![]() ![]() Icacls E:\rootfolder /save H:\exports\E_export.txt To achieve this, I re-run an export of the security using a command similar to ![]() Once a first pass of SetACL with a sidmap has been run, you’ll need to check that there are no legacy SIDs still being used to secure any folders. It is used in the final stages of a domain migration so cut the reliance on the continued existence of the old domain controllers in order to verify that the sidHistory attributes of migrated groups in the new domain still correspond with a valid object in the old domain (often referred to as ‘lookback’ or ‘reachback’).īefore an old domain can be decommissioned, the SIDs securing the NTFS folders need to be switched to use only the primary SIDs of the migrated groups. This post follows on from a previous post sidmaps and setacl describing how you can use SetACL with a SID map generated using dsquery to translate sidHistory attributes to primarySIDs for migrated groups used in the permissions on your data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |