We are currently in the process of migrating our users from one Active Directory domain to another.
The users already exist in the target domain so we were looking to mass change our NTFS permissions to include the user from the new domain whilst also retaining the permissions from the old domain.
A tool that Microsoft supplies looked ideal for the task – subinacl – apart from in one respect – the tool was deigned to replace permissions instead of adding to them. The way we got round this problem was to edit the export from subinacl and add in the new permissions that we wanted and then to run the export file against the NTFS volume.
So this was a 4 step process.
First, run the subinacl command against the NTFS volume to create an export file with all of the existing permissions –
Then create a lookup file to map the old_domain\old_user to the new_domain\new_user –
Next, create the bash script. Some of this will be specific to our requirements but should get you started if you need to do the same thing –
Then you just need to play the rights file against your NTFS volume.
Warning: Obviously, make sure you know what you’re about to do when performing any kind of mass update