Copy file share and permissions from one domain to another

We are in the process of migrating from a legacy Active Directory Domain into a new Active Directory Domain.  There is a 2 way Trust between the domains, and my account has full rights to the source and destination file structures. 

I want to copy a file share from the legacy domain to the new domain and bring over all NTFS rights during the copy.  Oh and by the way, the initial copy needs to be directory structure only so if I do have to perform permission maintenance, it is much quicker without the files.

I have attempted the following commands and none have worked... The new directories inherit the permissions of the new parent versus applying the legacy permissions:

  • Robocopy <Source> <Destination> /e /z /SEC /xf *
  • xcopy <Source> <Destination> /T /E /O /C
  • Get-ChildItem -Path <SOURCE>| ForEach-Object {Copy-Item -LiteralPath $_.FullName -Destination <Target>;     Get-Acl -Path $_.FullName | Set-Acl -Path <Target>\$(Split-Path -Path $_.FullName -Leaf)"}

I would greatly appreciate any assistance.

Thanks!


  • Edited by TE2011 Wednesday, September 02, 2015 6:36 PM Spelling
September 2nd, 2015 6:35pm

1. "Magic": Block inheritance in target direcories

2. Most natural way: use xcopy with appropriate parameters (see parameters with /? parameter). Parameter c would not help.

3. Use cacls function for doing error recovery (do security "mappings" with cacls functions)

M.

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2015 6:58pm

I guess I should have mentioned that I do not mind the inheritance as long as the legacy permissions are also included the end result.

September 2nd, 2015 7:21pm

Hi,

As you mentioned that the initial copy does not need to copy with file permission, it should be:

Robocopy <Source> <Destination> /e /z /nocopy 

/nocopy will prevent copy file info including security permissions. Next time you can run a /secfix and /timfix to fix all security info and timestamp.

Please let us know the error if it still fail.

Note: Share permission will not be copies. It is stored in registry keys so if it is needed, you need to output it from source server and import to target server manually.  If path will be changed, you will need to edit the regitry key before import as well. 


Free Windows Admin Tool Kit Click here and download it now
September 4th, 2015 12:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics