Page 1 of 1 1
Topic Options
#113139 - 2004-02-03 09:52 AM Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
hallo

We are migrating to win2003 in a few weeks.

We are going to rename user accounts from 3 letters to firstname.lastname

Problems during migration using ADMT, not migrating Built in group "Domain users & Domain Admins".
Also during Security translation, the groups are not updated.
The rights on the users home shares are as follows:
Share: Domain Users = Full Control
Ntfs: User = full control , Domain Admin = Full control

Do anyone have an Idea how to add "domain admins & and Domain users both to the share ande NTFS rights to the user home share

Have tried simple cmd files:
Code:
 for /f %%x in (n:\users.txt) do rmtshare \\FileSrv\%%x$=d:\users\%%x /grant "New_Domain\Domain Users":"full control" >>n:\share.log




Domt know how to match old username with new username format

Any Ideas

\regards
Erik

Top
#113140 - 2004-02-03 10:00 AM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
k, there is no way that this would be even legal.
it's user's homeshare.
nobody else than the user should have access to the files via the share.
_________________________
!

download KiXnet

Top
#113141 - 2004-02-03 10:16 AM Re: Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
Check the rights again.

The User (@userID) + Domain admins has "full control" on NTFS rights

I think this i legal

\erik

Top
#113142 - 2004-02-03 10:42 AM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
filesystem rights are different than the ones in shares.
please don't mix them.
Quote:


Do anyone have an Idea how to add "domain admins & and Domain users both





this is what I mean.
no file or folder, you talk about share.
neither of these groups belong to the user's share.
_________________________
!

download KiXnet

Top
#113143 - 2004-02-03 11:04 AM Re: Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
The user home shares looks like this:

Folder is shared "Old_domian\@username$"
Share permission = old_domain\Domain Users = Full Control
Folder/File permission = old_domain\Domain Admins = Full Control + The User (old_domain\@userID) = Full Control.

I have to mix them, I have made the Share open for Domain Users = (everyone), then limit the rights on files and folders. Dont know if this is the correct way !!

As i described I want to change both the share rights and the file and folders permissions. on all the users shares.

The tool for migration from microsoft dont update the rights on build in groups.

Ex the old rights "old_domain\domain admins" should be changed or add to "new_domain\domain admins"

Hope you understand what I mean ??

\erik

Top
#113144 - 2004-02-03 11:45 AM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
ok...
now we talking.
MS tools are indeed bad.
think hoby has the tools you need.
and he has a way good document on migration too.
dunno if on subject though
http://mywebpages.comcast.net/habullock/Cost_Eff_Domain_Migration.htm

for more, check at:
http://home.comcast.net/~habullock/kix_solutions.htm

btw, there is reskit tool called rmtshare (remoteshare) with which you can control shares.
to remotely retrieve current share perms see my udf at:
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=82946&page=24&view=collapsed&sb=3&o=all&fpart=1
_________________________
!

download KiXnet

Top
#113145 - 2004-02-03 12:55 PM Re: Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
A small side step.

Perhaps its simplier to recreate all users folders using batch, setting the correct share and folders permsissions using nt recource kit programs, XCACLS.EXE and rmtshare.exe.

Code:
 for /f %%x in (d:\new_users.txt) do md %%x >>d:\log.txt

for /f %%x in (d:\new_users.txt) do xcacls d:\users\%%x /g "New_domain\Domain Admins":F /y

for /f %%x in (d:\new_users.txt) do xcacls d:\users\%%x /e /g new_domain\%%x:F /y

for /f %%x in (d:\new_users.txt) do rmtshare \\filesrv\%%x$=d:\users\%%x /grant "new_domain\Domain Users":"full control" >>d:\log.txt



This batch code is fast and works

But one problem still exist.


Ex user: adam bertil
old share "abt$"
new share "adam.bertil$"

How to copy from the old share to the new.
I have tried
Code:
 for /f %%n in (n:\old_users.txt) do xcopy \\filesrv\%%n$\*.* Filesrv\%%x$\ /S /E /D 


but theres no referense between old and new username.

also tried readline but my I am unable to figure out how to extract $old and $new.
Tried left and right but old usernames are not precis.

Seems like some kind of array is the solution, but I don know how to.

My ex:
Users.txt
abt,adam.bertil

How to split and get $a and $b, then make the copy

\erik

Top
#113146 - 2004-02-03 01:50 PM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
no reference between old and new?
if there is no way to decide, you can't do it manually either.
_________________________
!

download KiXnet

Top
#113147 - 2004-02-03 02:22 PM Re: Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
some kind of referance exist, but not during batch command.

I have a txt file, with the old username and the new ones , with the following format:
abt,adam.bertil
dfp,david.filip
egv,erik.gustav
Can I get the value "abt" to be ex a$ then make adam.bertil to be b$
Then make the copy
Code:
 copy 'a$' 'b$' 




???

\erik

Top
#113148 - 2004-02-03 02:25 PM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
not sure why you want that.

retrieve the original name from the sharename or somewhere, read from the textfile the matching new and make the share with that.
the files you can move with robocopy to ensure correct moval.
_________________________
!

download KiXnet

Top
#113149 - 2004-02-03 02:40 PM Re: Folder Rights
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
ROBOCOPY should do the trick.. Use the /SEC Switch..

http://www.ss64.com/nt/robocopy.html

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#113150 - 2004-02-03 02:46 PM Re: Folder Rights
Dakota Offline
Fresh Scripter

Registered: 2004-02-03
Posts: 9
maybe Im a bit unclear

please read the following.

I would like to copy from 1 file to another.

Today the folder names is in 3 letters format
After migration they will be in format firstname.lastname

Source folder name is called "abl"
Target folder name is called "adam.bertil"

I have a text file with all usernames in format:
abl,adam.bertil

Theres is about 350 user folders

Is it possible to copy from source to target folder using this text file or is the format incorrect ?
If it is incorrect how should the format be ?

Im afraid I cant explain more specific.

regards
\erik

Top
#113151 - 2004-02-03 03:09 PM Re: Folder Rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22332
Loc: OK
sure, understood perfectly.
but you don't want to copy file per file.
so, you need robocopy.

just take and read that text-file and do for each:
for each $line in $file
$line=split($line,"separator")
shell "robocopy /mir "+$OLDservershare+"\"+$line[0]+" "+$newservershare+"\"+$line[1]
next

so, what is that I don't understand?
_________________________
!

download KiXnet

Top
#113152 - 2004-02-03 04:43 PM Re: Folder Rights
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11162
Loc: Boston, MA, USA
Maybe I'm not getting it, but why not just rename the folder, then reapply the NTFS security via appropriate security tools (they are discussed elsewhere on this BBS, search for 'CACLS'), then set the share permissions to the user. If the folders need to eb migrated to another computer/partition (not mentioned in thread), then ROBOCOPY (preferably the W2K3 version) will be the tool of choice.
_________________________
There are two types of vessels, submarines and targets.

Top
#113153 - 2004-02-03 04:54 PM Re: Folder Rights
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2079
Loc: Tulsa, OK
If there's only 350 folders...Why dont you just start Right-clicking and renaming. You probably could have had it done already.
Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 158 anonymous users online.
Newest Members
anhkfr, adamlevine, katherinknul, phamthuy, xuantu075
17631 Registered Users

Generated in 0.037 seconds in which 0.012 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org