I'm looking for some help on the following.

We are moving Appx 3,000 user's folders from 20+ NT 4.0 Servers to 1 NT 2000 Compaq SAN Server.

Resource Kit utilities DO NOT work. Permcopy and others work fine from 4.0 to 4.0 or from 2000 to 2000, but not when going from 4.0 to 2000

The user accounts are all global accounts.
We plan to restore the data and permissions (hopefully) from Veritas Backup Exec.
This does not get us the new SHARES or SHARE Permissions, or change the User Manager settings. Yes, Lonkero I have seen your post on only using KiXtart for this, but I would rather keep the built-in NT Mechanism rather then rely upon the KiXtart that may or may not always run. i.e. I want to recreate all my hidden$ shares.

As I see it I can probably either do like a DIR /B command to a text file and then parse it and have KiXtart shell and run NET SHARE and then shell and run XCALCS against the user names. If anyone has completed code for such a task, and or could assist me in creating such code I would greatly appreciate it. I'm not sure how to set the Share permissions though since they can not be done via the command line that I'm aware of except with util like PERMCOPY which does not work going from different OS versions.

I don't really want to use the SHOWMEMBERS utility either, since we have many accounts that are no longer valid. I only want to create for valid directories that currently exist.

In our SAN Server we have 2 volumes for user folders. A-M Users go on one volume and N-Z go on another volume. All of the SHARED data folders is another animal I will tackle next at another time.

Also, on another note. Does anyone know how to tell or get back what is the longest directory and or file name that exist on a volume? i.e. there is a 254 character limit that we don't want to run in to on our new systems, but we are taking up 20 characters with our new naming convention, before laying down the new SHARED data.

TIA for any and all help... We start this Friday night

I don't know if it'll work from NT4 to 2000. We'll go on the same process in some day, but if you success, let me know

*** I finally found it : RMTSHARE.EXE from ressource kit for setting shared folders permissions from command line

[ 17 July 2001: Message edited by: Popovk ]

Create a batch file with the following and run from the console (I just used it to create share points for our Citrix Users) -

code:

---

for /f "Tokens=*" %%i in ('dir /B D:\Citrix_Homedir') do NET SHARE %%i$=D:\Citrix_Homedir\%%i /Y
  

---

Thanks!

- Kent

Thanks again... just what I was looking for.

Thanks Popovk for the information JSI. I already knew that one, but I did not want to have to manually go through that list. We already have too many shares that are not valid which cause Event Viewer errors because our Helpdesk people have deleted folders without UNSHARING them first. Kyder's solution only creates shares for folders that currently exist without me having to manually intervene. The RMTSHARE.EXE program does allow you to change the SHARE permissions, but it was made for NT 4.0 and is not in the 2000 version, I have not tested it. However, as I said above, I can live with the Everyone on the share and use NTFS permission to control access.

Now let me see what I can / can't do with XCALCS

Thanks again

This command works to add the users rights to the newly created shares.

code:

---

for /f "Tokens=*" %%i in ('dir /B D:\users') do xcacls D:\USERS\%%i /T /E /Y /G yourdomain\%%i:C  

---

Thanks everyone

You get the following error by using XCACLS

code:

---

The permissions on "directory name" are incorrectly ordered, which may cause some
entries to be ineffective.  Press OK to continue and set the permissions correctly, or Cancel to reset the permissions.  

---

Pressing OK seems to correct it, but what a pain in the butt. There goes the automation.
Can not seem to find a cure or fix on USENET or MICROSOFT so far. If anyone has any insight please let me know.

Shawn, don't you program? How about writing/compiling the sample code from MS to correctly add users? just kidding, but do you have any suggestions to automate or fix this?

Thanks for any help

I don't have any silver bullet for you. But I have been following this thread with much interest... ummm... It seems as if you have the folder create and file restore bit covered-off, and the pieces missing are...

1) Create share
2) Permission share
3) Change usrmgr settings

Being a huge OLE fan - if I were in your shoes - I'd probably look at running an automated ADSI script against the SAN Server. ADSI can cover-off items 1 and 3 (ADSI supports NT4 as well). But the permissioning part is not supported by the WinNT service provider. But like you mentioned - all this can be done equally as well using command line utilities...

But I was curious at Popovk's suggestion that you use RMTSHARE... have you gone down that road yet ?

Maybe we should just gang-up and write a text-file (or dir-file) driven admin script that uses NET and RMTSHARE ?

-Shawn

[ 18 July 2001: Message edited by: Shawn ]

Thank you everyone for the help with getting this working.
Below are the steps I needed to perform to accomplish this task
(hopefully, only minor testing, real deal this friday night)

OPERATIONS to consolidate and move Users from Multiple NT 4.0 Servers
to a single Windows 2000 SAN

code:

---

STEP 1
:: Restore all user folders under USERS on 2 different volumes via Backup Exec
:: VOL1 = users A-M
:: VOL2 = users N-Z
STEP 2
:: Create share points for directories by Kyder
:: Must be run from the Server it is being used on
:: Does not change any SHARE permissions - It inherits the Everyone Full
:: Folder and File access will be controlled by NTFS permissions.
for /f "Tokens=*" %%i in ('dir /B D:\users') do NET SHARE %%i$=D:\users\%%i /Y
for /f "Tokens=*" %%i in ('dir /B E:\users') do NET SHARE %%i$=E:\users\%%i /Y
STEP 3
:: Change NTFS file permissions based upon directory name by Ron Lewis - July 17, 2001
:: (meaning user names and directory names for Home Directories must match)
:: Can be run from any NT Workstation remotely.  Must have Domain Admin Rights.
:: XCACLS allows some special folder permissions that CACLS does not, but this was
:: not a big consideration for our usage.
:: NOTE! XCACLS is broken and CACLS was broken but CACLS was fixed in Windows 2000 SP2, so far XCACLS is not fixed
:: Cacls.exe Orders ACEs Incorrectly When Granting Rights
:: http://support.microsoft.com/support/kb/articles/q268/5/46.asp? 
:: Current Permissions from USERS has (Domain Admins and SYSTEM) directories below USERS inherit these permissions.
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\VOL1\users') do ECHO Y| cacls \\sm-cag-fp03\VOL1\users\%%i /T /E /C /G WDI\%%i:C
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\VOL2\users') do ECHO Y| cacls \\sm-cag-fp03\VOL2\users\%%i /T /E /C /G WDI\%%i:C
STEP 4
:: User Manager Home Directory update by Ron Lewis - July 17, 2001
:: You must run this batch file from a BDC to update the User Manager settings.
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\vol1\users') do NET USER %%i /homedir:\\sm-cag-fp03\%%i$
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\vol2\users') do NET USER %%i /homedir:\\sm-cag-fp03\%%i$
  

---

Does anyone see anything obvious that I may be missing here? Aside from the Outlook Personal Folders that will probably break. Not sure I have time to tackle that one yet, but may have to when we move the other 2,800 users. Can't be visiting that many desktops.

[ 18 July 2001: Message edited by: NTDOC ]

With the Citrix example I provided, it worked fine. It is understandable with the files to use XCALCS as there are more than just the initial folder there. I was going to suggest Cluster Admin, but is painfully slow.

Hmmmmm...
Hmmmmm...
Hmmmmm...

- Kent

[ 19 July 2001: Message edited by: kdyer ]

Well, everything went quite well. Completed migration of one server in about 2 hours.

Here is what was used to complete the task.

Share out the User folders on each volume

code:

---

@ECHO OFF
REM Filename FP03SHARES.BAT
REM Last modified by NTDOC on July 18, 2001 - Idea by Kyder
CLS
ECHO.
ECHO This batch file will share all folders as a hidden share using
ECHO the name of the folder as input.  It must be run from the same
ECHO server it will be changing the shares on.
ECHO.
ECHO Press CTRL-C now to quit this batch file.  
ECHO Otherwise press any key to continue...
PAUSE >nul
for /f "Tokens=*" %%i in ('dir /B D:\users') do NET SHARE %%i$=D:\users\%%i /Y
for /f "Tokens=*" %%i in ('dir /B E:\users') do NET SHARE %%i$=E:\users\%%i /Y
 

---

Change Rights on User Folders

code:

---

@ECHO OFF
REM Filename FP03RIGHTS.BAT
REM Created and Last modified by NTDOC on July 18, 2001
CLS
ECHO This batch file can be run from any Workstation with XCALCS on it
ECHO.
ECHO This batch file will reset ALL the file and folder permissions on
ECHO the SAN Server (SM-CAG-FP03  VOL1\USERS and VOL2\USERS)
ECHO It will remove all current permissions and set the following permissions
ECHO (Domain Admins-Full, Administrators-Full, SYSTEM-Full, and USER-Change)
ECHO.
ECHO WARNING - WARNING   This is an irreversible action. 
ECHO.
ECHO It may take half an hour or more to complete.  
ECHO Please contact ???? for any questions.
ECHO.
ECHO Press CTRL-C now to quit this batch file.  
ECHO Otherwise press any key to continue...
PAUSE >nul
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\VOL1\users') do xcacls \\sm-cag-fp03\VOL1\users\%%i /T /Y /P "WDI\DOMAIN ADMINS":F;F Administrators:F;F SYSTEM:F;F WDI\%%i:C;C
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\VOL2\users') do xcacls \\sm-cag-fp03\VOL2\users\%%i /T /Y /P "WDI\DOMAIN ADMINS":F;F Administrators:F;F SYSTEM:F;F WDI\%%i:C;C

---

Change Home Directory in User Manager

code:

---

 
@ECHO OFF
REM File name CHANGEHOMEDIR.BAT
REM Last modified by NTDOC - on July 18, 2001
CLS
ECHO This batch file is used to change the Home Directory 
ECHO for all users on SM-CAG-FP03 VOL1 and VOL2
ECHO You must run this batch file from a BDC to update 
ECHO the User Manager settings.
ECHO.
ECHO Please contact ???? if you have any questions
ECHO Last updated: July 18, 2001
ECHO.
ECHO Press CTRL-C now to quit this batch file.  
ECHO Otherwise press any key to continue...
PAUSE >nul
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\vol1\users') do NET USER %%i /homedir:\\sm-cag-fp03\%%i$
for /f "Tokens=*" %%i in ('dir /B \\sm-cag-fp03\vol2\users') do NET USER %%i /homedir:\\sm-cag-fp03\%%i$

---

We changed all the rights on the user directories because they were all in a mess from years of invalid permissions carried over from our days of Novell.

Now I need to work on a KiXtart script that will create a new user, add them to the Domain, create their folder, share their folder, then give them rights. Would also like to come up with a way of doing above when we migrate other user folders onto this SAN, but ignore folders that are already there. Ideas anyone? Maybe read a list then feed it back somehow?

Thanks again to all for ideas on this post and others out there that helped me to get this done.

[ 25 July 2001: Message edited by: NTDOC ]

You maybe able to use the Resource Kit tool PERMCOPY. That is, if you wanted to keep the perms the same. Or, ACLs from one server to another..

code:

---

C:\>permcopy /?
Copies the permissions (ACLS) from one share to another.
PERMCOPY \\SourceServer ShareName \\DestinationServer ShareName

---

This maybe a bit late...

Oh well.

On the User Management piece, you should have a gander at the last reply btw Shawn and myself at Manipulate User Account Properties.

Thanks,

- Kent

[ 25 July 2001: Message edited by: kdyer ]

code:

---

code:<hr><font size=1 color=#400099><pre>
;place your really long lines here... for every to see quess... should help a little.
</pre></font>

---