We're planning on AD migration, the headache part is to maintain file and folder permissions.
We opted not to use MS AD migration tool, but use Powershell get-acl to dump the existing file/folder permissions, then after a manual mapping of old and new AD accounts, use set-acl to restore.
The headache part is that once the file server is migrated to the new domain, existing permissions are all gone. The new Domain admins since is not owner cannot run the get-acl and (in powershell, to set file permission, you need first run get-acl, then run set-acl) directly. This is same even I run the script in elevated mode. I can take ownership of all the folders, but this will change the folder inheritance, so not a best way to do.
Is there a way to run 'elevated' powershell script on folders that have no explicit or implicit permissions?
