I have 2 domains, lets call them "OLDDomain" and "NEWDomain".

The previous admin "migrated" the users from OLDDomain to NEWDomain by painstakingly going through active directory user by user. Then several large applications were manually migrated over as well, so there is no chance of me just rebuilding the NEWDomain, or re-migrating the users.

The result of this is that all the NEWDomain users SID's do not match the SID's on the old domain.

When I use "ROBOCOPY /MIR /SEC /SECFIX" to transfer data from an OLDDomain file server to a NEWDomain file server, I get a "Access is denied." error from robocopy, and it fails to copy any files, after it moves the directory structure over and sets the permissions to match the OLDDomain (since my NEWDomain SID doesnt match the ACL on the files!). This means I'm left with a series of empty folders that have the wrong permissions on them. I can copy the data without keeping the permissions, but then I need to go through and re-set the permissions on all the files. Taking ownership of files is not an option since it wipes the ACL on the files and leaves the permissions all messed up.

Does anyone know of a (relatively) quick way to transfer data between 2 domains, and transition the permissions to the new users? There's over 500GB of data and I really dont wan't to do this by hand (like the other admin is planning). I've looked into the SETACL utility's domain migration function, but so far havent had any luck since I still need to get the files from the old domain with the permissions intact, and I cant quite get the robocopy working the way I want. I have constructed a mapping of all the OLDDomain SIDs to the NEWDomain SIDs, via a simple script I wrote. I was planning on finding a way to iterate through the files and copy permissions from the OLDDomain SID to the NEWDomain SID, and then remove the OLD Sids.

I'd like to stick with as basic tools as possible, and I feel like RoboCopy and Set-ACL can get the job done, but I havent quite made it work yet. Any help would be appreciated. Cheers.