Microsoft Virtualization Discussions
Microsoft Virtualization Discussions
I need to get a list of all shares and folder/subfolders along NTFS permissions (user and permission) in a netapp with millions of folders.
I know you can use this command and it will return permissions for one folder you specify
vserver security file-directory show -path /marketing -expand-mask true
But I need to do a report of a netapp that has 1 million of folders/subfolders so traversing folders and invoking this command folder by folder will take so many hours.
By now i have been doing this with standard windows APIs to list folders and subfolders and get-acl permission per folder but as i said it is too slow.
Is there any file where this info is stored or a way to query security file-directory to report all subfolders ? or other way like in windows you can use ntfs walker/journal or similar to query ntfs metada and get all file names/dir in the filesystem more efficient and quickly.
Solved! See The Solution
ONTAP does not store this information in a file. You'd have to query it via Powershell or via icacls.
Hi,
I'm not aware of a good way except of these two interfaces (perhaps also the same command via ZAPI/new ONTAP API).
The other things I would have try are:
1. to robocopy the folder-structure-only into a VM and try to run it locally (to avoid network latencies on the queries)
2. be sure to have small latency to AD and enough processing capacity on it as well
3. use filters on the get-acl to only include non-inherited permissions - so again you'll fewer queries to AD.
4. try to use another method to query the SMB. Maybe also try without translating the SIDs and doing it later based on your own index https://www.reddit.com/r/PowerShell/comments/69181h/getacl_is_looking_up_sids/
There's of-course commercial tools that generate folders audit and allow you to act on it. you can consider using their tools instead of developing your own. I also mentioned it as for my experience, Varonis for example do their scan via SMB, and it can take a day or two for a 10TB share to get scanned (on an AFF).
ONTAP does not store this information in a file. You'd have to query it via Powershell or via icacls.
But in large systems with millions of folders and files walking through all shares and subfolder is very slow process and difficult to keep in sync. Also you need a user than can browse all shares and folders and files that is quite difficult case.
Would be great if you can provide an api or file to get all through ontap.