Does removing server from AD corrupt or change file/folder permission set.

Does removing server from AD corrupt or change file/folder AD permission set.

If later ,I add the HDD to another server joined to the domain, will all AD permissions be intact.



All permissions for domain accounts will remain.


All permissions for Well-Known local accounts ('Administrator', 'Administrators', 'Users', ...) will remain.


All permissions for local groups on the server will obviously be lost.


Well-known security identifiers in Windows operating systems
https://support.microsoft.com/en-us/kb/243330

And just in case: note that shares are not part of the file system, but part of the server's LanmanServer service configuration. In other words: shares will not remain.



All permissions for domain accounts will remain.


All permissions for Well-Known local accounts ('Administrator', 'Administrators', 'Users', ...) will remain.


All permissions for local groups on the server will obviously be lost.


Well-known security identifiers in Windows operating systems
https://support.microsoft.com/en-us/kb/243330

And just in case: note that shares are not part of the file system, but part of the server's LanmanServer service configuration. In other words: shares will not remain.



I assume this is not a domain controller, right? Otherwise I agree with oBdA above. However taking that drive from the removed server and putting it in another server will affect some permissions, make some files and folders inaccessible (mainly OS related ones) that use SYSTEM permissions but you can regain control of those by taking "ownership". However data files and folders would not be affected.



Like the default Administrators group (S-1-5-32-544), System is a well-known SID and is S-1-5-18 on all systems.

But I have to correct myself: "Administrator" only has a well-known RID (always ends with -500), but has a SID derived from the local machine. So any permissions granted explicitly to the "Administrator" account will be "lost".



No , it is not a domain controller.

I am only concerned of the data files and folder.



then you will be good to go

Share this

Related Posts

There was an error in this gadget