Solved

How can I migrate file server, directory and file security permissions, when re-assigning LUNs, in file server migration?

Posted on 2008-10-01
5
612 Views
Last Modified: 2013-11-14
Our goal is to migrate our file server to newer hardware.  We are in an Active Directory Environment 2008.  Our existing file server is a Windows 2003 stand alone file server with about 10 LUNs ranging from 10GB - 600GB with storage provided via an HP EVA 4000 using fiber HBAs.  The new server is a Windows 2008 x64 stand alone server that is also connected to the EVA via fiber HBA.

The data included on this server ranges from Active Directory user profile directories, department shares, imaging system images and apps, etc.

In the past when migrating to the existing solution, we simply robocopied data from the old location to the current file server connected to the EVA, preserving file security, however now we have this great and powerful option to migrate the data simply by redirecting the EVA LUNs to the new file server, so there is no need to physically copy data.  However using this method will not migrate the security.

So, my question is, has anyone migrated a Windows-based file server in this fashion, LUN transfer, and if so is there an easy way to migrate the file security other than manual?
0
Comment
Question by:shonmiles
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22615431
I have used am utility called "Beyond Compare" for migrating data with security permissions. http://www.scootersoftware.com/download.php
It is only like $50, and you can test it for free first to be sure that it works.
0
 

Author Comment

by:shonmiles
ID: 22615509
sstone55423

In the scenario of changing the LUN presentation from one server to another, once the LUN is presented to the new server there is nothing to compare to, the old server will not have the data, so I don't think this would work unless both servers were presented the LUNs at the same time, which is not safe.
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22615606
Well, BC is good for data that must be moved.  This doesn't apply to the LUN data.  The data on the LUN volumes are in NTFS aren't they?  And both new and old computers are AD integrated I think, right?  Test with one LUN, NTFS permissions should remain after moved.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 22615659
I assume that with "stand-alone server", you actually mean "member server"; a stand-alone server is a server in a workgroup, which isn't working too well as file server for domain users.
That depends only on how you configured the security on your current server, and whether you're only moving to a new file server or are migrating to a new domain.
If the new server is in the same domain as the old one, and you've used the recommended method of assigning permissions to *domain* local groups (or if you used global groups), then nothing will change if you "move" the LUNs to the new machine. It's basically the same as if you would transfer a disk with permissions to a new system.
Only permissions assigned to 'real' local groups on the old machine will not be valid anymore on the new machine (groups with well-known SIDs like Administrators or Users will of course still be valid).
0
 

Author Comment

by:shonmiles
ID: 22616004
Yes I mean member server, and all the configured security is all domain based and the migration is within the same domain.  I have already tested simply unpresenting from server A (2003) to server B (2008), just now with a test LUN, and only the security transferred not the share.

When re-creating the share on the LUN on 2008, id did default to wanting to add the previous share permissions that were set on the 2003 server.  This is a minor glitch we can live with and I would assume not happen when going from the same OS version.

I am giving the points to oBdA.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACTIVE DIRECTORY 18 48
Server backups 5 42
Problem to setup GUI 11 32
Lync 2010 4 24
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question