[OUPA]MrNutz
Expert Member
hi.I've got a 2003 server domain - i'd like to redo a specific server . is there a good utility that can export the folder's security/group permissions so that i can import it later again?
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
server 2003 folder/group permissions export?
- Thread starter [OUPA]MrNutz
- Start date
!!!COMPLETE BACKUP FIRST!!!
Maybe a script scanning the files [ for /f "delims=," %i in ('dir /a /s /b *.*') do cacls /s %i >>caclsout.txt] for their ACLs
Get a dump of the current AD sid for the users to a csv file. This can be done via WSH or other means. You should get some data that looks like "PersonA;S-1-5-21-123456789-1234567890-1821309332-4516;{81A3F0EE-04B7-CA38-1654-D26694825BBD}"
Do a little access/excel/base magic, map the SID to the users. You will probably notice a pattern in the first few segments of the SID numbers -- The pattern will be useful later to check the output for errors.
Create the new AD and users (can also be scripted) and dump the new SIDs for the new domain... more access/excel/base magic later
Create an output file for the apply script.
Copy data and run a similar script as above to apply the correct permissions -- probably some like [ for /f "tokens=1,2 delims=" %i in (caclsin.txt) do cacls %i /S:%j
Your mileage may vary. I've used similar scripts during an Easter long weekend to cut-over to a new domain, but keep the users desktop profiles intact (I.E it didn't look like everyone involved had worked day and night while everyone else was at the beach ... seamless apart from the users having new passwords)
...Or pay someone else to do work
(already built program / new program / sub-contract / slaves)
Maybe a script scanning the files [ for /f "delims=," %i in ('dir /a /s /b *.*') do cacls /s %i >>caclsout.txt] for their ACLs
Get a dump of the current AD sid for the users to a csv file. This can be done via WSH or other means. You should get some data that looks like "PersonA;S-1-5-21-123456789-1234567890-1821309332-4516;{81A3F0EE-04B7-CA38-1654-D26694825BBD}"
Do a little access/excel/base magic, map the SID to the users. You will probably notice a pattern in the first few segments of the SID numbers -- The pattern will be useful later to check the output for errors.
Create the new AD and users (can also be scripted) and dump the new SIDs for the new domain... more access/excel/base magic later
Create an output file for the apply script.
Copy data and run a similar script as above to apply the correct permissions -- probably some like [ for /f "tokens=1,2 delims=" %i in (caclsin.txt) do cacls %i /S:%j
Your mileage may vary. I've used similar scripts during an Easter long weekend to cut-over to a new domain, but keep the users desktop profiles intact (I.E it didn't look like everyone involved had worked day and night while everyone else was at the beach ... seamless apart from the users having new passwords)
...Or pay someone else to do work
(already built program / new program / sub-contract / slaves)