Announcement

Collapse
No announcement yet.

Novell Trustee ACLs to NTFS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Novell Trustee ACLs to NTFS

    Good afternoon,

    I have a list of ACLs on a bunch of folders that are now hosted on Novell and that will be moved to Windows/AD/NTFS.

    Has anyone made a script to re-assign ACLs?

    My folder has the novell Username, permissions (ie RWCEMF), workgroup, CN

    AND I added a column with the Active Directory CN corresponding to that user.

    I could easily do a find and replace in Excel for the permissions, but I was wondering, what tool would you guys use to then apply it?

    Xcacls, icacls, subinacl, other..? Which one is the best to work with CSV files?

    Thank you!
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: Novell Trustee ACLs to NTFS

    I'm in the middle of a similar project. Since the list of permissions on Novell side are different form the Microsoft side, I looked for some tools to do it. Quest is one of the best. It's high price and problems with Hebrew (despite my request, a lot of users named their files and folders with Hebrew names) were the facts that got me to the decision to do it by myself.
    Next step is to get the list of permissions with TLIST (on the Novell side) and see how they can be translated to something CACLS can understand and process.
    Do you have a mechanism of translating permissions from one to another?

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: Novell Trustee ACLs to NTFS

      Find and replace in Excel

      I am trying something with a CSV and xcacls, since my CN in Novell is the same as my AD username.

      I don't think I can use tools like quest and Microsoft's FMU as I am not migrating users - they already exist in the AD due to using Microsoft Exchange before the Novell migration..
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: Novell Trustee ACLs to NTFS

        This is my set-up also: only two or three out of 150 usernames are different in AD and NDS. And the reason is the same: Exchange
        From what you're describing, you're slightly ahead of me in your project, so except sharing with you my thoughts so far, cannot assist much.
        Have you spoke with experts? I contacted Microsoft Israel and they gave me few names of guys that can assist in this matter (not free, of course). I am doing the project with one of them (a great guy I knew even before that).
        Good luck, and keep me posted

        Sorin Solomon


        In order to succeed, your desire for success should be greater than your fear of failure.
        -

        Comment


        • #5
          Re: Novell Trustee ACLs to NTFS

          I have not contacted any experts as this is a case of "has to be done for Monday. What? There's 3 days left!"
          VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

          Comment


          • #6
            Re: Novell Trustee ACLs to NTFS

            Dude, this is no project to do in three days ... But I am certain you know that...
            Do you have to migrate printers also?

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: Novell Trustee ACLs to NTFS

              No. The only thing that is getting migrated this weekend is some files (about 60gigs) - the users already exist in Windows as well.

              For now I just used Excel to concatenate the commands . Made a list of the paths, rights from Novell, rights to use with xcacls, and username. Concatenated together..

              It seems to work well except that xcacls.exe is a piece of crap, and xcacls.vbs doesn't seem to like the type of share the files are on
              Subinacl doesn't work on DFS paths..and the machines I am connected to run W2k3 sp1 so I don't think I can use icacls !

              Will try with setacl..
              Last edited by gepeto; 12th April 2008, 18:05. Reason: Forgot about subinacl
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

              Comment


              • #8
                Re: Novell Trustee ACLs to NTFS

                I'm keeping my fingers crossed for you...

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment


                • #9
                  Re: Novell Trustee ACLs to NTFS

                  Ok so this was my temporary solution:
                  Using Excel
                  =CONCATENER("xcacls ";""""; B2;"""";" /G ";E2;":";D2;" /E")

                  B2 being the Windows Path, E2 being the domain\username, d2 being the rights (for example, RC, or F). Always /E to edit.

                  Then, I went to every folder where I applied security (at least there was a LOT of rights on a few folders....a lot of access set by users ) , and got an error about the order of permissions.
                  After click Ok, and clicking OK on the Properties screen, the inheritance bit was reset on subfolders and everything looks fine.

                  I have to do the same thing again next weekend on a much bigger set of files. I'll try to have a dedicated Win2003 sp2 box where I can install and play with icacls instead of that stupid xcacls.
                  VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                  Comment


                  • #10
                    Re: Novell Trustee ACLs to NTFS

                    Well everything went live relatively smoothly this morning. The only issue was (and still is for remaining file servers to migrate) that a lot of users have access to subfolders but not to a folder on top of it. With bypass traverse checking on, they can go to the direct link but that is not really an option..

                    With ABE, they don't even see the folders unless I grant them list folder content on the top folder, which is quite annoying, but hey, can't have everything go perfect in such a short amount of time can you
                    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                    Comment

                    Working...
                    X