Solved

How can I migrate file server, directory and file security permissions, when re-assigning LUNs, in file server migration?

Posted on 2008-10-01
5
608 Views
Last Modified: 2013-11-14
Our goal is to migrate our file server to newer hardware.  We are in an Active Directory Environment 2008.  Our existing file server is a Windows 2003 stand alone file server with about 10 LUNs ranging from 10GB - 600GB with storage provided via an HP EVA 4000 using fiber HBAs.  The new server is a Windows 2008 x64 stand alone server that is also connected to the EVA via fiber HBA.

The data included on this server ranges from Active Directory user profile directories, department shares, imaging system images and apps, etc.

In the past when migrating to the existing solution, we simply robocopied data from the old location to the current file server connected to the EVA, preserving file security, however now we have this great and powerful option to migrate the data simply by redirecting the EVA LUNs to the new file server, so there is no need to physically copy data.  However using this method will not migrate the security.

So, my question is, has anyone migrated a Windows-based file server in this fashion, LUN transfer, and if so is there an easy way to migrate the file security other than manual?
0
Comment
Question by:shonmiles
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22615431
I have used am utility called "Beyond Compare" for migrating data with security permissions. http://www.scootersoftware.com/download.php
It is only like $50, and you can test it for free first to be sure that it works.
0
 

Author Comment

by:shonmiles
ID: 22615509
sstone55423

In the scenario of changing the LUN presentation from one server to another, once the LUN is presented to the new server there is nothing to compare to, the old server will not have the data, so I don't think this would work unless both servers were presented the LUNs at the same time, which is not safe.
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22615606
Well, BC is good for data that must be moved.  This doesn't apply to the LUN data.  The data on the LUN volumes are in NTFS aren't they?  And both new and old computers are AD integrated I think, right?  Test with one LUN, NTFS permissions should remain after moved.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 250 total points
ID: 22615659
I assume that with "stand-alone server", you actually mean "member server"; a stand-alone server is a server in a workgroup, which isn't working too well as file server for domain users.
That depends only on how you configured the security on your current server, and whether you're only moving to a new file server or are migrating to a new domain.
If the new server is in the same domain as the old one, and you've used the recommended method of assigning permissions to *domain* local groups (or if you used global groups), then nothing will change if you "move" the LUNs to the new machine. It's basically the same as if you would transfer a disk with permissions to a new system.
Only permissions assigned to 'real' local groups on the old machine will not be valid anymore on the new machine (groups with well-known SIDs like Administrators or Users will of course still be valid).
0
 

Author Comment

by:shonmiles
ID: 22616004
Yes I mean member server, and all the configured security is all domain based and the migration is within the same domain.  I have already tested simply unpresenting from server A (2003) to server B (2008), just now with a test LUN, and only the security transferred not the share.

When re-creating the share on the LUN on 2008, id did default to wanting to add the previous share permissions that were set on the 2003 server.  This is a minor glitch we can live with and I would assume not happen when going from the same OS version.

I am giving the points to oBdA.
0

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Create your own, high-performance VM backup appliance by installing NAKIVO Backup & Replication directly onto a Synology NAS!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now