Active IQ Unified Manager Discussions

Copy CIFS share with the access rights

boristetsis
26,943 Views

Hi

Can I Copy files and directories from a windows 2003 Server to a NetApp filer with all the NTFS access rights, CIFS Shares and the CIFS Shares Access rights of each CIFS share. I know I can copy files and directories with robocopy and keep the NTFS access rights. I also need to copy the CIFS shares and the CIFS shares access rights.

Regards

Boris

16 REPLIES 16

sinhaa
26,855 Views

Robust File Copy i.e. robocoy will copy the files and folders to the destination, but their CIFS access rights will not transfer. You need to do that manually yourself from the filer using cLI or filerview or system manager once copying is done.

I hope this helps.

warm regards,

Abhishek

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

RJThomasSA
26,855 Views

I use "xxcopy" in "backup" mode (/backup) to transfer the bulk of the files and directories with all attributes (also need long filename /fl) then clean up all attributes by running BeyondCompare - both available as 30 day trial for once off use or relatively inexpensive if you need longer term. I usually add /sc to the paramater list to make sure all security comes across.

BeyiondCompare seems to be exceptionally powerful at moving all attributes to the target, and has a wonderful GUI that makes it easy to select directories to include or exclude.

The one trick is that the base cifs shared volume needs to have permission of everyone full control, I then make a directory that lies underneath that with administrator ownership and inheritted attributes disabled in "properties" "Security" "Advance" "Auditing".  If you fail to deal with inheritted attributes you won't get  a clean copy, and if you try acting on the root share level it seems unhappy.

Once you have carried out the copy you can browse the data structure in System Manager / CIFS and set mount points at various levels of the data structure you have copied in.  You can name those share points as you wish in the System Manager wizard. It does not change the directory names - so further runs of Beyond Compare can freshen up your CIFS copy, but you can then map drives in Windows Explorer from a client machine using the mount point names you set up in the System Manager wizard.

My experience is that xxcopy is far more powerful and reliable than robocopy. xxcopy has to be installed in an administrtor level command prompt, and run in the sam eway. When you do that you have no mapped network drives, so you need to then issue:

net use S: \\sourcesys\srcvol /u:adminuser

net use Z: \\fascifs\cifsvol  /u:adminuser

then xxcopy s: z: /backup /fl /sc /pb   (/pb give you a progress bar)

Once xxcopy does the bulk copy then use BeyoondCompare. If you find differences, you can then use the left to right or right to left "green arrow" in the GUI to copy files & attributes from one structure to the other. Take care you remember which way is source, which way is destination.

All of my experience ha sbeen in Windows 2008R2 64 bit environment, and certainly the versions of Robocopy are different between Windows versions.

Software from  http://www.xxcopy.com/index.htm and http://www.scootersoftware.com/download.php for BeyondCompare.

andrew_nomura
26,856 Views

I also recommend Robocopy...

Simple and easy and does the work...

Darkstar
26,855 Views
We're using RoboCopy for this sort of migration.

robocopy "<sourcepath>\." "<destinationpath>\." /B /S /E /PURGE /COPY:DATSO /XD "System Volume Information"

-Michael

boristetsis
26,855 Views

Hi

Thanks for your Input.

secure copy wil do the job

https://now.netapp.com/Knowledgebase/solutionarea.asp?id=3.0.3170247.2644771

it can copy files, directories, ntfs security, shares, share security

http://www.scriptlogic.com/Products/SecureCopy/secure-copy-5.0-datasheet.pdf.

Regards

Boris

philippe_mouchet
26,855 Views

Hope not too late, but this may help new users...

I used the following script to achieve the migration of a Windows server to a Netapp CIFS. You just have to add the robocopy call to transfer files and directories.

$source is the Windows source server

$dest is the Netapp target server.

First robocopy all files and folder from your Windows Server to the NetApp volume.

Then replace "/vol/vol_cifs_1a/" by your volume (/vol/mpls001-test)

Change the path to permcopy

Run the script to copy share and ACL from Windows server to the NetApp.

     Param ($source, $dest)

     Import-module DataONTAP
     connect-nacontroller $dest

     $Share= Get-WmiObject win32_share -computer $source  | Where { $_ -match “share” }
     Foreach ($s in $Share)

     {

       try {
                 $exist = Get-NaCifsShareAcl $s.name
             }
       catch
               {
                  # Error <=> share doesn't exist                

                  $shrPath= "/vol/vol_cifs_1a/" + $s.path
                  Add-NaCifsShare -Share $s.Name -Path $s.Path -Comment $s.Description

                  # Call Permcopy (Windows toolkit) to copy ACL

                  c:\temp\ps\permcopy.exe \\$source $shrName \\$dest $shrName

               }
        }

    }

Ce message a été modifié par: philippe_mouchet

sivar
26,855 Views

Hello,

Could you please email me at sivar at netapp.com ?
I would like to know more about your script and its capabilities.

Thanks,
Siva Ramanathan

DAVID_RHODES
26,855 Views

This option might be a little off the wall but it worked for what I needed.  My environment consisted of 3 TB of data that needed to be migrated with little to no downtime.  Robocopy would normally work but the incrementals took way too long for 3 TB and if for some reason the robocopy failed because of permissions being hosed somewhere down the directory chain I would have to manually take ownership and then pick up the robocopy where it left off.  That would take a lot of baby sitting.

here is what I did.  I got a temp license from Netapp for a Secondary SnapVault license for the filer, along with an OSSV (open system snapvault for windows) and installed that on the host.  Because OSSV keeps an internal database it knows of any files that have changed.  I ran OSSV on the windows host and let it do the initial dump of 3TB which took about 2 days.  After it was done I did an update which took about 4 hours.  After that I setup a schedule to OSSV any changes every hour.  When i was ready to cutover i did one last OSSV update which took about 20 min.  I then broke the relationship and turned the read-only qtree into a read-write qtree and presto.  All my perms and no missing data with little to no downtime.  Here is the link to turn a read-only snapvault into a read-writable volume.

https://kb.netapp.com/support/index?page=content&id=1010906

scottgelb
26,855 Views

I think there was an issue with OSSV (only for migrations like this) when there was a local user on the server that the local SID isn't updated or something but can't remember... any local users and any issues once writable on the NetApp?  If no local users I think it was fine (and may actually be fixed now).  Nice to see a tool used for multiple purposes...meant for backup but useful for cutover too.

DAVID_RHODES
14,011 Views

I'm not sure about that one.  I did run into two issues.  One was that OSSV uses time stamps to determine if a file was modified.  So if you modified permissions on a file or folder you wouldn't get the update because changing perms doesn't modify the time stamp, you would have to modify the file or folder as well.  The other was that i forgot to change the permissions on the root volume where the OSSV dumped the qtree too.  Because inheritance is set by default the qtree took on the added perms.  Just be sure to set the root volume with the right perms before you OSSV the qtrees into it.

Hope this helps.  Scott i would be curious if you could find the burt or an article about this.  I used this method almost two years ago so hopefully it was fixed.  We asked consultants to do this for us and they wanted to charged $65000 and use an F5 appliance.  I did it with two free licenses and a weekend.

scottgelb
14,011 Views

I will try to find it...it was an issue at a customer where we ended up using VFM several years ago... VFM updated the filesid for the target netapp while ossv left the filesid the same as the server where the file was migrated from...that affected the local user (but not domain users if I remember correctly).

hemard
14,011 Views

Hi David,

We are bumping in the exact same problem your are describing with either robocopy or SecureCopy. This is very frustating and time consuming to say the least...

My questions may rookie-ish as I don't know how OSSV works, but here it is:

1- Does OSSV support having 2 volumes as Sources and backing it up on one qtree? (I have 2 drives 😧 and E: on my original server which content should be migrated to the Netapp system)

2- Will OSSV recreate the network shares on the targeted qtree(s) or will I have to create them manually? My client has around 60 shares.

3- (and last) Can you confirm that the netapp procedure you are referring to literally converts the ReadOnly volume instead of duplicating it (which would require time and double the space on the storage system)?

Thanks in advance for any answer you would provide me with,

Best Regards,

Gilles

DAVID_RHODES
14,010 Views

Great questions.  The answers are in Bold.

1- Does OSSV support having 2 volumes as Sources and backing it up on one qtree? (I have 2 drives 😧 and E: on my original server which content should be migrated to the Netapp system)

OSSV is like snapvault and will let you put things in the same qtree or create a new one.  So the answer is yes.

2- Will OSSV recreate the network shares on the targeted qtree(s) or will I have to create them manually? My client has around 60 shares.

Unfortunately you will have to recreate them.  We did a query to pull the shares from the windows host and then from a windows host used RMTShare to recreate them on the NetApp.  If you want i can try and find the VBScripts that we used to do this.

3- (and last) Can you confirm that the netapp procedure you are referring to literally converts the ReadOnly volume instead of duplicating it (which would require time and double the space on the storage system)?

I know for a fact that it will turn it into a Read/Write and not duplicate them.  Always test the whole procedure first using dummy data.  You're going to want to make sure all the permissions, Shares/NTFS are setup properly on the NetApp Volume before any qtrees and data are migrated.  By default inheritance is set on the NetApp and the everyone group is usually the default group.  You're obviously going to want to remove it.

Hope this helps.

scottgelb
14,010 Views

Does OSSV collate now? D and E to the same target qtree? Last time I used it. A while ago... I was able to use the same target volume but each drive took a different qtree target relationship. AD backup also took separate qtrees.

adaikkap
14,010 Views

Any primary dir( be it a directory or a drive) is always snapvaulted to a single qtree in case of OSSV. Unlike whole volume snapvault where an entire volume with multiple qtree can be backed up to a single destination qtree.

Regards

adai

hemard
11,366 Views

Thank's a lot for your answers David.

Much appreciated.

If it's not too much trouble, I'd be glad to have a look at your VBscripts.

Best regards,

Gilles

Public