November 22, 2010 at 7:04 am
I have a Reporting Services 2005 server with over 700 reports contained in over 90 folders. Each folder (and different reports within the folder) has access granted by domain groups.
We are in the process of migrating user from one domain to another. I know that the new domain already has had appropriate groups created in it and in preparation the new users have been added to the new groups. In order to migrate the users I know that the new groups will need to be added to the reporting services site.
But with the volume of folders / reports to be altered is there a way in which this can be automated / scripted without having to go into every single report in every folder to ensure that all have been given the correct access?
If not I'll just have to work about 30 hours a day to get it done in time :sick:
-------------------------------Posting Data Etiquette - Jeff Moden [/url]Smart way to ask a question
There are naive questions, tedious questions, ill-phrased questions, questions put after inadequate self-criticism. But every question is a cry to understand (the world). There is no such thing as a dumb question. ― Carl Sagan
I would never join a club that would allow me as a member - Groucho Marx
November 22, 2010 at 1:54 pm
are you actually migrating the domain and users/groups, or are you creating new in the new domain and not transferring anything? If you're doing a true migration, there are AD tools that help you do this. Basically it involves creating a trust between the two domains and having the old SID becomes part of the new domain. That way you shouldn't have to recreate everything by hand.
Disclaimer: at least that's how it worked about 5-7 years ago when I last saw this issue. Get with you AD folks, they should have these tools at thier disposal, and/or they're part of the migration toolkit (iirc).
-Luke.
November 22, 2010 at 1:55 pm
Another thought it the AD guys fall through... you could look at the SSRS Scripter. http://www.sqldbatips.com/showarticle.asp?ID=62 I'm thinking it has some abilities to do this type of thing.
-Luke.
November 23, 2010 at 12:48 am
Thanks Luke.
I will have a look at the link you posted.
I realise now that my description was not quite accurate.
I currently log into old_domain and am a member of old_domain\group1, old_domain\group2 and old_domain\group3 (which also have permissions with Reporting services).
Although my old_domain account won't be disabled, I will be logging into new_domain which has groups new_domain\group1, new_domain\group2 and new_domain\group3.
It is these new groups which I will have to create so that they correlate with the old_domain groups.
This work is planned to be done in phases, so, with luck I will some advanced notice.
Have managed to look at the tool referenced by Luke, although it will script roles, it doesn't look like it scripts membership of the role (which is what I am after). It could be useful for other bits though.
Thanks
-------------------------------Posting Data Etiquette - Jeff Moden [/url]Smart way to ask a question
There are naive questions, tedious questions, ill-phrased questions, questions put after inadequate self-criticism. But every question is a cry to understand (the world). There is no such thing as a dumb question. ― Carl Sagan
I would never join a club that would allow me as a member - Groucho Marx
November 23, 2010 at 6:08 am
I did a bit of googling and what you are looking for is the Active Directory Migration Tool. Again, this is probably part of the AD management toolkit, and your AD folks are probably already using it to migrate the domains. So if this is to be done in phases I'd suggest you create a group and give it some permissions in your old domain, then use the ADMT to move it to the new domain and see if everything still works. It should, or rather it did when I was a lowly sys admin 10 years ago maintaining a whole lot of shares on our file servers. All of the security and such just worked. HAve a look at that MSDN page I linked to and see if this will fit your needs.
-Luke.
November 24, 2010 at 2:12 am
Thanks again Luke - I'll pass this info across to the Admin Team and see what they make of it
-------------------------------Posting Data Etiquette - Jeff Moden [/url]Smart way to ask a question
There are naive questions, tedious questions, ill-phrased questions, questions put after inadequate self-criticism. But every question is a cry to understand (the world). There is no such thing as a dumb question. ― Carl Sagan
I would never join a club that would allow me as a member - Groucho Marx
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply