Network Storage Protocols Discussions

Migrating Filer to new AD Domain

Hey all,

 

I've been tasked with an Active Directory consolidation project from a M&A. I use Active Directory Migration Tool (ADMT) from Microsoft to migrate the users, groups, and computers which does a security translation during the migration process and utilizes SID History to preserve access during the project.

 

With Windows File Servers ADMT deploys an agent and does the Security Translation which re-ACLs all of the shares, folders, and files. This won't work on the NetApp Filer I need to move. Do any of you know of a good way to do the security translation on the NetApp filer? I'm not a Storage guy, so I'm not sure. Any tools/products you use? I did a search on the forum but just found some old topics that didn't provide what I was looking for.

 

Any feedback is really appreciated.

 

Thanks much!

2 REPLIES 2

Re: Migrating Filer to new AD Domain

Hi

 

i assume that if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL

 

i'm not aware of a NetApp way to do re-acl. maybe other tool can do.  also have a quick look on this to see if re-acl actually a good idea:

https://pshirwin.wordpress.com/2017/06/13/the-lowdown-on-sidhistory/

 

Gidi

Re: Migrating Filer to new AD Domain

-As @GidonMarcus mentioned if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL part.

 

- First join the filer in the new DOMAIN.

 

Regarding NetApp way to do re-acl

 

 

first I like to ask what version of ONTAP it is 7 mode or CDOT.

 

regarding the ra-acl then I can comment for the groups part of the shares like (domain admins/or admins groups) then there is a way to do the re-acl the shares on netapp side 

 

Here is the link for the documentation(this is for ONTAP 9 or CDOT) :

 

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-910%2Fvserver__security__file-directory__show.html

 

if it is 7mode filer then re-acl for groups then you need to download secedit tool from tool chest and use it.

 

 

 

 

Forums