SID HISTORY: Fixing file servers
File servers are easy thanks to Microsoft tool.
- Check version of PowerShell
echo $host
- If 2.0, as default on Win2008 R2 SP1, upgrade to 3.0 before proceeding
Windows6.1-KB2506143-x64.msu
http://www.microsoft.com/en-us/download/details.aspx?id=34595
- Prerequisite for PowerShell 3.0 is .NET 4.x
dotNetFx45_Full_setup.exe
http://go.microsoft.com/fwlink/?LinkID=242919
- Download the ZIP
http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Module-for-08769c67
- Fire up the PowerShell console ignoring script signing
- Don't forget "Run As Administrator" part...
powershell.exe -executionpolicy bypass
- Create the module folder (adjust Documents path if necessary):
New-Item -Type Directory -path "$home\Documents\WindowsPowerShell\Modules\SIDHistory"
- Copy contents of SIDHistory folder inside zip to following directory
- Clear "downloaded from internet" flag from files
- Check you don't end up with Modules\SIDHistory\SIDHistory\ structure
C:\Users\<username>\Documents\WindowsPowerShell\Modules\SIDHistory\
- Import modules, needed each time new powershell window is launched
Import-Module ActiveDirectory
Import-Module SIDHistory
- Create and change to project directory
md c:\temp
md c:\temp\sidhistory
cd c:\temp\sidhistory
- Generate report of current state
- Inspect resulting CSV files to determine status of SID history
- Keep copies of these files until you're sure migration is complete and any resulting problems are resolved
md before
cd before
Export-DomainSIDs
Export-SIDMapping
Update-SIDMapping
- Copy files created above to base dir
copy C:\temp\sidhistory\before\*.* c:\temp\sidhistory
- Check fileshares for directories with SID history
- This tool is not capable of checking individual files so you should do second scan after fixing all to ensure sidhistory is really gone
- make sure you add "-WhatIf" – unless you want to blindly attempt fixing problem
cd c:\temp\sidhistory
Convert-SIDHistoryNTFS \\fs01\c$ -WhatIf
Convert-SIDHistoryNTFS \\fs01\d$ -WhatIf
Export-SIDHistoryShare fs01
Convert-SIDHistoryNTFS \\fs02\c$ -WhatIf
Convert-SIDHistoryNTFS \\fs02\d$ -WhatIf
Export-SIDHistoryShare fs02
- Resulting files:
NTFS_SID_Translation_Report_xxx.csv will contain any files affected by SID history
NTFS_SID_Translation_Report_xxx.txt is complete log of process
NTFS_SID_Translation_Report_xxx_ERRORS.csv shows errors - this is unreliable unless running under PowerShell 3.0!
- Check version of PowerShell
echo $host
- If 2.0, as default on Win2008 R2 SP1, upgrade to 3.0 before proceeding
Windows6.1-KB2506143-x64.msu
http://www.microsoft.com/en-us/download/details.aspx?id=34595
- Prerequisite for PowerShell 3.0 is .NET 4.x
dotNetFx45_Full_setup.exe
http://go.microsoft.com/fwlink/?LinkID=242919
- Download the ZIP
http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Module-for-08769c67
- Fire up the PowerShell console ignoring script signing
- Don't forget "Run As Administrator" part...
powershell.exe -executionpolicy bypass
- Create the module folder (adjust Documents path if necessary):
New-Item -Type Directory -path "$home\Documents\WindowsPowerShell\Modules\SIDHistory"
- Copy contents of SIDHistory folder inside zip to following directory
- Clear "downloaded from internet" flag from files
- Check you don't end up with Modules\SIDHistory\SIDHistory\ structure
C:\Users\<username>\Documents\WindowsPowerShell\Modules\SIDHistory\
- Import modules, needed each time new powershell window is launched
Import-Module ActiveDirectory
Import-Module SIDHistory
- Create and change to project directory
md c:\temp
md c:\temp\sidhistory
cd c:\temp\sidhistory
- Generate report of current state
- Inspect resulting CSV files to determine status of SID history
- Keep copies of these files until you're sure migration is complete and any resulting problems are resolved
md before
cd before
Export-DomainSIDs
Export-SIDMapping
Update-SIDMapping
- Copy files created above to base dir
copy C:\temp\sidhistory\before\*.* c:\temp\sidhistory
- Check fileshares for directories with SID history
- This tool is not capable of checking individual files so you should do second scan after fixing all to ensure sidhistory is really gone
- make sure you add "-WhatIf" – unless you want to blindly attempt fixing problem
cd c:\temp\sidhistory
Convert-SIDHistoryNTFS \\fs01\c$ -WhatIf
Convert-SIDHistoryNTFS \\fs01\d$ -WhatIf
Export-SIDHistoryShare fs01
Convert-SIDHistoryNTFS \\fs02\c$ -WhatIf
Convert-SIDHistoryNTFS \\fs02\d$ -WhatIf
Export-SIDHistoryShare fs02
- Resulting files:
NTFS_SID_Translation_Report_xxx.csv will contain any files affected by SID history
NTFS_SID_Translation_Report_xxx.txt is complete log of process
NTFS_SID_Translation_Report_xxx_ERRORS.csv shows errors - this is unreliable unless running under PowerShell 3.0!
Comments
Post a Comment
Got something to say?!