ADMT Security translation and Mounted drives

Discussion in 'Server Migration' started by SAME7, Apr 1, 2011.

  1. SAME7

    SAME7 Guest

    Hi,

    We run file clusters whereby for specific drives the top-level folders
    are empty folders and a separate LUN (e.g. 600GB) is mounted into
    every separate empty folder. Hence these are large drives.
    We have migrated all the users / groups to a new AD domain and now run
    the Translate Security (ReACL) procedure on the file clusters.

    ADMT runs against the physical nodes of the cluster. That works fine.
    Security translation succeeds on the (regular) local devices, on the
    (empty) top-level directories where the LUNS are mounted, but NOT on
    the directories/files that are located on these LUNs. On the other
    hand roaming profiles located on these LUNs are translated OK (but
    these are direct paths to files (e.g. R:\<Empty folder>\Profiles\SAME7
    in contrast to e.g R:\ which is the standard for Security
    Translation).

    It looks like ADMT works with enumeration of directories (and files)
    of physical devices rather than 'virtual' (mount pointed) devices.

    Does somebody know if ADMT Security Translation should work with mount
    pointed volumes?
    If so, what should we configure to have this work?

    Included an extract of the Log file.
    - We're running ADMT V3.1.
    - Drives Q:\ and S:\ mounted by CLUSTERNODE2, hence the error shown.
    - Drive R is the drive I'm referring to.
    Tthe amount of files is obviously way larger than the approx. 60.000
    files/dirs mentioned in the LOG file.

    I hope someone can give me a direction.

    Thanks, Simon

    ==================================================================================
    [Settings Section]
    Task: Security Translation (13929)
    ADMT Console
    User: TARGET\Admin
    Computer: SERVER.target.local (SERVERNAME)
    Domain: target.local (DOMAIN)
    OS: Windows Server (R) 2008 Enterprise without Hyper-V
    6.0 (6002) Service Pack 2
    Source Domain
    Name: source.local (SOURCE)
    DC: SOURCEDC.source.local (SOURCEDC)
    OS: Windows Server 2003 5.2 (3790) Service Pack 2
    OU:
    Target Domain
    Name: target.local (TARGET)
    DC: TARGETDC.target.local (TARGETDC)
    OS: Windows Server 2008 R2 Enterprise 6.1 (7600)
    OU:
    Translate Option: Replace
    Translate Files: Yes
    Translate Local Groups: Yes
    Translate Printers: Yes
    Translate Registry: Yes
    Translate Rights: Yes
    Translate Shares: Yes
    Translate User Profiles: Yes
    Perform Pre-check Only: No

    [Agent Dispatch Section]
    2011-03-27 21:36:00 Read 2619 accounts from the database that were
    previously migrated from the domain 'source.local' to the domain
    'target.local'.
    2011-03-27 21:36:00 Created account input file for remote agents:
    Accounts013929.txt
    2011-03-27 21:36:00 Installing agent on 1 servers

    2011-03-27 21:36:00 The Active Directory Migration Tool Agent will be
    installed on CLUSTERNODE1.target.local
    2011-03-27 21:36:06 Started job: CLUSTERNODE1.target.local
    013929_CLUSTERNODE1 {C1BA4851-743D-44D3-B518-03989BF24EE7}

    Local Machine
    Computer: CLUSTERNODE1.target.local (CLUSTERNODE1)
    Domain: target.local (TARGET)
    OS: Microsoft Windows Server 2003 R2 5.2 (3790)
    Service Pack 2
    2011-03-27 21:36:06 Starting Security Translator.
    2011-03-27 21:36:06 Agent is running in local mode.
    2011-03-27 21:36:06 Read 2576 accounts from C:\WINDOWS
    \OnePointDomainAgent\Accounts013929.txt
    2011-03-27 21:36:06 SecurityTranslation Files:Yes Shares:Yes
    LGroups:Yes UserRights:Yes Printers:Yes Profiles:Yes RecycleBin:Yes
    TranslationMode:Replace source.local target.local
    2011-03-27 21:36:06 Starting
    2011-03-27 21:36:06 Translating local machine.
    2011-03-27 21:36:06 Processing C:\
    2011-03-27 21:36:22 Processing recycle bin files and folders on C:\.
    2011-03-27 21:36:22 Examining:
    S-1-5-21-2254238798-4234077233-4291773775-8077
    2011-03-27 21:36:22 Examining:
    S-1-5-21-3867537104-1380435035-1600698725-500
    2011-03-27 21:36:22 Skipping D:\. D:\ is a CD-ROM drive.
    2011-03-27 21:36:22 Skipping Q:\, rc=21 The device is not ready.
    2011-03-27 21:36:22 Processing R:\
    2011-03-27 21:36:22 Processing recycle bin files and folders on R:\.
    2011-03-27 21:36:22 Examining:
    S-1-5-21-2254238798-4234077233-4291773775-8077
    2011-03-27 21:36:22 Skipping S:\, rc=21 The device is not ready.
    2011-03-27 21:36:22 Processing U:\
    2011-03-27 21:36:22 Processing recycle bin files and folders on U:\.
    2011-03-27 21:36:22 Examining:
    S-1-5-21-2254238798-4234077233-4291773775-8077
    2011-03-27 21:36:22 Processing shares on local machine.
    2011-03-27 21:36:22 Processing printer security...
    2011-03-27 21:36:22 Translating local groups.
    2011-03-27 21:36:22 Translating user rights.
    2011-03-27 21:36:22 ADMT only performs user rights translation in
    Append mode.
    2011-03-27 21:36:22 Translating security on registry keys.
    2011-03-27 21:36:44 This profile translation automatically switches
    from replace mode to add mode if the user is currently logged on or if
    the profile is in use for other reasons. In order to disable the
    switching, you need to set the registry HKLM\Software\Microsoft\ADMT
    \DisallowFallbackToAddInProfileTranslation (REG_DWORD) to 1 on the
    ADMT machine.
    2011-03-27 21:36:44 Translating user profile, source account='user',
    target account='user1'
    2011-03-27 21:36:49 ERR2:7646 Unable to translate the class hive for
    'kbamford'. rc=3.
    2011-03-27 21:36:54 ------Account Detail---------
    2011-03-27 21:36:54 The account detail section uses the following
    format: AccountName(OwnerChanges, GroupChanges, DaclChanges,
    SaclChanges).
    2011-03-27 21:36:54 user1 (57, 0, 1225, 0)
    2011-03-27 21:36:54 -----------------------------
    2011-03-27 21:36:54 985 users, 1591 groups
    2011-03-27 21:36:54 2576 accounts selected. 2576 resolved, 0
    unresolved.
    2011-03-27 21:36:54 Examined Changed Unchanged
    2011-03-27 21:36:54 Files 57140 48 57092
    2011-03-27 21:36:54 Dirs 7188 108 7080
    2011-03-27 21:36:54 Shares 52 0 52
    2011-03-27 21:36:54 Members 19 0 19
    2011-03-27 21:36:54 User Rights 78 0 78
    2011-03-27 21:36:54 Exchange Objects 0
    0 0
    2011-03-27 21:36:54 Containers 0 0 0
    2011-03-27 21:36:54 DACLs 200884 1863 199021
    2011-03-27 21:36:54 SACLs 60 0 60
    2011-03-27 21:36:54 Examined Changed No Target
    Not Selected Unknown
    2011-03-27 21:36:54 Owners 200884 171
    200713 0 0
    2011-03-27 21:36:54 Groups 200884 0
    200884 0 0
    2011-03-27 21:36:54 DACEs 1427524 3675
    1423849 1423849 0
    2011-03-27 21:36:54 SACEs 63 0
    63 63 0
    2011-03-27 21:36:54 Wrote result file C:\WINDOWS\OnePointDomainAgent
    \013929_AMS2PC2001.result
    2011-03-27 21:36:54 Operation completed.
     
    SAME7, Apr 1, 2011
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.