We are migrating some data and would like to change some of the groups, while preserving the rest of the permissions. What is the best approach to do that? At the moment I am thinking something along the lines of
set the permissions manually at the top level - easy
use robocopy to copy only the contents without affecting the level folder - basically run it at "\\server\folder\subfolder" level - not ideal as I'd have to copy any files at "\\server\folder\" level separately, and sometimes there are loads for subfolders, so plenty of robocopy instances.
run some sort of a script to get a list of subfolders where due to blocked inheritance the old group still exists and has been copied across by robocopy. maybe some get-acl/set-acl script that finds a group, removes it and adds a separate group in its place.
finally run some script to get a list of files that have manually - not likely but if it is possible, so someone would have done it.
There is a lot of data, so I am trying to use inheritance to do most of the work, and then just mop up the instances of blocked inherritance, rather than run some script against every single file.