Solved

How do I copy file shares between windows servers and retain ACLs including AD users and groups

Posted on 2010-09-21
12
1,432 Views
Last Modified: 2012-05-10
I've tried Robocopy with the /E and /COPYALL switches and it just copied the data between servers with the files inheriting the ACL of the destination folder.

I've also tried RichCopy with the same results.

Do I really have to manually re-create all the permissions and groups?
0
Comment
Question by:tferro999
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730890
Have you tried robocopy with the /SECFIX option?

This is assuming that the source and destination servers are located within the same AD forest?
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 500 total points
ID: 33730914
What do you use as a backup tool? I find that when I have to do this, the best thing that works for me is either my CA Brightstore (Arcserve) backup software or my BackupExec software (we run both depending on the site). They have the ability to restore all the security information along with the file/folders. The shares are actually in the registry. Take a look at [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
Listed under this key are all the shares Windows has stored for the current user, simply delete the entries you don't want to store or add new ones by adding a new string value, and name it by incrementing the alpha values already in the list. Set the data to equal the drive share you wish to add. You an export this key and import it to the new server assuming the folder structure and the drive letters stay the same.
0
 

Author Comment

by:tferro999
ID: 33730958
The users guide says that /SECFIX is no longer supported and has been replaced by /COPY:S and /COPYALL should get the security settings, timestamps, ownership etc.  For some reason when I run that command, the copied files just inherited the permissions of the new share and wiped out all the old ACL info.

I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
0
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730970
Is it share or NTFS permissions your wanting to set here?
0
 

Author Comment

by:tferro999
ID: 33731013
NTFS
0
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33731040
Is the user account you're running robocopy under the owner of the destination folders (or at least have permissions to change folder and file permissions)?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:tferro999
ID: 33731048
So the backup solution worked, sorta.  I'm able to restore the files to the new share and retain the old ACLs.  However, it also includes the old and slightly different directory structure.  So I still have to copy/paste them to the correct folder which of course resets the permissions again.  I tried disabling "inlude inheritable permissions from the object's parent" on that folder and it STILL applies the new permissions.  What am I missing here?
0
 

Author Comment

by:tferro999
ID: 33731057
Ya, the account I ran robocopy under had full control over the new destination.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33731609
The backup suggestion I gave you works great if you are using the same folder structure. You did not indicate earlier that you were also changing your file structure so sorry if I did not give you correct report. You could use the XCOPY /O to copy files from one folder to another and copy the ACL and file ownerships.
0
 
LVL 4

Expert Comment

by:ChandarS
ID: 33733562
You can also take the ntbackup

Take backup of the folder and restore the same to the destination server.

It will retain the ACL as well as the folder structure.

Only Domain ACL remains, local ACL will be removed.
0
 
LVL 6

Expert Comment

by:Porka
ID: 33734007
hello, I do this all the time with robocopy worked fine for 2003, but 2008 and above there is a slight problem and i had to use additional command options, basically i use

robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1

where:

/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second

Works everytime now, Hope this helps
0
 

Author Closing Comment

by:tferro999
ID: 33782005
restored from a backup and it worked
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now