Network and Storage Protocols

Migrating Filer to new AD Domain


Hey all,


I've been tasked with an Active Directory consolidation project from a M&A. I use Active Directory Migration Tool (ADMT) from Microsoft to migrate the users, groups, and computers which does a security translation during the migration process and utilizes SID History to preserve access during the project.


With Windows File Servers ADMT deploys an agent and does the Security Translation which re-ACLs all of the shares, folders, and files. This won't work on the NetApp Filer I need to move. Do any of you know of a good way to do the security translation on the NetApp filer? I'm not a Storage guy, so I'm not sure. Any tools/products you use? I did a search on the forum but just found some old topics that didn't provide what I was looking for.


Any feedback is really appreciated.


Thanks much!





i assume that if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL


i'm not aware of a NetApp way to do re-acl. maybe other tool can do.  also have a quick look on this to see if re-acl actually a good idea:



Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK


-As @GidonMarcus mentioned if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL part.


- First join the filer in the new DOMAIN.


Regarding NetApp way to do re-acl



first I like to ask what version of ONTAP it is 7 mode or CDOT.


regarding the ra-acl then I can comment for the groups part of the shares like (domain admins/or admins groups) then there is a way to do the re-acl the shares on netapp side 


Here is the link for the documentation(this is for ONTAP 9 or CDOT) :


if it is 7mode filer then re-acl for groups then you need to download secedit tool from tool chest and use it.