Migration is always popping an issues to bring the service online. Moreover folder permission playing a big role in all scenario; Apparently spent lot of time to fix data migration issues from Windows 2008 server to Windows 2012 server. So replace permission required to complete the migration.
Scenario:
Application data needs to be migrated (folders & files) from Windows 2008 server [SERVER2K8] to Windows 2012 server [SERVER2K12]. Consider the folder permission as old server local security groups named ‘SERVER2K8\App Admin’, however copying the data using robocopy with permissions using below scripts
Copy folder with privileges
|
1 |
robocopy \\SERVER2K8\Data \\SERVER2K12\Data /E /copy:DAS |
save and restore folder permission with substitute, deleted or unavailable user’s SID will not work.
|
1 |
icacls /restore /substitute [oldAccount] [newAccount] |
Hence, ‘SubInACL’ script with replace parameter helps to fix SID mapping to resolve broken rights, download and install Windows Resource Kits. Similarly Applicable for domain account and group migrations.
Replace permission for broken SID with new user/groups ID
|
1 |
SubInACL.exe /subdirec \\SERVER2K12\Data /replace=S–1–5–21–xxxxx–xxxxx–xxxxx–xxx=S–1–5–21–yyyyy–yyyyy–yyyyy–yyy |