Solved

Migrate user redirected "my Documents" to new server

Posted on 2012-03-30
35
719 Views
Last Modified: 2012-04-02
Hi Experts,

Here is the deal.....

SBS 2003 sp2 (old)
Server 2008 (new) w/Exchange 2010

NOTE: i am following demazter guide from here Guide for SBS2003 to server 2008 with exchange 2010

In the middle of a migration and i have Exchange pulled over no issues.

on step 10 and well the KB from microsoft that is mentioned is not working because SBS 2003 is still the active directory server....

when i just try and copy and paste ctree to new server i get errors about locked files, blah blah...


is there a guide that can almost full proof this?

HELP
0
Comment
Question by:Mutogi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 20
  • 15
35 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 37791329
It is a two step process, you first have to remove the redirect which will force the redirected folders to be copied back into the profile. and once that is complete, you can alter the GPO to point to the new location (consideration should be to use a domain based share (DFS) this way you will not run into this issue again.) \\domain\root\userfolders\%username%\


Presumably you joined the win2k8 into.

You could use robocopy/xcopy, but the users can not be logged in at the time.
You could copy what copies, and then have the users adjust the shares that they are using (also using DFS shares if possible).
Once it is transitioned to the new share, you could rerun the robocopy/xcopy from the sbs to the win2k8 which will copy the previously uncopied files provided they are not present or newer than the ones at the destination.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792222
Thank you Arnold,

the first option is what im looking for, but i am unable to move the data to other system. there are errors files are readonly or open with another program, even after restarting server and turning off NIC completely.

robo/xcopy can not be used this has to be done after hours and password sensitivity is crtical.


If there is any other way please help, im currently trying a back up and restore option...


HELP
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792243
Use cacls to see what rights exist?
Not sure what passwords you reference.
Does admin have rights to the files?
Are the files encrypted?
Do you have anti-virus on the system, symantec, mcaffe? Those might be interfering I.e. scanning the file on access.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Author Comment

by:Mutogi
ID: 37792256
Use cacls to see what rights exist?

Does admin have rights to the files?
Yes,
Not sure what passwords you reference. long story...

Are the files encrypted?
not that im aware looking at cacls to see...

Do you have anti-virus on the system, symantec, mcaffe?
Will Try with them off...

Those might be interfering I.e. scanning the file on access.


Can i just copy and paste these files?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792265
Usually you want to preserve ownership to avoid conflict and errors on the user end for some files. I.e. desktop, ntuser.dat, etc could be checked and if the user is not the owner of the file, the file/directory might not be loaded and the user will get an error and will get a temp. Profile or reject modification, etc.
You mentioned two sets, so it is not clear which files you reference here, profiles, redirected folders, or shares.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792268
on the SBS 2003 server i was not the one that setup this server...

he/she put a GPO for "My Documents" redirect in there, so you mentioned cacls, what is that i cant find info on this?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792274
Check the redirect GPO and you can reverse it I.e. if the setting is to copy the data back when the policy no longer applied.
Note though that you have to make sure if the users have roaming profiles, that there is no restriction on the size of the profile.
Use gpmc to see what policies there are and how they apply.
http://www.microsoft.com/download/en/details.aspx?id=21895
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792276
All i want to do is move 160GB of user data with no issue, demazter guide is EXCELLENT upto that reading in there that step is very airy not sure how to follow......
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792284
OK, so GPO is generic to \\SBSserver\data\users\%usernme%\my documents...

SO BIG question how can i transfer this data???

Copy paste?

Arnold please help in this, ive got all this VM done.... help
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792290
Chek the redirect policy options to make sure the settings are such that when the user falls out, the data is copied back.  That is all that is needed, you need to give it time. Then revoking the redirect will copy the data back into the user's profile.
http://technet.microsoft.com/en-us/library/cc781907(v=ws.10).aspx
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792295
Offline files are not allow and is disabled on all clients is that a problem?

i dont know HOW to get the data there in the first place and well this is a 4 week migration that my boss is pushing to get done soon....


help
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792307
First thing is to reverse the redirect. You would then copy the profiles off hours from the current location to the new one, and then adjust the ad for users to point to a new location for the profiles. You can redirect again to the new location.
How many users are involved?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792311
38 user folders,

starting copy how long till you sign off for the night?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37792318
What are you copying the user profiles? Using xcopy or robocopy?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792319
copy/paste dont know how to use xcopy/robocopy
0
 
LVL 79

Accepted Solution

by:
arnold earned 500 total points
ID: 37792325
robocopy source destination /e /copy:dato
Use /L to only see what will be done. Before doing it.
You can run it on the win2k8 after mapping the share as a drive.
net use k: \\sbsserv\sharename
robocopy k:\ d:\locationofnewshare /E /copy:dato /L
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792331
ok, here we go, hopefully youll be online for just a few more ill update....
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37792351
http://ss64.com/nt/robocopy.html

Presumably you have a test user from the old setup to test with once the data is copied and changes made,
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792356
yes
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37792393
one user folder is not owned by the domain\administrator, the person that took ownership is a administrator but a user with admin rights, how can i handle that?
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37792946
What do you want? You can take ownership for administrator, or you can take ownership and assign to the user?
cacls, icacls, xcacls can be used to modify, review rights.
cacls pathtodirectory /g username:f /T /E
http://ss64.com/nt/cacls.html
icacls is more detail /setowner username
http://ss64.com/nt/icacls.html
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793473
OK, all files transferred no errors on the robocopy report.

BUT, 2 of the test users take over 20 minutes to login after my documents redirect routed to new server?

one is a XP SP2 and the other one is a Win7 64bit
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793516
Win 7 User Mydocumets pointed at  old server, tried gpupdate /force not good, says GPO can not be found.
0
 
LVL 79

Expert Comment

by:arnold
ID: 37793597
It will not redirect an already redirected folder.  The data must first be recended following the revocation of the original redirect.
You may have to manually adjust each user registry hkey_users to redirect the my documents folder to the new location.  Use gpmc to see what is the going on.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793800
ok, as i was looking around get a call, someone was looking thru data share fine... all of a sudon chould only see his user file nothing else?
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793828
DC is the old SBS server is that a problem?

I was able my non admin account look around the share just fine?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37793937
usually, the share where user profiles, or redirected folder should be accessible by the individual user only.  It depends on whether you have a setting for the computer GPO to add the administrator group to the user roaming profiles.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37793952
Its only showing

W2K8/administrator

Not

Domain/administrator

Under security tab of the folders
0
 
LVL 79

Expert Comment

by:arnold
ID: 37793964
You mean win2k8\administrators?
Are you still only testing? You may as part of robocopy use the /sec or /copy:datso option
Or /copyall to copy both security and auditing settings?

You would likely have to make sure the hare settings on the sbs are matched on the new system. Sharing option domain users full access to the share the security settings will control the final access.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794006
Yeah therearent any domain admins
0
 
LVL 79

Expert Comment

by:arnold
ID: 37794019
Double check what the current Settings are.  Are your migration to a dfs domain based share or are you sticking with the server based share?
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/filesfolders/sharedfolders/
I've seen and posted before link to script that help transfer share configurations from server to server, while robocopy is the better way to copy the underlying data while preserving the security settings. The issue is on the sbs the security and share settings use the domain based groups while on the non dc servers the use is usually the local groups of which the domain groups are often members. I.e. domain users is a member of the server users group. Etc.
The copy option I provided had the preserver, date, owner, but not the security settings which might be why the secuirty settings on the location only reflect the user that you used to perform the copy.
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794354
OK, here is what happened so far....

robocopy k:\ d:\locationofnewshare /E /log:C:412012.txt /copy:datso

Open in new window



all security is attached minor adjustments made no biggie.

production starts tomorrow will advise what issues i have then..

THANKS AGAIN arnold, hope all goes well tomorrow....

they are server shares with SYSTEM, DOMAIN\admininstrators, OWNER@DOMAIN.local and OWNER2@DOMAIN.local and USERNAME@DOMAIN.local with FULL control, simple but a pain in the rear if i need to adjust more but all files there.....

I tested on 3 different levels of users accounts didnt have any issues, i think the user i mentioned earlir miss clicked or used a old share that i didnt disable from robocopy.

any other checks that i can preform tonight before production is appreciated....!!!!!
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 37794383
The only difficulty I foresee deal with the redirect unless you go throu using ResEdit loading the users hive in ntuser.dat and modifying the software\microsoft\windows\currentversion\...or something like tht.

http://support.microsoft.com/kb/242557
0
 
LVL 3

Author Comment

by:Mutogi
ID: 37794394
im hoping the 3 computers and 3 different users that logged in as the GPO redirected them as they logged in....
0
 
LVL 3

Author Closing Comment

by:Mutogi
ID: 37796248
THANKS arnold you really know what you are talking about.

robocopy
fix permissions (minimal)
save the day
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question