subinacl to remove unknown sids

After the domain migration, I'd like to remove the dead sids that are left
from the folder/files after decommissioning the old domain.
What would be the actual subinacl command to remove dead sids (old domain's
local groups like old domain/domain users, old domain/domain admins)
from the folder and file ntfs permissions?

I've tried the below but doesn't seem to be working...
subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain

Thanks

Hello study,

Try this one:

subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain

for a test before use:

subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain /testmode

I used it with the NetBios name and it works. Also make sure if you use 2008,
to use an elevated command prompt, even for the administrator account.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> After the domain migration, I'd like to remove the dead sids that are
> left
> from the folder/files after decommissioning the old domain.
> What would be the actual subinacl command to remove dead sids (old
> domain's
> local groups like old domain/domain users, old domain/domain admins)
> from the folder and file ntfs permissions?
> I've tried the below but doesn't seem to be working... subinacl
> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>
> Thanks
>

shouldn't that be
subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"study" <study@discussions.microsoft.com> wrote in message
news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> After the domain migration, I'd like to remove the dead sids that are left
> from the folder/files after decommissioning the old domain.
> What would be the actual subinacl command to remove dead sids (old
> domain's
> local groups like old domain/domain users, old domain/domain admins)
> from the folder and file ntfs permissions?
>
> I've tried the below but doesn't seem to be working...
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
>
> Thanks
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4151 (20090612) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4151 (20090612) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Hello Meinolf and Jorge,

Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain

but it just shows
Elapsed Time: 00 00:00:00
Done: 0, Modified 0, Failed 0, Syntex errors 0

Any ideas?

"Jorge de Almeida Pinto [MVP - DS]" wrote:

> shouldn't that be
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
>
> "study" <study@discussions.microsoft.com> wrote in message
> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> > After the domain migration, I'd like to remove the dead sids that are left
> > from the folder/files after decommissioning the old domain.
> > What would be the actual subinacl command to remove dead sids (old
> > domain's
> > local groups like old domain/domain users, old domain/domain admins)
> > from the folder and file ntfs permissions?
> >
> > I've tried the below but doesn't seem to be working...
> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >
> > Thanks
> >
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4151 (20090612) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
>
> __________ Information from ESET Smart Security, version of virus signature database 4151 (20090612) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>

Hello study,

Do you use this version:
http://www.microsoft.com/downloads/d...displaylang=en

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Meinolf and Jorge,
>
> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>
> but it just shows
> Elapsed Time: 00 00:00:00
> Done: 0, Modified 0, Failed 0, Syntex errors 0
> Any ideas?
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> shouldn't that be
>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
>> #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ---------------------------------------------------------------------
>> ---------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before
>> implementing!
>> ---------------------------------------------------------------------
>> ---------------------
>> #################################################
>> #################################################
>> ---------------------------------------------------------------------
>> ---------------------
>> "study" <study@discussions.microsoft.com> wrote in message
>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>
>>> After the domain migration, I'd like to remove the dead sids that
>>> are left
>>> from the folder/files after decommissioning the old domain.
>>> What would be the actual subinacl command to remove dead sids (old
>>> domain's
>>> local groups like old domain/domain users, old domain/domain admins)
>>> from the folder and file ntfs permissions?
>>> I've tried the below but doesn't seem to be working... subinacl
>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>
>>> Thanks
>>>
>>> __________ Information from ESET Smart Security, version of virus
>>> signature database 4151 (20090612) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4151 (20090612) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>

subinacl is known for bugs.
I have run in to similar issues when trying to to ACL cleanup. Anyone knows
a newer version?

Andrei Ungureanu
www.itboard.ro


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
> Hello study,
>
> Do you use this version:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello Meinolf and Jorge,
>>
>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>
>> but it just shows
>> Elapsed Time: 00 00:00:00
>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>> Any ideas?
>>
>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>
>>> shouldn't that be
>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
>>> #
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ---------------------------------------------------------------------
>>> ---------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test ANY suggestion in a test environment before
>>> implementing!
>>> ---------------------------------------------------------------------
>>> ---------------------
>>> #################################################
>>> #################################################
>>> ---------------------------------------------------------------------
>>> ---------------------
>>> "study" <study@discussions.microsoft.com> wrote in message
>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>
>>>> After the domain migration, I'd like to remove the dead sids that
>>>> are left
>>>> from the folder/files after decommissioning the old domain.
>>>> What would be the actual subinacl command to remove dead sids (old
>>>> domain's
>>>> local groups like old domain/domain users, old domain/domain admins)
>>>> from the folder and file ntfs permissions?
>>>> I've tried the below but doesn't seem to be working... subinacl
>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>
>>>> Thanks
>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
>>> __________ Information from ESET Smart Security, version of virus
>>> signature database 4151 (20090612) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>
>

Hello Andrei Ungureanu" itboard.ro,

I used the one i posted above and it works , also on 2008 without problem
in my system.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> subinacl is known for bugs.
> I have run in to similar issues when trying to to ACL cleanup. Anyone
> knows
> a newer version?
> Andrei Ungureanu
> www.itboard.ro
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
> news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
>
>> Hello study,
>>
>> Do you use this version:
>> http://www.microsoft.com/downloads/d...D=E8BA3E56-D8F
>> E-4A91-93CF-ED6985E3927B&displaylang=en
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello Meinolf and Jorge,
>>>
>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>
>>> but it just shows
>>> Elapsed Time: 00 00:00:00
>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>> Any ideas?
>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>
>>>> shouldn't that be
>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> --
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>> Services
>>>> #
>>>> BLOG (WEB-BASED)-->
>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> * This posting is provided "AS IS" with no warranties and confers
>>>> no
>>>> rights!
>>>> * Always test ANY suggestion in a test environment before
>>>> implementing!
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> #################################################
>>>> #################################################
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>> are left
>>>>> from the folder/files after decommissioning the old domain.
>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>> domain's
>>>>> local groups like old domain/domain users, old domain/domain
>>>>> admins)
>>>>> from the folder and file ntfs permissions?
>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>> Thanks
>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>

On test machines worked for me also. On production systems it failed many
times.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
news:ff16fb66279408cbbb07c1f84df6@msnews.microsoft.com...
> Hello Andrei Ungureanu" itboard.ro,
>
> I used the one i posted above and it works , also on 2008 without problem
> in my system.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> subinacl is known for bugs.
>> I have run in to similar issues when trying to to ACL cleanup. Anyone
>> knows
>> a newer version?
>> Andrei Ungureanu
>> www.itboard.ro
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a scris în mesaj
>> news:ff16fb66278998cbba27c0dfe9f2@msnews.microsoft.com...
>>
>>> Hello study,
>>>
>>> Do you use this version:
>>> http://www.microsoft.com/downloads/d...D=E8BA3E56-D8F
>>> E-4A91-93CF-ED6985E3927B&displaylang=en
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hello Meinolf and Jorge,
>>>>
>>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>>
>>>> but it just shows
>>>> Elapsed Time: 00 00:00:00
>>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>>> Any ideas?
>>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>>
>>>>> shouldn't that be
>>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>>> --
>>>>> Cheers,
>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>>> Services
>>>>> #
>>>>> BLOG (WEB-BASED)-->
>>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>>> -------------------------------------------------------------------
>>>>> --
>>>>> ---------------------
>>>>> * This posting is provided "AS IS" with no warranties and confers
>>>>> no
>>>>> rights!
>>>>> * Always test ANY suggestion in a test environment before
>>>>> implementing!
>>>>> -------------------------------------------------------------------
>>>>> --
>>>>> ---------------------
>>>>> #################################################
>>>>> #################################################
>>>>> -------------------------------------------------------------------
>>>>> --
>>>>> ---------------------
>>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>>> are left
>>>>>> from the folder/files after decommissioning the old domain.
>>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>>> domain's
>>>>>> local groups like old domain/domain users, old domain/domain
>>>>>> admins)
>>>>>> from the folder and file ntfs permissions?
>>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>>> Thanks
>>>>>>
>>>>>> __________ Information from ESET Smart Security, version of virus
>>>>>> signature database 4151 (20090612) __________
>>>>>>
>>>>>> The message was checked by ESET Smart Security.
>>>>>>
>>>>>> http://www.eset.com
>>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>
>

do make sure you have the latest version from the internet. do not use the
version in the resource kit

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"study" <study@discussions.microsoft.com> wrote in message
news:91AD3B5D-F59E-4657-8AA8-556BE919D0DC@microsoft.com...
> Hello Meinolf and Jorge,
>
> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
> subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>
> but it just shows
> Elapsed Time: 00 00:00:00
> Done: 0, Modified 0, Failed 0, Syntex errors 0
>
> Any ideas?
>
> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>
>> shouldn't that be
>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>
>> --
>>
>> Cheers,
>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>
>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>>
>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> ------------------------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test ANY suggestion in a test environment before implementing!
>> ------------------------------------------------------------------------------------------
>> #################################################
>> #################################################
>> ------------------------------------------------------------------------------------------
>>
>> "study" <study@discussions.microsoft.com> wrote in message
>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>> > After the domain migration, I'd like to remove the dead sids that are
>> > left
>> > from the folder/files after decommissioning the old domain.
>> > What would be the actual subinacl command to remove dead sids (old
>> > domain's
>> > local groups like old domain/domain users, old domain/domain admins)
>> > from the folder and file ntfs permissions?
>> >
>> > I've tried the below but doesn't seem to be working...
>> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
>> >
>> > Thanks
>> >
>> > __________ Information from ESET Smart Security, version of virus
>> > signature database 4151 (20090612) __________
>> >
>> > The message was checked by ESET Smart Security.
>> >
>> > http://www.eset.com
>> >
>> >
>> >
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4151 (20090612) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4156 (20090615) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4156 (20090615) __________

The message was checked by ESET Smart Security.

http://www.eset.com

I just downloaded the version from the link and tried the both commands below:
subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=olddomain

Both cases, I get (of course I substituted the real old domain name for the
olddomain):
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*.*
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*


"Meinolf Weber [MVP-DS]" wrote:

> Hello study,
>
> Do you use this version:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hello Meinolf and Jorge,
> >
> > Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> > and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
> >
> > but it just shows
> > Elapsed Time: 00 00:00:00
> > Done: 0, Modified 0, Failed 0, Syntex errors 0
> > Any ideas?
> >
> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
> >
> >> shouldn't that be
> >> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> >> --
> >>
> >> Cheers,
> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
> >> #
> >>
> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> >> ---------------------------------------------------------------------
> >> ---------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test ANY suggestion in a test environment before
> >> implementing!
> >> ---------------------------------------------------------------------
> >> ---------------------
> >> #################################################
> >> #################################################
> >> ---------------------------------------------------------------------
> >> ---------------------
> >> "study" <study@discussions.microsoft.com> wrote in message
> >> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> >>
> >>> After the domain migration, I'd like to remove the dead sids that
> >>> are left
> >>> from the folder/files after decommissioning the old domain.
> >>> What would be the actual subinacl command to remove dead sids (old
> >>> domain's
> >>> local groups like old domain/domain users, old domain/domain admins)
> >>> from the folder and file ntfs permissions?
> >>> I've tried the below but doesn't seem to be working... subinacl
> >>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >>>
> >>> Thanks
> >>>
> >>> __________ Information from ESET Smart Security, version of virus
> >>> signature database 4151 (20090612) __________
> >>>
> >>> The message was checked by ESET Smart Security.
> >>>
> >>> http://www.eset.com
> >>>
> >> __________ Information from ESET Smart Security, version of virus
> >> signature database 4151 (20090612) __________
> >>
> >> The message was checked by ESET Smart Security.
> >>
> >> http://www.eset.com
> >>
>
>
>

Actually it was the latest version 5.2.3790.1180.
I just re-downloaded it and installed it to a different directory and ran it
and got a different result:
1355 Could not find domain name: olddomain
Error finding domain name : 1355 The specified domain either does not exist
or could not be contacted
WARNING : /cleandeletedsidsfrom=olddomain : Invalid option: c:\*.*

Dooe the olddomain need to be contactable for this to succeed?
The trust to the olddomain has been removed and the security translation
wizard has been run to remove the old accounts. The unknown sids left over
are the olddomain\domain users and olddomain\domain admins.

Do I need to use another method then to remove them?
I can see their sids in the ntfs permissions window.


"Jorge de Almeida Pinto [MVP - DS]" wrote:

> do make sure you have the latest version from the internet. do not use the
> version in the resource kit
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
>
> "study" <study@discussions.microsoft.com> wrote in message
> news:91AD3B5D-F59E-4657-8AA8-556BE919D0DC@microsoft.com...
> > Hello Meinolf and Jorge,
> >
> > Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN and
> > subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
> >
> > but it just shows
> > Elapsed Time: 00 00:00:00
> > Done: 0, Modified 0, Failed 0, Syntex errors 0
> >
> > Any ideas?
> >
> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
> >
> >> shouldn't that be
> >> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> >>
> >> --
> >>
> >> Cheers,
> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
> >>
> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
> >>
> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> >> ------------------------------------------------------------------------------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test ANY suggestion in a test environment before implementing!
> >> ------------------------------------------------------------------------------------------
> >> #################################################
> >> #################################################
> >> ------------------------------------------------------------------------------------------
> >>
> >> "study" <study@discussions.microsoft.com> wrote in message
> >> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
> >> > After the domain migration, I'd like to remove the dead sids that are
> >> > left
> >> > from the folder/files after decommissioning the old domain.
> >> > What would be the actual subinacl command to remove dead sids (old
> >> > domain's
> >> > local groups like old domain/domain users, old domain/domain admins)
> >> > from the folder and file ntfs permissions?
> >> >
> >> > I've tried the below but doesn't seem to be working...
> >> > subinacl /subdirectories c:\* /cleandeletedsidsfrom=new domain
> >> >
> >> > Thanks
> >> >
> >> > __________ Information from ESET Smart Security, version of virus
> >> > signature database 4151 (20090612) __________
> >> >
> >> > The message was checked by ESET Smart Security.
> >> >
> >> > http://www.eset.com
> >> >
> >> >
> >> >
> >>
> >> __________ Information from ESET Smart Security, version of virus
> >> signature database 4151 (20090612) __________
> >>
> >> The message was checked by ESET Smart Security.
> >>
> >> http://www.eset.com
> >>
> >>
> >>
> >>
> >
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4156 (20090615) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
>
> __________ Information from ESET Smart Security, version of virus signature database 4156 (20090615) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>

Hello study,

What OS version do you use? If 2008 run the command prompt, even with the
administrator account, with "run as".

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I just downloaded the version from the link and tried the both
> commands below:
> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
> subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=olddomain
> Both cases, I get (of course I substituted the real old domain name
> for the
> olddomain):
> WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*.*
> WARNING : /cleandeletedsidsfrom=olddomain : Invalid option : c:\*
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello study,
>>
>> Do you use this version:
>> http://www.microsoft.com/downloads/d...D=E8BA3E56-D8F
>> E-4A91-93CF-ED6985E3927B&displaylang=en
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello Meinolf and Jorge,
>>>
>>> Tried subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>> and subinacl /subdirectories c:\*.* /cleandeletedsidsfrom=domain
>>>
>>> but it just shows
>>> Elapsed Time: 00 00:00:00
>>> Done: 0, Modified 0, Failed 0, Syntex errors 0
>>> Any ideas?
>>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>>
>>>> shouldn't that be
>>>> subinacl /subdirectories c:\* /cleandeletedsidsfrom=OLDDOMAIN
>>>> --
>>>> Cheers,
>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>>> Services
>>>> #
>>>> BLOG (WEB-BASED)-->
>>>> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> * This posting is provided "AS IS" with no warranties and confers
>>>> no
>>>> rights!
>>>> * Always test ANY suggestion in a test environment before
>>>> implementing!
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> #################################################
>>>> #################################################
>>>> -------------------------------------------------------------------
>>>> --
>>>> ---------------------
>>>> "study" <study@discussions.microsoft.com> wrote in message
>>>> news:78147D65-142C-4954-8203-06D0304C9DEA@microsoft.com...
>>>>> After the domain migration, I'd like to remove the dead sids that
>>>>> are left
>>>>> from the folder/files after decommissioning the old domain.
>>>>> What would be the actual subinacl command to remove dead sids (old
>>>>> domain's
>>>>> local groups like old domain/domain users, old domain/domain
>>>>> admins)
>>>>> from the folder and file ntfs permissions?
>>>>> I've tried the below but doesn't seem to be working... subinacl
>>>>> /subdirectories c:\* /cleandeletedsidsfrom=new domain
>>>>> Thanks
>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus
>>>>> signature database 4151 (20090612) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>>>> __________ Information from ESET Smart Security, version of virus
>>>> signature database 4151 (20090612) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>