ADMT Security translatio​n and Mounted drives

27 views
Skip to first unread message

SAME7

unread,
Apr 1, 2011, 5:13:31 AM4/1/11
to
Hi,

We run file clusters whereby for specific drives the top-level folders
are empty folders and a separate LUN (e.g. 600GB) is mounted into
every separate empty folder. Hence these are large drives.
We have migrated all the users / groups to a new AD domain and now run
the Translate Security (ReACL) procedure on the file clusters.

ADMT runs against the physical nodes of the cluster. That works fine.
Security translation succeeds on the (regular) local devices, on the
(empty) top-level directories where the LUNS are mounted, but NOT on
the directories/files that are located on these LUNs. On the other
hand roaming profiles located on these LUNs are translated OK (but
these are direct paths to files (e.g. R:\<Empty folder>\Profiles\SAME7
in contrast to e.g R:\ which is the standard for Security
Translation).

It looks like ADMT works with enumeration of directories (and files)
of physical devices rather than 'virtual' (mount pointed) devices.

Does somebody know if ADMT Security Translation should work with mount
pointed volumes?
If so, what should we configure to have this work?

Included an extract of the Log file.
- We're running ADMT V3.1.
- Drives Q:\ and S:\ mounted by CLUSTERNODE2, hence the error shown.
- Drive R is the drive I'm referring to.
Tthe amount of files is obviously way larger than the approx. 60.000
files/dirs mentioned in the LOG file.

I hope someone can give me a direction.

Thanks, Simon

==================================================================================
[Settings Section]
Task: Security Translation (13929)
ADMT Console
User: TARGET\Admin
Computer: SERVERNAME.target.local (SERVERNAME)
Domain: target.local (DOMAIN)
OS: Windows Server (R) 2008 Enterprise without Hyper-V
6.0 (6002) Service Pack 2
Source Domain
Name: source.local (SOURCE)
DC: SOURCEDC.source.local (SOURCEDC)
OS: Windows Server 2003 5.2 (3790) Service Pack 2
OU:
Target Domain
Name: target.local (TARGET)
DC: TARGETDC.target.local (TARGETDC)
OS: Windows Server 2008 R2 Enterprise 6.1 (7600)
OU:
Translate Option: Replace
Translate Files: Yes
Translate Local Groups: Yes
Translate Printers: Yes
Translate Registry: Yes
Translate Rights: Yes
Translate Shares: Yes
Translate User Profiles: Yes
Perform Pre-check Only: No

[Agent Dispatch Section]
2011-03-27 21:36:00 Read 2619 accounts from the database that were
previously migrated from the domain 'source.local' to the domain
'target.local'.
2011-03-27 21:36:00 Created account input file for remote agents:
Accounts013929.txt
2011-03-27 21:36:00 Installing agent on 1 servers

2011-03-27 21:36:00 The Active Directory Migration Tool Agent will be
installed on CLUSTERNODE1.target.local
2011-03-27 21:36:06 Started job: CLUSTERNODE1.target.local
013929_CLUSTERNODE1 {<ID>}

Local Machine
Computer: CLUSTERNODE1.target.local (CLUSTERNODE1)
Domain: target.local (TARGET)
OS: Microsoft Windows Server 2003 R2 5.2 (3790)
Service Pack 2
2011-03-27 21:36:06 Starting Security Translator.
2011-03-27 21:36:06 Agent is running in local mode.
2011-03-27 21:36:06 Read 2576 accounts from C:\WINDOWS
\OnePointDomainAgent\Accounts013929.txt
2011-03-27 21:36:06 SecurityTranslation Files:Yes Shares:Yes
LGroups:Yes UserRights:Yes Printers:Yes Profiles:Yes RecycleBin:Yes
TranslationMode:Replace source.local target.local
2011-03-27 21:36:06 Starting
2011-03-27 21:36:06 Translating local machine.
2011-03-27 21:36:06 Processing C:\
2011-03-27 21:36:22 Processing recycle bin files and folders on C:\.
2011-03-27 21:36:22 Examining: <SID1>
2011-03-27 21:36:22 Examining: <SID2>
2011-03-27 21:36:22 Skipping D:\. D:\ is a CD-ROM drive.
2011-03-27 21:36:22 Skipping Q:\, rc=21 The device is not ready.
2011-03-27 21:36:22 Processing R:\
2011-03-27 21:36:22 Processing recycle bin files and folders on R:\.
2011-03-27 21:36:22 Examining: <SID1>
2011-03-27 21:36:22 Skipping S:\, rc=21 The device is not ready.
2011-03-27 21:36:22 Processing U:\
2011-03-27 21:36:22 Processing recycle bin files and folders on U:\.
2011-03-27 21:36:22 Examining: <SID2>
2011-03-27 21:36:22 Processing shares on local machine.
2011-03-27 21:36:22 Processing printer security...
2011-03-27 21:36:22 Translating local groups.
2011-03-27 21:36:22 Translating user rights.
2011-03-27 21:36:22 ADMT only performs user rights translation in
Append mode.
2011-03-27 21:36:22 Translating security on registry keys.
2011-03-27 21:36:44 This profile translation automatically switches
from replace mode to add mode if the user is currently logged on or if
the profile is in use for other reasons. In order to disable the
switching, you need to set the registry HKLM\Software\Microsoft\ADMT
\DisallowFallbackToAddInProfileTranslation (REG_DWORD) to 1 on the
ADMT machine.
2011-03-27 21:36:44 Translating user profile, source account='user1',
target account='user1'
2011-03-27 21:36:49 ERR2:7646 Unable to translate the class hive for
'user1. rc=3.
2011-03-27 21:36:54 ------Account Detail---------
2011-03-27 21:36:54 The account detail section uses the following
format: AccountName(OwnerChanges, GroupChanges, DaclChanges,
SaclChanges).
2011-03-27 21:36:54 user1 (57, 0, 1225, 0)
2011-03-27 21:36:54 -----------------------------
2011-03-27 21:36:54 985 users, 1591 groups
2011-03-27 21:36:54 2576 accounts selected. 2576 resolved, 0
unresolved.
2011-03-27 21:36:54 Examined Changed Unchanged
2011-03-27 21:36:54 Files 57140 48 57092
2011-03-27 21:36:54 Dirs 7188 108 7080
2011-03-27 21:36:54 Shares 52 0 52
2011-03-27 21:36:54 Members 19 0 19
2011-03-27 21:36:54 User Rights 78 0 78
2011-03-27 21:36:54 Exchange Objects 0
0 0
2011-03-27 21:36:54 Containers 0 0 0
2011-03-27 21:36:54 DACLs 200884 1863 199021
2011-03-27 21:36:54 SACLs 60 0 60
2011-03-27 21:36:54 Examined Changed No Target
Not Selected Unknown
2011-03-27 21:36:54 Owners 200884 171
200713 0 0
2011-03-27 21:36:54 Groups 200884 0
200884 0 0
2011-03-27 21:36:54 DACEs 1427524 3675
1423849 1423849 0
2011-03-27 21:36:54 SACEs 63 0
63 63 0
2011-03-27 21:36:54 Wrote result file C:\WINDOWS\OnePointDomainAgent
\013929_CLUSTERNODE1.result
2011-03-27 21:36:54 Operation completed.

Reply all
Reply to author
Forward
0 new messages