Delete all OLDDOMAIN ACLs from file system

R

Rick Dang

Hi,
some servers moved from OLDDOMAIN to NEWDOMAIN, that have bidirectional
trust relationships. Their filesystems now have ACLs done by users and
groups from both domains.

How can I delete all the OLDDOMAIN ACLs references from the filesystems'
objects?

With CACLS I could remove OLDDOMAIN's groups and users one by one, but I
cannot remove the whole OLDDOMAIN.

Thanks in advance,
Rick
 
R

Roger Abell [MVP]

Your best bet is likely to write a script that recurses over all
storage structures looking for ACEs that grant/deny principals
of the old domain based on the old domain's rid portion in the
sid used in the grant/deny.
Using other tools has the problem that you cannot specify the
target account with a sid pattern, but must first discover each
different old domain principal that is being used.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delete ACLs for a whole domain 4
Disable Exe and Other File Types from being run/viewed 8
Removing Multiple Headers From Imported File 1
tar or zipping files to which you have no explicit access? 2
GPOs for software distribution 1
Tracking file deletions on Win2K3 Servers 2
lost enterprise admin rights 3
Problems browising for users/groups on Trusted Win2K3 domain from 2

Top