Any way to mass remove unresolve SIDs from NTFS permissions?

Posted on 2011-05-09
Last Modified: 2013-12-04

I am attempting a data from our file server to an open CIFS share in preparation for putting some of our data onto a cloud provider.  The problem I am running into is that the migration tool I am using cannot set the file/folder permissions properly because a number of my folders have unresolved SID entries (the folders are old, first created about 15 years ago, and have been migrated through at least four different servers and an NT -> 2000 - > 2003 domain at this point).  Many of the folders, especially the older ones, are a mess of nested folders and non-inheritance.

Since I can't easily go through the thousands of folders and files and see which have unresolved SIDs in their permissions and which don't, is there any way to remove all unresolved SIDs en masse?  Or barring that, any way to at least list which objects hold them?

Oh, the files currently reside on a Windows 2008 server.


Question by:Jason_Place
    LVL 24

    Accepted Solution

    These will be the SID's for deleted AD Objects.

    You can use SubInACL to do this for you.
    LVL 61

    Expert Comment

    chkdsk /f also does some cleanup.
    LVL 1

    Author Closing Comment

    Perfect, that's exactly the sort of thing I was looking for.  Thanks!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now