Solved

Migrate user redirected "my Documents" to new server

Posted on 2012-03-30
35
710 Views
Last Modified: 2012-04-02
Hi Experts,

Here is the deal.....

SBS 2003 sp2 (old)
Server 2008 (new) w/Exchange 2010

NOTE: i am following demazter guide from here Guide for SBS2003 to server 2008 with exchange 2010

In the middle of a migration and i have Exchange pulled over no issues.

on step 10 and well the KB from microsoft that is mentioned is not working because SBS 2003 is still the active directory server....

when i just try and copy and paste ctree to new server i get errors about locked files, blah blah...


is there a guide that can almost full proof this?

HELP
0
Comment
Question by:Mutogi
  • 20
  • 15
35 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 37791329
It is a two step process, you first have to remove the redirect which will force the redirected folders to be copied back into the profile. and once that is complete, you can alter the GPO to point to the new location (consideration should be to use a domain based share (DFS) this way you will not run into this issue again.) \\domain\root\userfolders\%username%\


Presumably you joined the win2k8 into.

You could use robocopy/xcopy, but the users can not be logged in at the time.
You could copy what copies, and then have the users adjust the shares that they are using (also using DFS shares if possible).
Once it is transitioned to the new share, you could rerun the robocopy/xcopy from the sbs to the win2k8 which will copy the previously uncopied files provided they are not present or newer than the ones at the destination.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792222
Thank you Arnold,

the first option is what im looking for, but i am unable to move the data to other system. there are errors files are readonly or open with another program, even after restarting server and turning off NIC completely.

robo/xcopy can not be used this has to be done after hours and password sensitivity is crtical.


If there is any other way please help, im currently trying a back up and restore option...


HELP
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792243
Use cacls to see what rights exist?
Not sure what passwords you reference.
Does admin have rights to the files?
Are the files encrypted?
Do you have anti-virus on the system, symantec, mcaffe? Those might be interfering I.e. scanning the file on access.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792256
Use cacls to see what rights exist?

Does admin have rights to the files?
Yes,
Not sure what passwords you reference. long story...

Are the files encrypted?
not that im aware looking at cacls to see...

Do you have anti-virus on the system, symantec, mcaffe?
Will Try with them off...

Those might be interfering I.e. scanning the file on access.


Can i just copy and paste these files?
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792265
Usually you want to preserve ownership to avoid conflict and errors on the user end for some files. I.e. desktop, ntuser.dat, etc could be checked and if the user is not the owner of the file, the file/directory might not be loaded and the user will get an error and will get a temp. Profile or reject modification, etc.
You mentioned two sets, so it is not clear which files you reference here, profiles, redirected folders, or shares.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792268
on the SBS 2003 server i was not the one that setup this server...

he/she put a GPO for "My Documents" redirect in there, so you mentioned cacls, what is that i cant find info on this?
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792274
Check the redirect GPO and you can reverse it I.e. if the setting is to copy the data back when the policy no longer applied.
Note though that you have to make sure if the users have roaming profiles, that there is no restriction on the size of the profile.
Use gpmc to see what policies there are and how they apply.
http://www.microsoft.com/download/en/details.aspx?id=21895
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792276
All i want to do is move 160GB of user data with no issue, demazter guide is EXCELLENT upto that reading in there that step is very airy not sure how to follow......
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792284
OK, so GPO is generic to \\SBSserver\data\users\%usernme%\my documents...

SO BIG question how can i transfer this data???

Copy paste?

Arnold please help in this, ive got all this VM done.... help
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792290
Chek the redirect policy options to make sure the settings are such that when the user falls out, the data is copied back.  That is all that is needed, you need to give it time. Then revoking the redirect will copy the data back into the user's profile.
http://technet.microsoft.com/en-us/library/cc781907(v=ws.10).aspx
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792295
Offline files are not allow and is disabled on all clients is that a problem?

i dont know HOW to get the data there in the first place and well this is a 4 week migration that my boss is pushing to get done soon....


help
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792307
First thing is to reverse the redirect. You would then copy the profiles off hours from the current location to the new one, and then adjust the ad for users to point to a new location for the profiles. You can redirect again to the new location.
How many users are involved?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792311
38 user folders,

starting copy how long till you sign off for the night?
0
 
LVL 76

Expert Comment

by:arnold
ID: 37792318
What are you copying the user profiles? Using xcopy or robocopy?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792319
copy/paste dont know how to use xcopy/robocopy
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 37792325
robocopy source destination /e /copy:dato
Use /L to only see what will be done. Before doing it.
You can run it on the win2k8 after mapping the share as a drive.
net use k: \\sbsserv\sharename
robocopy k:\ d:\locationofnewshare /E /copy:dato /L
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792331
ok, here we go, hopefully youll be online for just a few more ill update....
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37792351
http://ss64.com/nt/robocopy.html

Presumably you have a test user from the old setup to test with once the data is copied and changes made,
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792356
yes
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792393
one user folder is not owned by the domain\administrator, the person that took ownership is a administrator but a user with admin rights, how can i handle that?
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37792946
What do you want? You can take ownership for administrator, or you can take ownership and assign to the user?
cacls, icacls, xcacls can be used to modify, review rights.
cacls pathtodirectory /g username:f /T /E
http://ss64.com/nt/cacls.html
icacls is more detail /setowner username
http://ss64.com/nt/icacls.html
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793473
OK, all files transferred no errors on the robocopy report.

BUT, 2 of the test users take over 20 minutes to login after my documents redirect routed to new server?

one is a XP SP2 and the other one is a Win7 64bit
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793516
Win 7 User Mydocumets pointed at  old server, tried gpupdate /force not good, says GPO can not be found.
0
 
LVL 76

Expert Comment

by:arnold
ID: 37793597
It will not redirect an already redirected folder.  The data must first be recended following the revocation of the original redirect.
You may have to manually adjust each user registry hkey_users to redirect the my documents folder to the new location.  Use gpmc to see what is the going on.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793800
ok, as i was looking around get a call, someone was looking thru data share fine... all of a sudon chould only see his user file nothing else?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793828
DC is the old SBS server is that a problem?

I was able my non admin account look around the share just fine?
0
 
LVL 76

Expert Comment

by:arnold
ID: 37793937
usually, the share where user profiles, or redirected folder should be accessible by the individual user only.  It depends on whether you have a setting for the computer GPO to add the administrator group to the user roaming profiles.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793952
Its only showing

W2K8/administrator

Not

Domain/administrator

Under security tab of the folders
0
 
LVL 76

Expert Comment

by:arnold
ID: 37793964
You mean win2k8\administrators?
Are you still only testing? You may as part of robocopy use the /sec or /copy:datso option
Or /copyall to copy both security and auditing settings?

You would likely have to make sure the hare settings on the sbs are matched on the new system. Sharing option domain users full access to the share the security settings will control the final access.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794006
Yeah therearent any domain admins
0
 
LVL 76

Expert Comment

by:arnold
ID: 37794019
Double check what the current Settings are.  Are your migration to a dfs domain based share or are you sticking with the server based share?
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/filesfolders/sharedfolders/
I've seen and posted before link to script that help transfer share configurations from server to server, while robocopy is the better way to copy the underlying data while preserving the security settings. The issue is on the sbs the security and share settings use the domain based groups while on the non dc servers the use is usually the local groups of which the domain groups are often members. I.e. domain users is a member of the server users group. Etc.
The copy option I provided had the preserver, date, owner, but not the security settings which might be why the secuirty settings on the location only reflect the user that you used to perform the copy.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794354
OK, here is what happened so far....

robocopy k:\ d:\locationofnewshare /E /log:C:412012.txt /copy:datso

Open in new window



all security is attached minor adjustments made no biggie.

production starts tomorrow will advise what issues i have then..

THANKS AGAIN arnold, hope all goes well tomorrow....

they are server shares with SYSTEM, DOMAIN\admininstrators, OWNER@DOMAIN.local and OWNER2@DOMAIN.local and USERNAME@DOMAIN.local with FULL control, simple but a pain in the rear if i need to adjust more but all files there.....

I tested on 3 different levels of users accounts didnt have any issues, i think the user i mentioned earlir miss clicked or used a old share that i didnt disable from robocopy.

any other checks that i can preform tonight before production is appreciated....!!!!!
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37794383
The only difficulty I foresee deal with the redirect unless you go throu using ResEdit loading the users hive in ntuser.dat and modifying the software\microsoft\windows\currentversion\...or something like tht.

http://support.microsoft.com/kb/242557
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794394
im hoping the 3 computers and 3 different users that logged in as the GPO redirected them as they logged in....
0
 
LVL 3

Author Closing Comment

by:Mutogi
ID: 37796248
THANKS arnold you really know what you are talking about.

robocopy
fix permissions (minimal)
save the day
0

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now