locked
SQL Server ACL Translation with ADMT RRS feed

  • Question

  • We are in the process of migrating users, computers and servers from one forest to another. We have completed most user and computer migrations but have hit a roadblock. A particular department uses MS SQL server extensively. When I run the ADMT 3.2 Security Translator against a SQL server, users and groups contained in SQL are not translated to the migrated users and groups. Currently we are selecting ADD for the permissions. Options selected during translations are as follows:

    Files and Folders, Local Groups, Shares, User Rights

    I have done some exhaustive searches and everyone states it should work but it is not. Can anyone provide some assistance?

    Tuesday, September 4, 2012 8:05 PM

Answers

  • We have Microsoft onsite and we put this in the lab. It is not possible for the ADMT tool to re-ACL within SQL itself. One solution is to run scripts within SQL. Another solution is to create a local group on the Windows server and add the source domain users and groups to it then add the local groups in SQL. Then the ADMT Security translator will assign the target users and groups.
    • Marked as answer by Larry Newman Wednesday, September 19, 2012 1:42 PM
    Wednesday, September 19, 2012 1:42 PM

All replies

  • Hi Larry,

    Any progress?

    We can use ADMT v3.2 to migrate users, groups, service accounts, and computers between AD DS domains in different forests (inter-forest migration) or between AD DS domains in the same forest (intra-forest migration). ADMT can also perform security translation (to migrate local user profiles) when performing inter-forest migrations. It should be no problem.

    If it has any error messages when you use ADMT 3.2 when translate users and groups, please post it.

    Refer to:
    Users are not migrated when you use Active Directory Migration Tool: http://support.microsoft.com/kb/833230.
    How to use Active Directory Migration Tool: http://support.microsoft.com/kb/326480.

    Thanks,
    Maggie


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. This can be beneficial to other community members reading the thread.

    Sunday, September 9, 2012 8:38 AM
  • No progress yet. We have no issues migrating users it is running the translator against a SQL server to change the ACL within SQL. The SQL is still in the source domain and users yet to be migrated with it. But we need to have the ADMT security translator ADD the target domain permissions to to the SQL server much like a file server.
    Tuesday, September 11, 2012 2:52 PM
  • We have Microsoft onsite and we put this in the lab. It is not possible for the ADMT tool to re-ACL within SQL itself. One solution is to run scripts within SQL. Another solution is to create a local group on the Windows server and add the source domain users and groups to it then add the local groups in SQL. Then the ADMT Security translator will assign the target users and groups.
    • Marked as answer by Larry Newman Wednesday, September 19, 2012 1:42 PM
    Wednesday, September 19, 2012 1:42 PM