List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Domain Migration - local group membership

Prev Next

You are not authorized to post a reply.

Author

Messages

johnson2895 User is Offline

Posts:6

02/04/2010 9:07 PM
Hello, My team is in the process of migrating a domain in one forest into a domain in another forest as part of an acquisition. The issue we are having is that ADMT is not copying members of local groups in the source domain who are users from other domains in the destination forest to the groups in the destination domain. For example Domain A is in the old forest Domains B and C are in the new forest The local group is being migrated from domain A to domain B In domain A the local group has members that are in domain C In domain B after being copied by ADMT the local group no longer has the members from domain C Source forest is 2000 AD and the destination forest is 2003 AD. SID filter quarantining is disabled between the domains A and B and between A and C. Has any one on the list run into this before during a migration? Is there a way to fix this with out some custom scripting to re-add the users as members of the local group. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757

RickSheikh User is Offline

Posts:296

02/04/2010 9:22 PM
The group nesting restrictions still apply in this situation. Are you referring to the Domain Local groups as local groups ? http://www.shariqsheikh.com/blog/index.php/200909/group-nesting-reference-chart/ On Thu, Feb 4, 2010 at 3:06 PM, Parker F Johnson <PFJohnson@uss.com> wrote: > Hello, > > My team is in the process of migrating a domain in one forest into a domain > in another forest as part of an acquisition. The issue we are having is > that ADMT is not copying members of local groups in the source domain who > are users from other domains in the destination forest to the groups in the > destination domain. > > For example > Domain A is in the old forest > Domains B and C are in the new forest > The local group is being migrated from domain A to domain B > In domain A the local group has members that are in domain C > In domain B after being copied by ADMT the local group no longer has the > members from domain C > > Source forest is 2000 AD and the destination forest is 2003 AD. SID filter > quarantining is disabled between the domains A and B and between A and C. > > Has any one on the list run into this before during a migration? Is there > a way to fix this with out some custom scripting to re-add the users as > members of the local group. > > > Thank you > ____________________ > Parker Johnson > Gary Works BSC > Enterprise Services > Desk: 8-444-1542 > or 219-888-1542 > Cell: 219-689-9757

deji

Posts:259

02/04/2010 9:28 PM
There is a logic to that behavior. If you really want to migrate those groups from C to A, then you'd have to perform and actual migration exercise from C to A. You wouldn't want to "accidentally" proxy-migrate objects from one domain to another. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ www.akomolafe.name<http://www.akomolafe.name/> - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] On Behalf Of Parker F Johnson [PFJohnson@uss.com] Sent: Thursday, February 04, 2010 1:06 PM To: activedir@mail.activedir.org Subject: [ActiveDir] Domain Migration - local group membership Hello, My team is in the process of migrating a domain in one forest into a domain in another forest as part of an acquisition. The issue we are having is that ADMT is not copying members of local groups in the source domain who are users from other domains in the destination forest to the groups in the destination domain. For example Domain A is in the old forest Domains B and C are in the new forest The local group is being migrated from domain A to domain B In domain A the local group has members that are in domain C In domain B after being copied by ADMT the local group no longer has the members from domain C Source forest is 2000 AD and the destination forest is 2003 AD. SID filter quarantining is disabled between the domains A and B and between A and C. Has any one on the list run into this before during a migration? Is there a way to fix this with out some custom scripting to re-add the users as members of the local group. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757

johnson2895 User is Offline

Posts:6

02/04/2010 10:13 PM
Yes these are Domain local groups sorry for the confusion. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757 From: Rick Sheikh <ricksheikh@gmail.com> To: activedir@mail.activedir.org Date: 02/04/2010 03:23 PM Subject: Re: [ActiveDir] Domain Migration - local group membership Sent by: activedir-owner@mail.activedir.org The group nesting restrictions still apply in this situation. Are you referring to the Domain Local groups as local groups ? http://www.shariqsheikh.com/blog/index.php/200909/group-nesting-reference-chart/ On Thu, Feb 4, 2010 at 3:06 PM, Parker F Johnson <PFJohnson@uss.com> wrote: Hello, My team is in the process of migrating a domain in one forest into a domain in another forest as part of an acquisition. The issue we are having is that ADMT is not copying members of local groups in the source domain who are users from other domains in the destination forest to the groups in the destination domain. For example Domain A is in the old forest Domains B and C are in the new forest The local group is being migrated from domain A to domain B In domain A the local group has members that are in domain C In domain B after being copied by ADMT the local group no longer has the members from domain C Source forest is 2000 AD and the destination forest is 2003 AD. SID filter quarantining is disabled between the domains A and B and between A and C. Has any one on the list run into this before during a migration? Is there a way to fix this with out some custom scripting to re-add the users as members of the local group. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757

johnson2895 User is Offline

Posts:6

02/08/2010 9:35 PM
These are domain local groups. After double checking i have confirmed that the Domain local group members from "domain C" are domain users and not domain groups so I do not think this is an issue of group nesting. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757 From: Rick Sheikh <ricksheikh@gmail.com> To: activedir@mail.activedir.org Date: 02/04/2010 03:23 PM Subject: Re: [ActiveDir] Domain Migration - local group membership Sent by: activedir-owner@mail.activedir.org The group nesting restrictions still apply in this situation. Are you referring to the Domain Local groups as local groups ? http://www.shariqsheikh.com/blog/index.php/200909/group-nesting-reference-chart/ On Thu, Feb 4, 2010 at 3:06 PM, Parker F Johnson <PFJohnson@uss.com> wrote: Hello, My team is in the process of migrating a domain in one forest into a domain in another forest as part of an acquisition. The issue we are having is that ADMT is not copying members of local groups in the source domain who are users from other domains in the destination forest to the groups in the destination domain. For example Domain A is in the old forest Domains B and C are in the new forest The local group is being migrated from domain A to domain B In domain A the local group has members that are in domain C In domain B after being copied by ADMT the local group no longer has the members from domain C Source forest is 2000 AD and the destination forest is 2003 AD. SID filter quarantining is disabled between the domains A and B and between A and C. Has any one on the list run into this before during a migration? Is there a way to fix this with out some custom scripting to re-add the users as members of the local group. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757

johnson2895 User is Offline

Posts:6

02/12/2010 5:00 PM
Hi just a last call to see if anyone on the list has experienced this issue. The domain local groups are losing members that are domain users in a trusted domain when the domain local group is migrated. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757 __________________ These are domain local groups. After double checking i have confirmed that the Domain local group members from "domain C" are domain users and not domain groups so I do not think this is an issue of group nesting. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757 From: Rick Sheikh <ricksheikh@gmail.com> To: activedir@mail.activedir.org Date: 02/04/2010 03:23 PM Subject: Re: [ActiveDir] Domain Migration - local group membership Sent by: activedir-owner@mail.activedir.org The group nesting restrictions still apply in this situation. Are you referring to the Domain Local groups as local groups ? http://www.shariqsheikh.com/blog/index.php/200909/group-nesting-reference-chart/ On Thu, Feb 4, 2010 at 3:06 PM, Parker F Johnson <PFJohnson@uss.com> wrote: Hello, My team is in the process of migrating a domain in one forest into a domain in another forest as part of an acquisition. The issue we are having is that ADMT is not copying members of local groups in the source domain who are users from other domains in the destination forest to the groups in the destination domain. For example Domain A is in the old forest Domains B and C are in the new forest The local group is being migrated from domain A to domain B In domain A the local group has members that are in domain C In domain B after being copied by ADMT the local group no longer has the members from domain C Source forest is 2000 AD and the destination forest is 2003 AD. SID filter quarantining is disabled between the domains A and B and between A and C. Has any one on the list run into this before during a migration? Is there a way to fix this with out some custom scripting to re-add the users as members of the local group. Thank you ____________________ Parker Johnson Gary Works BSC Enterprise Services Desk: 8-444-1542 or 219-888-1542 Cell: 219-689-9757

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Domain Migration - local group membership

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads