Fix acl on copied data

lee roberts 186 Reputation points
2021-08-19T17:01:43.443+00:00

I have recently migrated a domain. As part of the migration we created a trust and the copied the users & security groups from that domain to out AD. Today we got a copy of the shared data. This data included all the old ACL’s. Unfortunately these ACLs still relate to the old domain. I’ve been trying to change these using get-acl / set-acl but I’m having no luck. I was wondering if anyone had a script that can do this?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,178 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,381 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. lee roberts 186 Reputation points
    2021-08-19T17:03:58.593+00:00

    This is what I have currently that display the permissions, but where i go from here is beyond my unfortunately 

    $FolderPath = Get-ChildItem -Directory -Path "FilePath" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
    $Acl = Get-Acl -Path $Folder.FullName
    ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Output += New-Object -TypeName PSObject -Property $Properties            
}
}
$Output | Out-GridView
  2. MotoX80 31,976 Reputation points
    2021-08-20T01:47:04.337+00:00

    The subinacl utility from the old Win2003 Resource Kit has a /replace switch which I used on Win10 to replace one local group with another. 

    subinacl /subdirectories c:\temp\foo1\ /replace="Netmon Users"="IIS_IUSRS"

    It also has some domain migration switches, but I no longer have access to an AD domain to test with. 

    /action      :  
    /replace=[DomainName\]OldAccount=[DomainName\]New_Account  
    /accountmigration=[DomainName\]OldAccount=[DomainName\]New_Account  
    /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]

    I have SubInAcl version 5.2.3790.1180, but I don't remember where I got it from. I looked for it on MS's download site but I can't find it.

    I found this link, but I don't know if I trust it. If you download it, I'd recommend doing it in a sandbox environment and scan for malware. And definitely test it on some sample folders before you touch your main data.

    https://windows-resource-kit-tools-subinacl-exe.software.informer.com/

    @Rich Matheisen any help with subinacl?

  3. MotoX80 31,976 Reputation points
    2021-08-23T12:57:24.243+00:00

    Did subinacl work or are you still looking for a script?

    0 comments