https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141581#M9068 <P>Hey all,</P> <P>&nbsp;</P> <P>I've been tasked with an Active Directory consolidation project from a M&amp;A. I use Active Directory Migration Tool (ADMT) from Microsoft to migrate the users, groups, and computers which does a security translation during the migration process and utilizes SID History to preserve access during the project.</P> <P>&nbsp;</P> <P>With Windows File Servers ADMT deploys an agent and does the Security Translation which re-ACLs all of the shares, folders, and files. This won't work on the NetApp Filer I need to move. Do any of you know of a good way to do the security translation on the NetApp filer? I'm not a Storage guy, so I'm not sure. Any tools/products you use? I did a search on the forum but just found some old topics that didn't provide what I was looking for.</P> <P>&nbsp;</P> <P>Any feedback is really appreciated.</P> <P>&nbsp;</P> <P>Thanks much!</P> Wed, 04 Jun 2025 13:30:06 GMT BPurchell 2025-06-04T13:30:06Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141581#M9068 <P>Hey all,</P> <P>&nbsp;</P> <P>I've been tasked with an Active Directory consolidation project from a M&amp;A. I use Active Directory Migration Tool (ADMT) from Microsoft to migrate the users, groups, and computers which does a security translation during the migration process and utilizes SID History to preserve access during the project.</P> <P>&nbsp;</P> <P>With Windows File Servers ADMT deploys an agent and does the Security Translation which re-ACLs all of the shares, folders, and files. This won't work on the NetApp Filer I need to move. Do any of you know of a good way to do the security translation on the NetApp filer? I'm not a Storage guy, so I'm not sure. Any tools/products you use? I did a search on the forum but just found some old topics that didn't provide what I was looking for.</P> <P>&nbsp;</P> <P>Any feedback is really appreciated.</P> <P>&nbsp;</P> <P>Thanks much!</P> Wed, 04 Jun 2025 13:30:06 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141581#M9068 BPurchell 2025-06-04T13:30:06Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141667#M9082 <P>Hi</P> <P>&nbsp;</P> <P>i assume that if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL</P> <P>&nbsp;</P> <P>i'm not aware of a NetApp way to do re-acl. maybe other tool can do.&nbsp; also have a quick look on this to see if re-acl actually a good idea:</P> <P><A href="https://pshirwin.wordpress.com/2017/06/13/the-lowdown-on-sidhistory/" target="_blank">https://pshirwin.wordpress.com/2017/06/13/the-lowdown-on-sidhistory/</A></P> <P>&nbsp;</P> <P>Gidi</P> Mon, 23 Jul 2018 18:57:47 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141667#M9082 GidonMarcus 2018-07-23T18:57:47Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141672#M9083 <P>-As&nbsp;<a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/38137">@GidonMarcus</a>&nbsp;mentioned&nbsp;<SPAN>if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL part.</SPAN></P> <P>&nbsp;</P> <P><SPAN>- First join the filer in the new DOMAIN.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regarding&nbsp;NetApp way to do re-acl</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P>&nbsp;</P> <P>first I like to ask what version of ONTAP it is 7 mode or CDOT.</P> <P>&nbsp;</P> <P>regarding the ra-acl then I can comment for the groups part of the shares like (domain admins/or admins groups) then there is a way to do the re-acl the shares on netapp side&nbsp;</P> <P>&nbsp;</P> <P>Here is the link for the documentation(this is for ONTAP 9 or CDOT) :</P> <P>&nbsp;</P> <P><A href="http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-910%2Fvserver__security__file-directory__show.html" target="_blank">http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-910%2Fvserver__security__file-directory__show.html</A></P> <P>&nbsp;</P> <P>if it is 7mode filer then re-acl for groups then you need to download secedit tool from tool chest and use it.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 24 Jul 2018 00:21:02 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Migrating-Filer-to-new-AD-Domain/m-p/141672#M9083 naveens17 2018-07-24T00:21:02Z