Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 2021. How do I move files between domain members when local group/user ACLs exist?


When you move files between domain members, and local permissions exist, the recipient member will not be able to resolve the sending members local group and user permissions.

To workaround the difficulty, make sure that a domain Global group or domain user has Full Control of the files/folders, or you will loose access. Using tools from the Resource Kit and supplements, use:

GetSID \\SendingServer SendingLocalGroup \\ReceivingServer ReceivingLocalGroup >SIDs.TXT

When you inspect the SIDs.TXT file:

  The SID for account SendingServer\LocalGroup1 does not match account ReceivingServer\LocalGroup1
  The SID for account SendingServer\LocalGroup1 is S-1-5-21-123538420-358423456-7473742-1001
  The SID for account ReceivingServer\LocalGroup1 is S-1-5-21-456131457-352918789-1170935872-1007
Using SCOPY, or ROBOCOPY from Supplement 4, copy the files and permissions.

You will notice that the local permissions on ReceivingServer\LocalGroup1 are UNKOWN.

Use SubInAcl to replace the unknown permissions:

  subinacl /subdirectories <Drive:>\Folder\*.* /replace=S-1-5-21-456131457-352918789-1170935872-1007=S-1-5-21-123538420-358423456-7473742-1001

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019