JSI Tip 2021. How do I move files between domain members when local group/user ACLs exist?

When you move files between domain members, and local permissions exist, the recipient member will not be able to resolve the sending members local group and user permissions.

To workaround the difficulty, make sure that a domain Global group or domain user has Full Control of the files/folders, or you will loose access. Using tools from the Resource Kit and supplements, use:

GetSID \SendingServer SendingLocalGroup \ReceivingServer ReceivingLocalGroup >SIDs.TXT

When you inspect the SIDs.TXT file:

  The SID for account SendingServerLocalGroup1 does not match account ReceivingServerLocalGroup1  The SID for account SendingServerLocalGroup1 is S-1-5-21-123538420-358423456-7473742-1001  The SID for account ReceivingServerLocalGroup1 is S-1-5-21-456131457-352918789-1170935872-1007

Using SCOPY, or ROBOCOPY from Supplement 4, copy the files and permissions.

You will notice that the local permissions on ReceivingServerLocalGroup1 are UNKOWN.

Use SubInAcl to replace the unknown permissions:

  subinacl /subdirectories Folder*.* /replace=S-1-5-21-456131457-352918789-1170935872-1007=S-1-5-21-123538420-358423456-7473742-1001