tferro999
asked on
How do I copy file shares between windows servers and retain ACLs including AD users and groups
I've tried Robocopy with the /E and /COPYALL switches and it just copied the data between servers with the files inheriting the ACL of the destination folder.
I've also tried RichCopy with the same results.
Do I really have to manually re-create all the permissions and groups?
I've also tried RichCopy with the same results.
Do I really have to manually re-create all the permissions and groups?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The users guide says that /SECFIX is no longer supported and has been replaced by /COPY:S and /COPYALL should get the security settings, timestamps, ownership etc. For some reason when I run that command, the copied files just inherited the permissions of the new share and wiped out all the old ACL info.
I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
I'll try to restore the data from my backup tonight and see how that goes, i'm running MS DPM 2007.
Is it share or NTFS permissions your wanting to set here?
ASKER
NTFS
Is the user account you're running robocopy under the owner of the destination folders (or at least have permissions to change folder and file permissions)?
ASKER
So the backup solution worked, sorta. I'm able to restore the files to the new share and retain the old ACLs. However, it also includes the old and slightly different directory structure. So I still have to copy/paste them to the correct folder which of course resets the permissions again. I tried disabling "inlude inheritable permissions from the object's parent" on that folder and it STILL applies the new permissions. What am I missing here?
ASKER
Ya, the account I ran robocopy under had full control over the new destination.
The backup suggestion I gave you works great if you are using the same folder structure. You did not indicate earlier that you were also changing your file structure so sorry if I did not give you correct report. You could use the XCOPY /O to copy files from one folder to another and copy the ACL and file ownerships.
You can also take the ntbackup
Take backup of the folder and restore the same to the destination server.
It will retain the ACL as well as the folder structure.
Only Domain ACL remains, local ACL will be removed.
Take backup of the folder and restore the same to the destination server.
It will retain the ACL as well as the folder structure.
Only Domain ACL remains, local ACL will be removed.
hello, I do this all the time with robocopy worked fine for 2003, but 2008 and above there is a slight problem and i had to use additional command options, basically i use
robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1
where:
/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second
Works everytime now, Hope this helps
robocopy sourceunc destination unc /e /sec /copyall /mir /log:c:\mylog.txt /r:1 /w:1
where:
/e = all folder as well as empty
/sec = original security option
/copyall / mir = for 2008 transfers needed this to take security
/log = log file of transer
/r:1 /w:1 = max retries is 1 and wait is 1 second
Works everytime now, Hope this helps
ASKER
restored from a backup and it worked
This is assuming that the source and destination servers are located within the same AD forest?