I appreciate your help and advice on the below question.
we have two domains before for example domain A and B, we cut the two way trust for A & B and NetApp currently on domain A so after cut the two way trust Administrator account was show on all folders and subfolders disappeared and they created for us new account to manger folders/subfolders but this account cant access the folders with disabled inherits. we added the account in NetApp OnCommand System Manager under administrator but not take effect.
is there any command to apply the account on all folder/subfolders even if disabled inherit.
the NTFS permissions are the ones taking place, hence the default and best practice is to have the local administrators group set on all folder - and not a domain based group. There's a few ways to workaround this.
1) use the backup operator functionality to take files out with tools that know tu utilize it (such robocopy).
2) user-mapping, from your existing user to pretend to be another.
3) take ownership on the files, and add the required security group (painful, there's some scripts that can help - but they far from perfect).
TQVM for your reply. how to make the local administrator reflect all folders & subfolders ? because I tried to add a user in NetApp OnCommand System Manager and it's not reflected for all folders & subfolders. for example, if i add username "ahmed" in NetApp OnCommand System Manager when i go to my computer and check the share folder security permission not found "ahmed" in my folders & subfolders.
The added permission in system manager is for the share level, the file system permission (NTFS) is separate, and need to be changed from a windows client. There's some messy ways to change it via a GPO or scripts and let the filer propagate it down - but I'd not recommend going to that route.
Note: This process is not the recommended method for NTFS ACL management. It is recommended to use the Windows 'Security' tab whenever possible. This process should be used when NTFS ACL management is not available via Windows.