Migrate user redirected "my Documents" to new server

Hi Experts,

Here is the deal.....

SBS 2003 sp2 (old)
Server 2008 (new) w/Exchange 2010

NOTE: i am following demazter guide from here Guide for SBS2003 to server 2008 with exchange 2010

In the middle of a migration and i have Exchange pulled over no issues.

on step 10 and well the KB from microsoft that is mentioned is not working because SBS 2003 is still the active directory server....

when i just try and copy and paste ctree to new server i get errors about locked files, blah blah...


is there a guide that can almost full proof this?

HELP
LVL 3
MutogiIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
It is a two step process, you first have to remove the redirect which will force the redirected folders to be copied back into the profile. and once that is complete, you can alter the GPO to point to the new location (consideration should be to use a domain based share (DFS) this way you will not run into this issue again.) \\domain\root\userfolders\%username%\


Presumably you joined the win2k8 into.

You could use robocopy/xcopy, but the users can not be logged in at the time.
You could copy what copies, and then have the users adjust the shares that they are using (also using DFS shares if possible).
Once it is transitioned to the new share, you could rerun the robocopy/xcopy from the sbs to the win2k8 which will copy the previously uncopied files provided they are not present or newer than the ones at the destination.
0
MutogiIT ManagerAuthor Commented:
Thank you Arnold,

the first option is what im looking for, but i am unable to move the data to other system. there are errors files are readonly or open with another program, even after restarting server and turning off NIC completely.

robo/xcopy can not be used this has to be done after hours and password sensitivity is crtical.


If there is any other way please help, im currently trying a back up and restore option...


HELP
0
arnoldCommented:
Use cacls to see what rights exist?
Not sure what passwords you reference.
Does admin have rights to the files?
Are the files encrypted?
Do you have anti-virus on the system, symantec, mcaffe? Those might be interfering I.e. scanning the file on access.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MutogiIT ManagerAuthor Commented:
Use cacls to see what rights exist?

Does admin have rights to the files?
Yes,
Not sure what passwords you reference. long story...

Are the files encrypted?
not that im aware looking at cacls to see...

Do you have anti-virus on the system, symantec, mcaffe?
Will Try with them off...

Those might be interfering I.e. scanning the file on access.


Can i just copy and paste these files?
0
arnoldCommented:
Usually you want to preserve ownership to avoid conflict and errors on the user end for some files. I.e. desktop, ntuser.dat, etc could be checked and if the user is not the owner of the file, the file/directory might not be loaded and the user will get an error and will get a temp. Profile or reject modification, etc.
You mentioned two sets, so it is not clear which files you reference here, profiles, redirected folders, or shares.
0
MutogiIT ManagerAuthor Commented:
on the SBS 2003 server i was not the one that setup this server...

he/she put a GPO for "My Documents" redirect in there, so you mentioned cacls, what is that i cant find info on this?
0
arnoldCommented:
Check the redirect GPO and you can reverse it I.e. if the setting is to copy the data back when the policy no longer applied.
Note though that you have to make sure if the users have roaming profiles, that there is no restriction on the size of the profile.
Use gpmc to see what policies there are and how they apply.
http://www.microsoft.com/download/en/details.aspx?id=21895
0
MutogiIT ManagerAuthor Commented:
All i want to do is move 160GB of user data with no issue, demazter guide is EXCELLENT upto that reading in there that step is very airy not sure how to follow......
0
MutogiIT ManagerAuthor Commented:
OK, so GPO is generic to \\SBSserver\data\users\%usernme%\my documents...

SO BIG question how can i transfer this data???

Copy paste?

Arnold please help in this, ive got all this VM done.... help
0
arnoldCommented:
Chek the redirect policy options to make sure the settings are such that when the user falls out, the data is copied back.  That is all that is needed, you need to give it time. Then revoking the redirect will copy the data back into the user's profile.
http://technet.microsoft.com/en-us/library/cc781907(v=ws.10).aspx
0
MutogiIT ManagerAuthor Commented:
Offline files are not allow and is disabled on all clients is that a problem?

i dont know HOW to get the data there in the first place and well this is a 4 week migration that my boss is pushing to get done soon....


help
0
arnoldCommented:
First thing is to reverse the redirect. You would then copy the profiles off hours from the current location to the new one, and then adjust the ad for users to point to a new location for the profiles. You can redirect again to the new location.
How many users are involved?
0
MutogiIT ManagerAuthor Commented:
38 user folders,

starting copy how long till you sign off for the night?
0
arnoldCommented:
What are you copying the user profiles? Using xcopy or robocopy?
0
MutogiIT ManagerAuthor Commented:
copy/paste dont know how to use xcopy/robocopy
0
arnoldCommented:
robocopy source destination /e /copy:dato
Use /L to only see what will be done. Before doing it.
You can run it on the win2k8 after mapping the share as a drive.
net use k: \\sbsserv\sharename
robocopy k:\ d:\locationofnewshare /E /copy:dato /L
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MutogiIT ManagerAuthor Commented:
ok, here we go, hopefully youll be online for just a few more ill update....
0
arnoldCommented:
http://ss64.com/nt/robocopy.html

Presumably you have a test user from the old setup to test with once the data is copied and changes made,
0
MutogiIT ManagerAuthor Commented:
yes
0
MutogiIT ManagerAuthor Commented:
one user folder is not owned by the domain\administrator, the person that took ownership is a administrator but a user with admin rights, how can i handle that?
0
arnoldCommented:
What do you want? You can take ownership for administrator, or you can take ownership and assign to the user?
cacls, icacls, xcacls can be used to modify, review rights.
cacls pathtodirectory /g username:f /T /E
http://ss64.com/nt/cacls.html
icacls is more detail /setowner username
http://ss64.com/nt/icacls.html
0
MutogiIT ManagerAuthor Commented:
OK, all files transferred no errors on the robocopy report.

BUT, 2 of the test users take over 20 minutes to login after my documents redirect routed to new server?

one is a XP SP2 and the other one is a Win7 64bit
0
MutogiIT ManagerAuthor Commented:
Win 7 User Mydocumets pointed at  old server, tried gpupdate /force not good, says GPO can not be found.
0
arnoldCommented:
It will not redirect an already redirected folder.  The data must first be recended following the revocation of the original redirect.
You may have to manually adjust each user registry hkey_users to redirect the my documents folder to the new location.  Use gpmc to see what is the going on.
0
MutogiIT ManagerAuthor Commented:
ok, as i was looking around get a call, someone was looking thru data share fine... all of a sudon chould only see his user file nothing else?
0
MutogiIT ManagerAuthor Commented:
DC is the old SBS server is that a problem?

I was able my non admin account look around the share just fine?
0
arnoldCommented:
usually, the share where user profiles, or redirected folder should be accessible by the individual user only.  It depends on whether you have a setting for the computer GPO to add the administrator group to the user roaming profiles.
0
MutogiIT ManagerAuthor Commented:
Its only showing

W2K8/administrator

Not

Domain/administrator

Under security tab of the folders
0
arnoldCommented:
You mean win2k8\administrators?
Are you still only testing? You may as part of robocopy use the /sec or /copy:datso option
Or /copyall to copy both security and auditing settings?

You would likely have to make sure the hare settings on the sbs are matched on the new system. Sharing option domain users full access to the share the security settings will control the final access.
0
MutogiIT ManagerAuthor Commented:
Yeah therearent any domain admins
0
arnoldCommented:
Double check what the current Settings are.  Are your migration to a dfs domain based share or are you sticking with the server based share?
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/filesfolders/sharedfolders/
I've seen and posted before link to script that help transfer share configurations from server to server, while robocopy is the better way to copy the underlying data while preserving the security settings. The issue is on the sbs the security and share settings use the domain based groups while on the non dc servers the use is usually the local groups of which the domain groups are often members. I.e. domain users is a member of the server users group. Etc.
The copy option I provided had the preserver, date, owner, but not the security settings which might be why the secuirty settings on the location only reflect the user that you used to perform the copy.
0
MutogiIT ManagerAuthor Commented:
OK, here is what happened so far....

robocopy k:\ d:\locationofnewshare /E /log:C:412012.txt /copy:datso

Open in new window



all security is attached minor adjustments made no biggie.

production starts tomorrow will advise what issues i have then..

THANKS AGAIN arnold, hope all goes well tomorrow....

they are server shares with SYSTEM, DOMAIN\admininstrators, OWNER@DOMAIN.local and OWNER2@DOMAIN.local and USERNAME@DOMAIN.local with FULL control, simple but a pain in the rear if i need to adjust more but all files there.....

I tested on 3 different levels of users accounts didnt have any issues, i think the user i mentioned earlir miss clicked or used a old share that i didnt disable from robocopy.

any other checks that i can preform tonight before production is appreciated....!!!!!
0
arnoldCommented:
The only difficulty I foresee deal with the redirect unless you go throu using ResEdit loading the users hive in ntuser.dat and modifying the software\microsoft\windows\currentversion\...or something like tht.

http://support.microsoft.com/kb/242557
0
MutogiIT ManagerAuthor Commented:
im hoping the 3 computers and 3 different users that logged in as the GPO redirected them as they logged in....
0
MutogiIT ManagerAuthor Commented:
THANKS arnold you really know what you are talking about.

robocopy
fix permissions (minimal)
save the day
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.