[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


How do I copy file shares between windows servers and retain ACLs including AD users and groups

Posted on 2010-09-21
Medium Priority
Last Modified: 2012-05-10
I've tried Robocopy with the /E and /COPYALL switches and it just copied the data between servers with the files inheriting the ACL of the destination folder.

I've also tried RichCopy with the same results.

Do I really have to manually re-create all the permissions and groups?
Question by:tferro999
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2

Expert Comment

ID: 33730890
Have you tried robocopy with the /SECFIX option?

This is assuming that the source and destination servers are located within the same AD forest?

Accepted Solution

sosinc3 earned 2000 total points
ID: 33730914
What do you use as a backup tool? I find that when I have to do this, the best thing that works for me is either my CA Brightstore (Arcserve) backup software or my BackupExec software (we run both depending on the site). They have the ability to restore all the security information along with the file/folders. The shares are actually in the registry. Take a look at [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
Listed under this key are all the shares Windows has stored for the current user, simply delete the entries you don't want to store or add new ones by adding a new string value, and name it by incrementing the alpha values already in the list. Set the data to equal the drive share you wish to add. You an export this key and import it to the new server assuming the folder structure and the drive letters stay the same.

Author Comment

ID: 33730958
The users guide says that /SECFIX is no longer supported and has been replaced by /COPY:S and /COPYALL should get the security settings, timestamps, ownership etc.  For some reason when I run that command, the copied files just inherited the permissions of the new share and wiped out all the old ACL info.

I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Expert Comment

ID: 33730970
Is it share or NTFS permissions your wanting to set here?

Author Comment

ID: 33731013

Expert Comment

ID: 33731040
Is the user account you're running robocopy under the owner of the destination folders (or at least have permissions to change folder and file permissions)?

Author Comment

ID: 33731048
So the backup solution worked, sorta.  I'm able to restore the files to the new share and retain the old ACLs.  However, it also includes the old and slightly different directory structure.  So I still have to copy/paste them to the correct folder which of course resets the permissions again.  I tried disabling "inlude inheritable permissions from the object's parent" on that folder and it STILL applies the new permissions.  What am I missing here?

Author Comment

ID: 33731057
Ya, the account I ran robocopy under had full control over the new destination.

Expert Comment

ID: 33731609
The backup suggestion I gave you works great if you are using the same folder structure. You did not indicate earlier that you were also changing your file structure so sorry if I did not give you correct report. You could use the XCOPY /O to copy files from one folder to another and copy the ACL and file ownerships.

Expert Comment

ID: 33733562
You can also take the ntbackup

Take backup of the folder and restore the same to the destination server.

It will retain the ACL as well as the folder structure.

Only Domain ACL remains, local ACL will be removed.

Expert Comment

ID: 33734007
hello, I do this all the time with robocopy worked fine for 2003, but 2008 and above there is a slight problem and i had to use additional command options, basically i use

robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1


/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second

Works everytime now, Hope this helps

Author Closing Comment

ID: 33782005
restored from a backup and it worked

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question