - DS]" wrote:

> shouldn't that be
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------ ------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------ ------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------ ------------------------------
>
> "study" <study@discussions.microsoft.com> wrote in message
> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> > After the domain migration, I'd like to remove the dead sids that are left
> > from the folder/files after decommissioning the old domain.
> > What would be the actual subinacl command to remove dead sids (old
> > domain's
> > local groups like old domain/domain users, old domain/domain admins)
> > from the folder and file ntfs permissions?
> >
> > I've tried the below but doesn't seem to be working...
> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >
> > Thanks
> >
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4151 (20090612) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
>
> __________ Information from ESET Smart Security, version of virus signature database 4151 (20090612) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
Re: subinacl to remove unknown sids [message #156282 is a reply to message #156271] Sat, 13 June 2009 04:20 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello study,

Do you use this version:
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Meinolf and Jorge,
>
> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>
> but it just shows
> Elapsed Time: 00 00:00:00
> Done: 0, Modified 0, Failed 0, Syntex errors 0
> Any ideas?
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> shouldn't that be
>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
>> #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------ ---------
>> ---------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before
>> implementing!
>> ------------------------------------------------------------ ---------
>> ---------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------ ---------
>> ---------------------
>> "study" <study@discussions.microsoft.com> wrote in message
>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>
>>> After the domain migration, I'd like to remove the dead sids that
>>> are left
>>> from the folder/files after decommissioning the old domain.
>>> What would be the actual subinacl command to remove dead sids (old
>>> domain's
>>> local groups like old domain/domain users, old domain/domain admins)
>>> from the folder and file ntfs permissions?
>>> I've tried the below but doesn't seem to be working... subinacl
>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>
>>> Thanks
>>>
>>> __________ Information from ESET Smart Security, version of virus
>>> signature database 4151 (20090612) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4151 (20090612) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
Re: subinacl to remove unknown sids [message #156304 is a reply to message #156282] Sun, 14 June 2009 03:54 Go to previous messageGo to next message
Andrei Ungureanu  is currently offline Andrei Ungureanu  Romania
Messages: 82
Registered: July 2009
Member
subinacl is known for bugs.
I have run in to similar issues when trying to to ACL cleanup. Anyone knows
a newer version?

Andrei Ungureanu
www.itboard.ro


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
> Hello study,
>
> Do you use this version:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello Meinolf and Jorge,
>>
>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>
>> but it just shows
>> Elapsed Time: 00 00:00:00
>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>> Any ideas?
>>
>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>
>>> shouldn't that be
>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
>>> #
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------ ---------
>>> ---------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test ANY suggestion in a test environment before
>>> implementing!
>>> ------------------------------------------------------------ ---------
>>> ---------------------
>>> #################################################
>>> #################################################
>>> ------------------------------------------------------------ ---------
>>> ---------------------
>>> "study" <study@discussions.microsoft.com> wrote in message
>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>
>>>> After the domain migration, I'd like to remove the dead sids that
>>>> are left
>>>> from the folder/files after decommissioning the old domain.
>>>> What would be the actual subinacl command to remove dead sids (old
>>>> domain's
>>>> local groups like old domain/domain users, old domain/domain admins)
>>>> from the folder and file ntfs permissions?
>>>> I've tried the below but doesn't seem to be working... subinacl
>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>
>>>> Thanks
>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
>>> __________ Information from ESET Smart Security, version of virus
>>> signature database 4151 (20090612) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>
>
Re: subinacl to remove unknown sids [message #156306 is a reply to message #156304] Sun, 14 June 2009 07:04 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Andrei Ungureanu" itboard.ro,

I used the one i posted above and it works , also on 2008 without problem
in my system.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> subinacl is known for bugs.
> I have run in to similar issues when trying to to ACL cleanup. Anyone
> knows
> a newer version?
> Andrei Ungureanu
> www.itboard.ro
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
> news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
>
>> Hello study,
>>
>> Do you use this version:
>> http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8F
>> E-4A91-93CF-ED6985E3927B&displaylang=en
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello Meinolf and Jorge,
>>>
>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>
>>> but it just shows
>>> Elapsed Time: 00 00:00:00
>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>> Any ideas?
>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>
>>>> shouldn't that be
>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> --
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>> Services
>>>> #
>>>> BLOG (WEB-BASED)-->
>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> * This posting is provided "AS IS" with no warranties and confers
>>>> no
>>>> rights!
>>>> * Always test ANY suggestion in a test environment before
>>>> implementing!
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> #################################################
>>>> #################################################
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>> are left
>>>>> from the folder/files after decommissioning the old domain.
>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>> domain's
>>>>> local groups like old domain/domain users, old domain/domain
>>>>> admins)
>>>>> from the folder and file ntfs permissions?
>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>> Thanks
>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
Re: subinacl to remove unknown sids [message #156307 is a reply to message #156306] Sun, 14 June 2009 07:25 Go to previous messageGo to next message
Andrei Ungureanu  is currently offline Andrei Ungureanu  Romania
Messages: 82
Registered: July 2009
Member
On test machines worked for me also. On production systems it failed many
times.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
news:ff16fb66279408cbbb07c1f84df6@msnews.microsoft.com...
> Hello Andrei Ungureanu" itboard.ro,
>
> I used the one i posted above and it works , also on 2008 without problem
> in my system.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> subinacl is known for bugs.
>> I have run in to similar issues when trying to to ACL cleanup. Anyone
>> knows
>> a newer version?
>> Andrei Ungureanu
>> www.itboard.ro
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
>> news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
>>
>>> Hello study,
>>>
>>> Do you use this version:
>>> http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8F
>>> E-4A91-93CF-ED6985E3927B&displaylang=en
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hello Meinolf and Jorge,
>>>>
>>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>>
>>>> but it just shows
>>>> Elapsed Time: 00 00:00:00
>>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>>> Any ideas?
>>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>>
>>>>> shouldn't that be
>>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>>> --
>>>>> Cheers,
>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>>> Services
>>>>> #
>>>>> BLOG (WEB-BASED)-->
>>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>>> ------------------------------------------------------------ -------
>>>>> --
>>>>> ---------------------
>>>>> * This posting is provided "AS IS" with no warranties and confers
>>>>> no
>>>>> rights!
>>>>> * Always test ANY suggestion in a test environment before
>>>>> implementing!
>>>>> ------------------------------------------------------------ -------
>>>>> --
>>>>> ---------------------
>>>>> #################################################
>>>>> #################################################
>>>>> ------------------------------------------------------------ -------
>>>>> --
>>>>> ---------------------
>>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>>> are left
>>>>>> from the folder/files after decommissioning the old domain.
>>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>>> domain's
>>>>>> local groups like old domain/domain users, old domain/domain
>>>>>> admins)
>>>>>> from the folder and file ntfs permissions?
>>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>>> Thanks
>>>>>>
>>>>>> __________ Information from ESET Smart Security, version of virus
>>>>>> signature database 4151 (20090612) __________
>>>>>>
>>>>>> The message was checked by ESET Smart Security.
>>>>>>
>>>>>> http://www.eset.com
>>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>
>
Re: subinacl to remove unknown sids [message #156342 is a reply to message #156271] Mon, 15 June 2009 14:56 Go to previous messageGo to next message
SubstituteThisWithMyF  is currently offline SubstituteThisWithMyF  Netherlands
Messages: 85
Registered: October 2009
Member
do make sure you have the latest version from the internet. do not use the
version in the resource kit

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------ ------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------ ------------------------------
#################################################
#################################################
------------------------------------------------------------ ------------------------------

"study" <study@discussions.microsoft.com> wrote in message
news:91AD3B5D-F59E-4657-8AA8-556BE919D0DC@microsoft.com...
> Hello Meinolf and Jorge,
>
> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
> subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>
> but it just shows
> Elapsed Time: 00 00:00:00
> Done: 0, Modified 0, Failed 0, Syntex errors 0
>
> Any ideas?
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> shouldn't that be
>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------ ------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before implementing!
>> ------------------------------------------------------------ ------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------ ------------------------------
>>
>> "study" <study@discussions.microsoft.com> wrote in message
>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>> > After the domain migration, I'd like to remove the dead sids that are
>> > left
>> > from the folder/files after decommissioning the old domain.
>> > What would be the actual subinacl command to remove dead sids (old
>> > domain's
>> > local groups like old domain/domain users, old domain/domain admins)
>> > from the folder and file ntfs permissions?
>> >
>> > I've tried the below but doesn't seem to be working...
>> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
>> >
>> > Thanks
>> >
>> > __________ Information from ESET Smart Security, version of virus
>> > signature database 4151 (20090612) __________
>> >
>> > The message was checked by ESET Smart Security.
>> >
>> > http://www.eset.com
>> >
>> >
>> >
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4151 (20090612) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4156 (20090615) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4156 (20090615) __________

The message was checked by ESET Smart Security.

http://www.eset.com
Re: subinacl to remove unknown sids [message #156354 is a reply to message #156282] Mon, 15 June 2009 19:09 Go to previous messageGo to next message
study  is currently offline study
Messages: 13
Registered: June 2009
Junior Member
I just downloaded the version from the link and tried the both commands below:
subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=olddomain

Both cases, I get (of course I substituted the real old domain name for the
olddomain):
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*.*
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*


"Meinolf Weber [MVP-DS]" wrote:

> Hello study,
>
> Do you use this version:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hello Meinolf and Jorge,
> >
> > Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> > and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
> >
> > but it just shows
> > Elapsed Time: 00 00:00:00
> > Done: 0, Modified 0, Failed 0, Syntex errors 0
> > Any ideas?
> >
> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
> >
> >> shouldn't that be
> >> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> >> --
> >>
> >> Cheers,
> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
> >> #
> >>
> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> >> ------------------------------------------------------------ ---------
> >> ---------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test ANY suggestion in a test environment before
> >> implementing!
> >> ------------------------------------------------------------ ---------
> >> ---------------------
> >> #################################################
> >> #################################################
> >> ------------------------------------------------------------ ---------
> >> ---------------------
> >> "study" <study@discussions.microsoft.com> wrote in message
> >> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> >>
> >>> After the domain migration, I'd like to remove the dead sids that
> >>> are left
> >>> from the folder/files after decommissioning the old domain.
> >>> What would be the actual subinacl command to remove dead sids (old
> >>> domain's
> >>> local groups like old domain/domain users, old domain/domain admins)
> >>> from the folder and file ntfs permissions?
> >>> I've tried the below but doesn't seem to be working... subinacl
> >>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >>>
> >>> Thanks
> >>>
> >>> __________ Information from ESET Smart Security, version of virus
> >>> signature database 4151 (20090612) __________
> >>>
> >>> The message was checked by ESET Smart Security.
> >>>
> >>> http://www.eset.com
> >>>
> >> __________ Information from ESET Smart Security, version of virus
> >> signature database 4151 (20090612) __________
> >>
> >> The message was checked by ESET Smart Security.
> >>
> >> http://www.eset.com
> >>
>
>
>
Re: subinacl to remove unknown sids [message #156357 is a reply to message #156342] Mon, 15 June 2009 19:33 Go to previous messageGo to next message
study  is currently offline study
Messages: 13
Registered: June 2009
Junior Member
Actually it was the latest version 5.2.3790.1180.
I just re-downloaded it and installed it to a different directory and ran it
and got a different result:
1355 Could not find domain name: olddomain
Error finding domain name : 1355 The specified domain either does not exist
or could not be contacted
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option: c:\*.*

Dooe the olddomain need to be contactable for this to succeed?
The trust to the olddomain has been removed and the security translation
wizard has been run to remove the old accounts. The unknown sids left over
are the olddomain\domain users and olddomain\domain admins.

Do I need to use another method then to remove them?
I can see their sids in the ntfs permissions window.


"Jorge de Almeida Pinto [MVP - DS]" wrote:

> do make sure you have the latest version from the internet. do not use the
> version in the resource kit
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------ ------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------ ------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------ ------------------------------
>
> "study" <study@discussions.microsoft.com> wrote in message
> news:91AD3B5D-F59E-4657-8AA8-556BE919D0DC@microsoft.com...
> > Hello Meinolf and Jorge,
> >
> > Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
> > subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
> >
> > but it just shows
> > Elapsed Time: 00 00:00:00
> > Done: 0, Modified 0, Failed 0, Syntex errors 0
> >
> > Any ideas?
> >
> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
> >
> >> shouldn't that be
> >> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> >>
> >> --
> >>
> >> Cheers,
> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >>
> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
> >>
> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> >> ------------------------------------------------------------ ------------------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test ANY suggestion in a test environment before implementing!
> >> ------------------------------------------------------------ ------------------------------
> >> #################################################
> >> #################################################
> >> ------------------------------------------------------------ ------------------------------
> >>
> >> "study" <study@discussions.microsoft.com> wrote in message
> >> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> >> > After the domain migration, I'd like to remove the dead sids that are
> >> > left
> >> > from the folder/files after decommissioning the old domain.
> >> > What would be the actual subinacl command to remove dead sids (old
> >> > domain's
> >> > local groups like old domain/domain users, old domain/domain admins)
> >> > from the folder and file ntfs permissions?
> >> >
> >> > I've tried the below but doesn't seem to be working...
> >> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >> >
> >> > Thanks
> >> >
> >> > __________ Information from ESET Smart Security, version of virus
> >> > signature database 4151 (20090612) __________
> >> >
> >> > The message was checked by ESET Smart Security.
> >> >
> >> > http://www.eset.com
> >> >
> >> >
> >> >
> >>
> >> __________ Information from ESET Smart Security, version of virus
> >> signature database 4151 (20090612) __________
> >>
> >> The message was checked by ESET Smart Security.
> >>
> >> http://www.eset.com
> >>
> >>
> >>
> >>
> >
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4156 (20090615) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
>
> __________ Information from ESET Smart Security, version of virus signature database 4156 (20090615) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
Re: subinacl to remove unknown sids [message #156364 is a reply to message #156354] Tue, 16 June 2009 02:01 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello study,

What OS version do you use? If 2008 run the command prompt, even with the
administrator account, with "run as".

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I just downloaded the version from the link and tried the both
> commands below:
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=olddomain
> Both cases, I get (of course I substituted the real old domain name
> for the
> olddomain):
> WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*.*
> WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello study,
>>
>> Do you use this version:
>> http://www.microsoft.com/downloads/details.aspx?FamilyID=E8B A3E56-D8F
>> E-4A91-93CF-ED6985E3927B&displaylang=en
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello Meinolf and Jorge,
>>>
>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>
>>> but it just shows
>>> Elapsed Time: 00 00:00:00
>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>> Any ideas?
>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>
>>>> shouldn't that be
>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> --
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>> Services
>>>> #
>>>> BLOG (WEB-BASED)-->
>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> * This posting is provided "AS IS" with no warranties and confers
>>>> no
>>>> rights!
>>>> * Always test ANY suggestion in a test environment before
>>>> implementing!
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> #################################################
>>>> #################################################
>>>> ------------------------------------------------------------ -------
>>>> --
>>>> ---------------------
>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>> are left
>>>>> from the folder/files after decommissioning the old domain.
>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>> domain's
>>>>> local groups like old domain/domain users, old domain/domain
>>>>> admins)
>>>>> from the folder and file ntfs permissions?
>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>> Thanks
>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
Previous Topic:A Way to Export Local Policy?
Next Topic:Problem creating AD zones
Goto Forum:
  


Current Time: Fri Oct 20 03:10:22 EDT 2017

Total time taken to generate the page: 0.03114 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software