SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.
For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user’s files. This gives the user access to the same files from the new domain.
SubInACL enables administrators to do the following:
Display security information associated with files, registry keys, or services. This information includes owner, group, permission access control list (ACL), discretionary ACL (DACL), and system ACL (SACL).
Change the owner of an object.
Replace the security information for one identifier (account, group, well-known security identifier (SID)) with that of another identifier.
Migrate security information about objects. This is useful if you have reorganized a network’s domains and need to migrate the security information for files from one domain to another.
Download SubInACL from here
subinacl /help [/full | Keyword]
Scenario Example 1
The task in this example is to adjust the files on \\Server\Share after you move User1 from OldDomain to NewDomain. Type the following at the command line:
subinacl /subdirec \\server\share\*.* /replace=OLDDOMAIN\USER1=NEWDOMAIN\User1
Note :- The two domains must have a trust relationship.
Scenario Example 2
The task in this example is to migrate a backup domain controller (BDC) named MigrControl with all its files to NewDomain, and migrate users from OldDomain to NewDomain.
Reinstall MigrControl as a primary domain controller (PDC) of NewDomain, and do not erase the files.
Create the users on NewDomain.
Create a trust relationship with OldDomain.
To migrate the files, type the following at the command line:
subinacl /noverbose /subdirectories x:\*.* /changedomain=OLDDOMAIN=NEWDOMAIN
To verify the changes, type the following at the command line:
subinacl /noverbose /subdirectories x:\*.*
Scenario Example 3
The task in this example is to move a stand-alone server and its users to NewDomain.
Move the server to NewDomain.
Create the users in NewDomain.
Type the following at the command line:
subinacl /noverbose /subdirectories \\SERVER\SHARE /changedomain=SERVER=NEWDOMAIN
Scenario Example 4
The task in this example is to replace “Jim” with “Kim” in each .txt file in the C:\Temp folder, display the security descriptor for each such file, and apply any changes. Type the following at the command line:
subinacl /file c:\temp\*.txt /replace=Jim=Kim/display