Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Migrate Local Group -> AD Group
Migrate Local Group -> AD Group [message #326440] Tue, 24 November 2009 09:39 Go to next message
Alex  is currently offline Alex  France
Messages: 71
Registered: August 2009
Member
Hi,
I have a Windows 2000 Server, member of a domain "AD"
On this server I have created Local Groups, and populated them with AD
Groups.
The permissions on the directories and files are created using the
Local Groups.

We want to change this and stop using local groups. We want to use
only AD Groups from now on.

Is there a way to change this while keeping all the permissions on the
files/directories ?

EG:
Local Group: LG_Test
Members of LG_Test: AD\Tom, AD\Sam

Files\Diretory: Toto
Permissions on Toto: LG_Test RWX

I want: Permissions on Toto: AD\Tom rws and AD\Sam RWX

Any ideas how to proceed ?

Thanks

Alex
Re: Migrate Local Group -> AD Group [message #326472 is a reply to message #326440] Tue, 24 November 2009 10:15 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Alex" <alexc35@gmail.com> wrote in message
news:55e6f356-b480-4b21-ba16-473245f6ec04@j35g2000vbl.googlegroups.com...
> Hi,
> I have a Windows 2000 Server, member of a domain "AD"
> On this server I have created Local Groups, and populated them with AD
> Groups.
> The permissions on the directories and files are created using the
> Local Groups.
>
> We want to change this and stop using local groups. We want to use
> only AD Groups from now on.
>
> Is there a way to change this while keeping all the permissions on the
> files/directories ?
>
> EG:
> Local Group: LG_Test
> Members of LG_Test: AD\Tom, AD\Sam
>
> Files\Diretory: Toto
> Permissions on Toto: LG_Test RWX
>
> I want: Permissions on Toto: AD\Tom rws and AD\Sam RWX
>
> Any ideas how to proceed ?
>
> Thanks
>
> Alex


That is actually the 'best practice' method.

However, you can change it easily. With your example, just create
descriptive Global Groups, one to add Tom in and call it G_Accounting_RWS
and one for Sam and call it G_Accounting_RWX) and add Tom and add them to
the resources and apply permissions.

(I used "Accounting" as an example).

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Migrate Local Group -> AD Group [message #326725 is a reply to message #326472] Tue, 24 November 2009 14:56 Go to previous messageGo to next message
Alex  is currently offline Alex  France
Messages: 71
Registered: August 2009
Member
Thanks for your answer.
The thing is, I have thousands of directories with heaps of different
permissions.
So I need to automate this, in any way.
I can easily create these Global Groups with corresponding members,
but I need to apply the permissions according to the existing ones.
Re: Migrate Local Group -> AD Group [message #326742 is a reply to message #326725] Tue, 24 November 2009 15:13 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Alex,

You will not find any automation way without writing lot's of scripts. Unfortunal
using local groups in a domain is a really bad decision and if you made this
with that amount of groups, i think you have to find a script which will
do the job but also needs the option to change it for each new folder.

In my opinion prepare a new shared folder, create a new structure on it,
a maximum of 3 folders deep where you set permissions and copy the data to
the new structure. This is a one-time planning with the company structure
and rebuilding the complete folders which will save you hours of work and
reconfiguration to get it properly running in the future.

So let it look like this:
Company (toplevel share)
branch 1, branch 2, etc.

If needed create a deeper structure but in my opinion let the branches work
with there own structure.

For personalized data use a different share. But therefore we need more detailed
information how your folder structure should lokk like.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for your answer.
> The thing is, I have thousands of directories with heaps of different
> permissions.
> So I need to automate this, in any way.
> I can easily create these Global Groups with corresponding members,
> but I need to apply the permissions according to the existing ones.
Previous Topic:Using a custom attribute for RDN.
Next Topic:Synchronize Schema Between ADAM and Active Directory...
Goto Forum:
  


Current Time: Fri Jan 19 00:42:29 MST 2018

Total time taken to generate the page: 0.03311 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software