|
|
|||||||
I moved user home directories from one drive to another on a Windows 2000 file server. Administrator is now the owner. I'd like to set the Ownership of each directory to its respective user. Need to do: 1. Extract the subdirectory listing from F:\Home. 2. Match a username to each subdirectory (if exist). 3. Change the ownership. Shell 'cmd.exe /c @scriptdir\xcacls $BaseHomeDir\$username /g $domain\$username $username:o' Does anyone have a script that they are already using (and willing to share)? This seems to be a common problem when moving home directories with Microsoft Windows. tjcarst |
||||||||
|
|
|||||||
I have written a SetOwner program that I will post to my site this evening sometime. |
||||||||
|
|
|||||||
Thanks, Howard. I need to step through what is happening and make some sense of each step in order to troubleshoot. I will stop scratching my head and wait to see if SetOwner will work for my environment. This makes no sense to me that MS would not allow for the change of ownership when moving directories. If the systme was a clean install and users immediately created files it would work. And if you wanted to add space by bakcing up the data, installing add'l space, and restoring, this is is always going to be a problem for administrators. So frustrating. Quote: |
||||||||
|
|
|||||||
Please take a look at the following post and see if it helps any. http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=57147 Also XCOPY supports keeping all that information. /O Copies file ownership and ACL information However, if you've already moved the files, then none of this is going to help much. XCacls can take ownership but don't think it can SET ownership to another account even though the OS supports it. I know you can assign ownership as the program Security Explorer from Small Wonders (Now owned by ScriptLogic) is able to do it. http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_SEconceptsUnOwn.asp |
||||||||
|
|
|||||||
I knew it was out there. Just had to find the link. Please take a look at the following links which hopefully will provide the details you require to accomplish this task. SubInACL update Set the owner to any user/group http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Board=UBB14&Number=121194 SetACL is a set of routines for managing Windows permissions (ACLs) from the command line Set the owner to any user/group http://setacl.sourceforge.net/ Quote: |
||||||||
|
|
|||||||
Isn't there some issue with XCACLS turning on inheritance? Might not be an issue with home folders but still. I believe CACLS (at least the newer, bug free one) does not have the same problem with inheritance. When I moved all my users' home folders from NetWare to DFS, I used SubInACL. Since the UserID was the same as the folder name, it didn't take rocket science to knock off a quick script. |
||||||||
|
|
|||||||
SetOwner.exe is now on my web site. http://home.comcast.net/~habullock/Perlutilities.htm |
||||||||
|
|
|||||||
hmm, why not use ms resource kit 'robocopy' with the /SEC switch, but i spose that'll only take current ownership across not set new ownership? how have you got on anyway? |
||||||||
|
|
|||||||
Thanks, everyone. I will review submitted links and try SetOwner. tjcarst |
||||||||
|
|
|||||||
SetOwner works for my purpose. I have 790 home folders to change, I'd better get busy. Thanks! |
||||||||
|
|
|||||||
a little looping program should make short work of those... |
||||||||
|
|
|||||||
Unfortunately, it would take me longer to figure out the looping program than to type each manually. I am cleaning up the user folders for employees who are no longer here while I am at it. If I could get it to log errors for the folders that could not find a matching username, it would be worth the time. I am not a programmer and it takes me forever to get a script that works. Finding SetOwner was a godsend. Thanks! tjcarst |
||||||||
|
|
|||||||
What is your perception of the performance of SetOwner? |
||||||||
|
|
|||||||
Fairly quick. I set ownership of a 2gb (4,351 files) home direcory in 2 minutes. I could time it for you if you wish. It is running on a quad processor file server. It would be nice if it returned an error indicating no such username found instead of the current error for EACH file. It fills up the screen. If it could check for the existence of a matching username first before trying to take ownership, it would be prettier and quicker. Directory existence checking too, for those of us with fat fingers. But, this is still a great utility for me. I've been bothered for over a year with Administrator owning files on the server when we migrated from Novell. I ran out of disk space yesterday and needed to move the files to a new disk on the server. Had I remembered and used xcopy, I would have been safe. But, had I had this utility a year ago, I would have been a much happier network admin. I am happy I found it now |
||||||||
|
|
|||||||
Working on those common sense enhancements for you...stay tuned. I had upgraded my Perl and modules used for this program. It does not seem to function properly once compiled.... Still working on it... |
||||||||
|
|
|||||||
It will be nice to use as a method of determining when an employee no longer has an AD account. I am just getting to the letter L (372 done) and I have found over 60 home folders with no matching user account. I will run the SetOwner on the home folders monthly to find out what home folders need to be removed. Thanks, Howard! |
||||||||
|
|
|||||||
There should be much better ways to tell when an employee is no longer there and cleanup the user directories. A suggestion would be to use EnumObject.exe to output the accounts with properties. Run it once a month and compare the outputs remove the directories that are no shown in the new report. |
||||||||
|
|
|||||||
LES: Yes, XCACLS did have an issue but not when you did a complete replacement of permissions, only when you edited them. However Tj appears to have already moved the files so the only real option here is SubInACL, SetACL, or Howard's SetOwner which apparently is the method Tj chose. eyecantw8: Yes, one "could" have used RobCopy (GREAT UTILITY) to move or copy the files, but looks like Tj has already moved them and now just wants to reset the Owner attribute. Once could also use new versions of XCOPY which support maintaining the owner attribute. Appears there are now at least 3 good FREE methods of restoring or setting the file ownership. Microsoft's utility SubInACL http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&DisplayLang=en SourceForge utiliity SetACL http://setacl.sourceforge.net/ Howard Bullock's Perl solution SetOwner http://home.comcast.net/~habullock/Perlutilities.htm http://home.comcast.net/~habullock/Library/setowner.exe |
||||||||
|
|
|||||||
Thanks, everyone. The information is appreciated. Howard - yes there should be a better way. The problem I have is that ITS is notified to disable accounts for employees that leave, but to retain their home directory and mailbox until someone can review them. Often this is forgotten and the home directory is never deleted. So enumerating the accounts probably won't help me. The account is gone, but the home directory remains. I thought that by having a script run that looked at each home directory and found a matching user would be helpful IF the script generated a log for the directories without a matching account. tjcarst |
||||||||
|
|
|||||||
We name the user's home folder the same as their logon name. Then when a user leaves we place there entire home folder in an OBSOLETE folder with the date it was moved. That way it can easily be reviewed for deletion. Example: OBSOLETE JMSMITH_10-15-2004 BLWARNE_09-12-2004 Then if you need disk space or if your ready to remove you can easily see by the date which ones need attention first. There are ways or methods to automate this, but our management has opted not to automate. They prefer to review all data before deletion regardless. |
||||||||
|
|
|||||||
Thanks, NTDOC. Actually, I do this myself, but am not normally the one who works with setting up or disabling the accounts. Getting others to follow this example is the trick. I'll work on it, though. tjcarst |
||||||||
|
|
|||||||
A slightly better method would be to use the date format like most of the World outside the US uses. OBSOLETE 04-09-12_BLWARNE 04-10-15_JMSMITH |
||||||||
|
|
|||||||
If you routine use EnumObject.exe or other method to dump the accounts. You could easily compare last months dump with the current one and know right away what accounts are no longer in the domain. The dump from last month would contain the home directory property data for the account. You would sinmply determine the account in the old dump that are not in the new dump and process the home directories. |
||||||||
|
|
|||||||
Thanks, everyone. I also use AutoShare Manager to share all user's home directories in a subfolder called Users and assign the user and Administrator full control. I wish ScriptLogic would add the ability to Take Ownership for the user assigned..... Wishfull thinking. |
||||||||
|
|
|||||||
Oops. Forgot to sign on for that last post. Howard - I know it is a simple task, but somehow I never have enough time for routine maintenance. Something new always needs added or something old always needs fixed. It nearly drives me crazy to think of all the things behind the scenes that need done that noone sees but me. I will give EnumObject a whirl and try to add it to my monthly To Do list. Thanks for the suggestion. tjcarst |
||||||||
|
|
|||||||
It is only one potential method to get to your desired end result. The basics will have to maintain a list of accounts in a data file, then periodically add new and report ones that are no longer there. If you need to have a click and go solution, I may be able to find some time to code something up. |
||||||||
|
|
|||||||
SetOwner.exe has been updated to provide input parameter checking and will exit with the proper error code if the parameters are invalid. I will try to get the size reduced some by finding a different methodology to validate the user account. This version is 1.0.2.0. |
||||||||
|
|
|||||||
Thanks, Howard. SetOwner works great! It sure was getting a workout for a few hours there! I would appreciate a simpler point and click solution, but don't spend a lot of time on it unless you see it to be useful for many lan admins. I've taken enough of your time. tjcarst |
||||||||
|
|
|||||||
Quote: Sorry, this is a KiXtart Scripting board. If you want point and click then you'll need to run on over to http://www.scriptlogic.com for some of their point and click solution software. Or you could go over to http://www.kixforms.com and get some of the CODE-POINT & CLICK software. |
||||||||
|
|
|||||||
Did you ever get this to work ?? Originally Posted By: tjcarst Thanks, Howard. I need to step through what is happening and make some sense of each step in order to troubleshoot. I will stop scratching my head and wait to see if SetOwner will work for my environment. This makes no sense to me that MS would not allow for the change of ownership when moving directories. If the systme was a clean install and users immediately created files it would work. And if you wanted to add space by bakcing up the data, installing add'l space, and restoring, this is is always going to be a problem for administrators. So frustrating. Quote: $domain='domainname' $basehomefolder='f:\home' $computer='servername if not $computer $computer = "." endif ;GET FOLDERS $colfolders=GetObject('winmgmts:{impersonationLevel=impersonate}!\\' + strComputer + '\root\cimv2').ExecQuery('ASSOCIATORS OF {Win32_Directory.Name=$basehomefolder}' + 'WHERE AssocClass = Win32_Subdirectory ' + 'ResultRole = PartComponent') for each $objFolder in $colSubfolders $homefolder = objFolder.Name ? "Home Folder " + $homefolder ? @serror ? next ;GET USERS $objOU = GetObject("LDAP://ou=Users,dc=domain,dc=local") $objOU.Filter = Array("user") for each $objUser In $objOU $aduser = $objUser ? 'AD User ' +$aduser ? @serror ? next ;MATCH USERS & FOLDERS for each $homefolder if $aduser = $homefolder Shell 'cmd.exe /c @scriptdir\xcacls $homefolder /g $domain\$aduser:o' endif next next |
||||||||
|
|
|||||||
I just noticed I did not ever answer. It's been so long I don't remember if it worked. I am currently migrating a 2003 file server to a netapp array and find myself faced with the same problem. Ironic I stumble upon my own post again. :-| |