Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13146
  • Last Modified:

Robocopy on Windows Server 2012 R2 does not copy inherited directory permission to the target directory ?

Hi,

Can anyone please assist me with Robocopy on Windows Server 2012 R2 (I don't know what's the version) to copy the directory from Source old File server 2008 NTFS share (\\oldFileServer\Data) into the new file server 2012 R2 drive S:\Data\ ?

here's what I got to run initially:
robocopy.exe "\\oldFileServer\Data" S:\Data *.* /E /SECFIX /SEC /XO /ZB /COPYALL /MIR /DCOPY:DAT /XF "Thumbs.db" /XD "System Volume Information" /XD "Recycler" /XD "$RECYCLE.BIN" /R:0 /W:0 /NP /NFL /NDL /TEE /LOG:"X:\robocopy.log"

pause



But somehow when I open the advanced permission tab and compare the copied source directory and the target directory, the inherited permission is not copied over ?

The file owner is correct, I am executing the batch script above with my DOMAIN\Administrator account which is also local Administrator on both file servers.

Any thoughts and comment would be greatly appreciated.

Thanks.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 10
  • 4
  • 4
  • +1
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
You are copying from a share to a local drive and you want the inherited permissions BUT robocopy cannot access the permissions of the folder above it.  You will have to save the acls from the source folder and then copy  the file that contains the acl info and then apply them to this folder.
Easier to just turn off inherited settings and turn them into explicit settings and then do the copy.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks David, so how and what tools do I need to use in the windows server 2008 source file server to export that information ?
0
 
basil2912Commented:
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi Basil,

the new server is windows server 2012 R2 not 2008 R2
0
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
What about the file ownership ?

what's the Robocopy parameter so that the file owner and directory owner is still retained not overwritten by the local administrator group on the target server ?
0
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
"subinacl /file " & path & " /setowner=" & newOwner
subinacl /file \STUDENT-SUBMISSIONS\folder1  /setowner=mydomain\user1
subinacl /subdirectories \STUDENT-SUBMISSIONS\folder1\*  /setowner=mydomain\user1

Refer:
http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_27062593.html
http://www.experts-exchange.com/Software/Server_Software/Document_Management/Q_24178361.html
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks prem,

but the problem is that there are 1700 folders and the owners of each directories are all different.
0
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
His there any reason, behind changing the ownership of the folders?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
of course, in the source file server the files and directory owners are the each of the respective users.

but in the new target server, the directories are all owned by the newFileServer\Administrators (local admin group of the new server ?
0
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
I found this one for you, try with one folder and check out.

ROBOCOPY /E /Copy:O /IS /IT <Source> <Target>

“To refresh security information for existing destination files and directories without copying file data, use the /IS switch together with the /COPY switch without the D flag. For example /IS /COPY:SOU would refresh all security information for all selected files, without copying any file data.”

SOU - S=Security ; O=OwnerShip info ; U=Auditing

/IS - Copy information without files and directories
0
 
David Johnson, CD, MVPOwnerCommented:
from the server that holds the files i.e. d:\users now copy these files to the new server \\servername\sharename  within robocopy use the /B or /ZB option this is the backup option

robocopy.exe \\sourcepath \\target-path /MIR /xo /xj /dcopy:t /copy:datso /secfix /v /FP /MT /e /z /r:0 /w:0 /log+:c:\temp\logfile.log /b /zb

Open in new window

1
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi David,

Do I need to run the script on the source server (Old Windows Server 2008) or from the new file server 2012 R2 ?
0
 
David Johnson, CD, MVPOwnerCommented:
on old server from old to new
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ah, so is this because of the /B and /ZB command is being used ?
0
 
David Johnson, CD, MVPOwnerCommented:
Z is restartable
B is for backup
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks !
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
it works David !!!

I even executed the Robocopy from the Windows Server 2012 R2 destination server the owner and the permission applied succesfully.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
I've posted follow up question in how to fix the directory ownership for the files and folders if they already copied over to the destination drive:

here's my other thread: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28477873.html

so hopefully I do not have to copy the whole data ~17 TB over 4 weekends again just to fix the file and directory ownership.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 10
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now