Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Migrating Filer to new AD Domain

BPurchell
‎2018-07-19 01:01 PM
5,736 Views

Hey all,

 

I've been tasked with an Active Directory consolidation project from a M&A. I use Active Directory Migration Tool (ADMT) from Microsoft to migrate the users, groups, and computers which does a security translation during the migration process and utilizes SID History to preserve access during the project.

 

With Windows File Servers ADMT deploys an agent and does the Security Translation which re-ACLs all of the shares, folders, and files. This won't work on the NetApp Filer I need to move. Do any of you know of a good way to do the security translation on the NetApp filer? I'm not a Storage guy, so I'm not sure. Any tools/products you use? I did a search on the forum but just found some old topics that didn't provide what I was looking for.

 

Any feedback is really appreciated.

 

Thanks much!

0 Kudos
View By:
2 REPLIES 2

GidonMarcus
‎2018-07-23 11:57 AM
5,648 Views

Hi

 

i assume that if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL

 

i'm not aware of a NetApp way to do re-acl. maybe other tool can do.  also have a quick look on this to see if re-acl actually a good idea:

https://pshirwin.wordpress.com/2017/06/13/the-lowdown-on-sidhistory/

 

Gidi

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
0 Kudos

naveens17
‎2018-07-23 05:21 PM
In response to GidonMarcus
5,627 Views

-As @GidonMarcus mentioned if you don't remove the SID history from the Users and Groups. you can avoid the RE-ACL part.

 

- First join the filer in the new DOMAIN.

 

Regarding NetApp way to do re-acl

 

 

first I like to ask what version of ONTAP it is 7 mode or CDOT.

 

regarding the ra-acl then I can comment for the groups part of the shares like (domain admins/or admins groups) then there is a way to do the re-acl the shares on netapp side 

 

Here is the link for the documentation(this is for ONTAP 9 or CDOT) :

 

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-910%2Fvserver__security__file-directory__show.html

 

if it is 7mode filer then re-acl for groups then you need to download secedit tool from tool chest and use it.

 

 

 

 

0 Kudos
Announcements
All Community Forums
Public