+ Post New Thread
Results 1 to 9 of 9
Windows Server 2012 Thread, Copying user and school data from old server/domain to new server/domain in Technical; Hi all We are starting a fresh at a school, with around 300 users the old server was in a ...
  1. #1

    Join Date
    Aug 2009
    Posts
    76
    Thank Post
    2
    Thanked 9 Times in 5 Posts
    Rep Power
    12

    Copying user and school data from old server/domain to new server/domain

    Hi all

    We are starting a fresh at a school, with around 300 users the old server was in a bad way so easier to get new and start over and get rid of the unwanted problems in AD. So obviously all SIDs are different despite logins being the same etc. Old server was 2003 new is 2012.

    Problem is weve started creating all users and testing, were using folder redirection for all folder and roaming profiles as before, i need to copy all the users data from the old server to the new server, but there is an issue with this:

    1. Whats the best method to export the usernames from the old server and reuse them on a new domain, stripping the old domain info such as SIDs etc.

    2. The redirected folders are not even created until the user logs in,so the folder structure isnt there to copy until everyone has logged in. Is there something that will log all the users in for me if all passwords are same to begin with.

    3. Copying the data across doesn't inherit any permissions, as the permissions are set out as we always do, and only the creator owner permission is on - This folder only, so when they log into the system the folder are created with there permissions, but and Admin copying the files into the folder is the creator so they get the permissions. Whats the best way of doing this.

    Any help or guidance will be ace, as im sure this isnt the first time someone has done a migration without keeping same domain and security etc.

    Thanks

    Scorps

  2. #2

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    Quote Originally Posted by Scorpio View Post
    Hi all

    We are starting a fresh at a school, with around 300 users the old server was in a bad way so easier to get new and start over and get rid of the unwanted problems in AD.
    I would personally question the wisdom of that advice, which I've seen repeated here a few times, but no matter.

    Quote Originally Posted by Scorpio View Post
    Problem is weve started creating all users and testing, were using folder redirection for all folder and roaming profiles as before, i need to copy all the users data from the old server to the new server, but there is an issue with this:

    1. Whats the best method to export the usernames from the old server and reuse them on a new domain, stripping the old domain info such as SIDs etc.
    Export a list of usernames to a CSV file on the old system. Use it as a template to create new users on the new system. There are countless tools around to do both so I'd just say use what you find comfortable here.

    Quote Originally Posted by Scorpio View Post
    2. The redirected folders are not even created until the user logs in,so the folder structure isnt there to copy until everyone has logged in. Is there something that will log all the users in for me if all passwords are same to begin with.

    3. Copying the data across doesn't inherit any permissions, as the permissions are set out as we always do, and only the creator owner permission is on - This folder only, so when they log into the system the folder are created with there permissions, but and Admin copying the files into the folder is the creator so they get the permissions. Whats the best way of doing this.
    Migrate data by restoring the relevant part of the backups you must have on the old system onto the new system. There are, again, countless methods detailed here and elsewhere for setting up this kind of thing without having to resort to hacks such as "log every user on". There are, again, countless tools to do this but I personally like AD Manager Plus as a tool for creating accounts and properly provisioning their home folders from a CSV file, among the many other things it does (You could probably use it for your immediate issues during the trial/demo period and then decide if its worth paying for to use on an ongoing basis), and as for fixing permissions, running a script like the one below in the root of the home folders on the server should do it (based on/stolen from one that was posted here in the past):

    Code:
    @echo off
    
    icacls "e:\User Home" /inheritance:d
    echo Inheritance removed from home directory
    
    icacls "e:\User Home" /remove:g Users
    echo User read permissions removed from User Home root
    
    for /D %%i in (*) do (
      TAKEOWN /f "%%i" /r /d y > %%i.txt
      echo. >> %%i.txt
      ICACLS "%%i" /reset /T >> %%i.txt
      echo. >> %%i.txt
      ICACLS "%%i" /grant:r "INTERNAL\%%i:(OI)(CI)F" >> %%i.txt
      echo. >> %%i.txt
      ICACLS "%%i" /SETOWNER "INTERNAL\%%i" /T >> %%i.txt
      echo. >> %%i.txt
      echo %%i Permissions all reset >> %%i.txt
    
    )
    Last edited by Roberto; 16th August 2013 at 11:22 AM.

  3. #3

    Join Date
    Aug 2009
    Posts
    76
    Thank Post
    2
    Thanked 9 Times in 5 Posts
    Rep Power
    12
    Thanks for the info... can you put the script in a code box... ?

    Anyone else have some good info. Cheers

  4. #4

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    Sorry about that, I should have put it in a code box in the first place.

  5. #5

    Join Date
    Aug 2009
    Posts
    76
    Thank Post
    2
    Thanked 9 Times in 5 Posts
    Rep Power
    12
    Thanks, is there anyway you can explain how it works.... cheers

  6. #6

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    Quote Originally Posted by Scorpio View Post
    Thanks, is there anyway you can explain how it works.... cheers
    Hopefully whoever we stole it from here can chip in if I'm misunderstanding this and making a complete twit of myself but it assumes that this code is saved in a batch file in the root of the folder where all your user directories live, and that the home directory folders are equal to the user's AD user name (e.g. so I have a user for myself named 'rob' in AD, and the user 'rob' has a home folder in d:\user shares\rob on my file server.

    So if you have 'd:\user shares\' containing folders for each user's home area then this code is saved in d:\user shares as a batch file, then run it then loops through each directory it finds at that level and sets the correct permissions and ownership on that folder (e.g. sticking with my example above it takes the name of my account, 'rob', from the d:\user shares\rob folder and sets ownership and then file permissions on that folder to the user 'rob', then moves on to the next user share name in that folder, say 'd:\user shares\roc' and sets permissions on the roc folder correctly for a user named roc, then for the next folder it finds 'd:\user shares\rod' it sets permissions for that folder to allow the user 'rod' to have access, and so-on.

    This can also be done with AD Manager plus or other similar tools, which allow you to set permissions correctly on the user's home folder when the home folder is created as part of user creation.

  7. #7

    Join Date
    Aug 2009
    Posts
    76
    Thank Post
    2
    Thanked 9 Times in 5 Posts
    Rep Power
    12
    Many thanks, ive also found and amended a powershell scripts here which works, and you can tweak what groups have access.


    Code:
    Add-PSSnapin Quest.ActiveRoles.ADManagement    
    $rootfolder = Get-ChildItem -Path \\SERVERNAME\PupilsHomes$\
    foreach ($userfolder in $rootfolder) {
            $userfolder.FullName
            If (get-qaduser "DOMAINNAME\$userfolder") {
                Get-Acl $userfolder.FullName | Format-List
                $acl = Get-Acl $userfolder.FullName
                $acl.SetAccessRuleProtection($True, $False)
                
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.RemoveAccessRuleAll($rule)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("System","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Creator Owner","FullControl", "ContainerInherit, ObjectInherit", "InheritOnly", "Allow")
                $acl.AddAccessRule($rule)
    
                $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userfolder.Name,"Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
                $acl.AddAccessRule($rule)
    
                $acct=New-Object System.Security.Principal.NTAccount("DOAMINNAME",$userfolder.name)
                $acl.SetOwner($acct)
                Set-Acl $userfolder.FullName $acl
                Get-Acl $userfolder.FullName  | Format-List
            }
    
    }
    Read-Host "Complete Press ENTER to Close"
    Press ENTER:
    :

  8. #8

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,011
    Thank Post
    238
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    If you're comfortable with the Quest AD extensions for Powershell then you should probably give this question and answer on serverfault a look to solve the user and home folder creation too. I've not tested it but it looks about right.

  9. #9

    Join Date
    Aug 2009
    Posts
    76
    Thank Post
    2
    Thanked 9 Times in 5 Posts
    Rep Power
    12
    Ive found a script to do it, just tweaking now. Thanks

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 19
    Last Post: 27th July 2012, 12:01 PM
  2. Data from old version of eProfile
    By Serenastra in forum Educational Software
    Replies: 0
    Last Post: 23rd June 2011, 10:58 AM
  3. WSUS Manually copy to new server?
    By Shorty in forum Windows Server 2008
    Replies: 0
    Last Post: 12th September 2009, 08:06 AM
  4. cant access mymail since changed school address to new server
    By PEO in forum Virtual Learning Platforms
    Replies: 6
    Last Post: 4th January 2009, 03:55 PM
  5. Replies: 2
    Last Post: 8th March 2008, 02:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •