Solved

How do I copy file shares between windows servers and retain ACLs including AD users and groups

Posted on 2010-09-21
12
1,440 Views
Last Modified: 2012-05-10
I've tried Robocopy with the /E and /COPYALL switches and it just copied the data between servers with the files inheriting the ACL of the destination folder.

I've also tried RichCopy with the same results.

Do I really have to manually re-create all the permissions and groups?
0
Comment
Question by:tferro999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730890
Have you tried robocopy with the /SECFIX option?

This is assuming that the source and destination servers are located within the same AD forest?
0
 
LVL 5

Accepted Solution

by:
sosinc3 earned 500 total points
ID: 33730914
What do you use as a backup tool? I find that when I have to do this, the best thing that works for me is either my CA Brightstore (Arcserve) backup software or my BackupExec software (we run both depending on the site). They have the ability to restore all the security information along with the file/folders. The shares are actually in the registry. Take a look at [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections]
Listed under this key are all the shares Windows has stored for the current user, simply delete the entries you don't want to store or add new ones by adding a new string value, and name it by incrementing the alpha values already in the list. Set the data to equal the drive share you wish to add. You an export this key and import it to the new server assuming the folder structure and the drive letters stay the same.
0
 

Author Comment

by:tferro999
ID: 33730958
The users guide says that /SECFIX is no longer supported and has been replaced by /COPY:S and /COPYALL should get the security settings, timestamps, ownership etc.  For some reason when I run that command, the copied files just inherited the permissions of the new share and wiped out all the old ACL info.

I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33730970
Is it share or NTFS permissions your wanting to set here?
0
 

Author Comment

by:tferro999
ID: 33731013
NTFS
0
 
LVL 3

Expert Comment

by:celdridgeMadman
ID: 33731040
Is the user account you're running robocopy under the owner of the destination folders (or at least have permissions to change folder and file permissions)?
0
 

Author Comment

by:tferro999
ID: 33731048
So the backup solution worked, sorta.  I'm able to restore the files to the new share and retain the old ACLs.  However, it also includes the old and slightly different directory structure.  So I still have to copy/paste them to the correct folder which of course resets the permissions again.  I tried disabling "inlude inheritable permissions from the object's parent" on that folder and it STILL applies the new permissions.  What am I missing here?
0
 

Author Comment

by:tferro999
ID: 33731057
Ya, the account I ran robocopy under had full control over the new destination.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33731609
The backup suggestion I gave you works great if you are using the same folder structure. You did not indicate earlier that you were also changing your file structure so sorry if I did not give you correct report. You could use the XCOPY /O to copy files from one folder to another and copy the ACL and file ownerships.
0
 
LVL 4

Expert Comment

by:ChandarS
ID: 33733562
You can also take the ntbackup

Take backup of the folder and restore the same to the destination server.

It will retain the ACL as well as the folder structure.

Only Domain ACL remains, local ACL will be removed.
0
 
LVL 6

Expert Comment

by:Porka
ID: 33734007
hello, I do this all the time with robocopy worked fine for 2003, but 2008 and above there is a slight problem and i had to use additional command options, basically i use

robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1

where:

/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second

Works everytime now, Hope this helps
0
 

Author Closing Comment

by:tferro999
ID: 33782005
restored from a backup and it worked
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Azure AD / OAUTH 2 44
List of Active Users in AD 5 60
Windows 2008 R2 Core May 2017 Microsoft Updates 4 36
Writing reports to a script 7 27
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question