File Server Migration: Windows Server 2008R2 to Windows Server 2019


 

Scenario:

 

We have a File Server on Windows Server 2008R2 . The File Server has several departmental shares & it is accessed by the department user only. But among them few have RW (Read & Write) permission, rest have only R (Read) permission. Also every dept. share have disk quota & every authorized user has their shared folder mapped as a network drive in their Windows Explorer.

In my environment, I have implemented the procedure for 15 different departmental share folders accessing different departments consist of 10-30 users each dept & each shared folder volume is 100 GB to 500GB.

Challenges:

1.      Migrated Share Folders must have the same level of permission as on W2008 Server.

2.       Several Disk quota templates need to export to new W2019 to minimized the effort.

 Users should be transparent to this migration & their access to the shared folder must be flowless – that meant users just click on the mapped NW drive and access the shared folders as before

Before Activity: 

1.    Create different Security Group for each shared folder, it'll ease to manage users those are accessing share folders.

2.    Create GPO of Mapped Network Drive with Item Level Targeting (based on Security Group) – that makes shortcuts for every authorized user to get access to their respective shared folder.

3.    Here we use the Robocopy command to transfer shared folders from the W2008 server to W2019 Server. Robocopy intact the shared folder's group membership & permission. You need to use a different switch to achieve this. Keep the command handy.

 Robocopy <Source>  <Destination> /E /ZB /COPYALL /R:3 /W:3 /V

    /E: Copy subdirectory including empty one.

 /ZB:  Use restartable mode, if access denied, use Backup mode. That means, if the connectivity between source & destination is not stable, robocopy restart the copy in case of any data corruption.

/COPYALL : Copy all file information- Data (D),Attribute(A), Timestamp(T),ACLs(S), Owner info(O) & Audinting info(U) [DATSOU]

/R:3: Retry 3 times

/W:3: wait times between retries – 3 seconds

/V: Verbose output- Details output log 

Procedure: 

 1.    Create a Server (REDAD02/Windows Server 2019) with latest OS & add “File Server” & “File Server Resource Manager” roles.

Pix-01: Installing File Server Role

2.    Export Disk Quota Template from the old server (REDAD01/Windows Server 2008R2) to the new server

 

Pix-02: Disk Quota

 Export the existing Diskquota in *.xml format :

 dirquota template export /file:C:\Diskquota_old.xml       

 Copy the Diskquota_old.xml file to the C: drive of new File Server          (REDAD02)

 

Pix-03: Export Quota Template

Import the Diskqota to REDAD02

dirquota template import /file:C:\ Diskquota_old.xml

Pix-04: Import Quota Template

Now all Quota Templates are imported into new File Server

 3. Copy Share Folders from old Server (REDAD01) to new Server (REDAD02) through Robocopy. We start with the F&A_Data share folder. Run the command from REDAD02 in Powershell. I am keeping both the source & destination share folder the same name. Apply the same for other share folders.

Robocopy "\\10.10.10.30\F&A_Data" "D:\F&A_DATA" /E /ZB /COPYALL /R:3 /W:3 /V.

Check the folder at destination & found that all the ACL are copied & its share is not enabled.

 

Pix-05: Robocopy - Transfer File from Old to New Server

4.    We can do either manually enable the share or import & merge the registry setting of the old server into the new server. After registry merging, RESTART the server is a must.

       Registry path : H_L_M\System\CurrentControlSet\Services\Lanmanserver\Shares

     Also remember, if there is any change of disk drive letter or path between       source & destination, the same need to modify in the registry.

 

Pix-06- Registry Entry for Share Folder

5.    Enable Disk Quota: Open File Server Resource Manager in REDAD02(W2019) > Quota Management > Quota > Create Quota & apply the respective imported quota templates for each folder.

 6. Change in GPO: We use the "Item-Level Targeting" GPO to create an NW        drive/shortcut for            users.

 HOW TO:

Create a GPO >  Edit > User Configuration > Prefernences > Drive Maps > New Mapped Drive 

General Tab

Action: Create (for creating new mapped NW drive)

Location: Share Folder Location, always use UNC path

Label as: The NW drive shows as; Drive Letter: Assign a drive letter for the mapped drive. For configuring multiple share folder fo different users/groups, always define the drive letter clearly, otherwise, it'll mess up.

 

Pix-07 : General Tab- Item-level Targeting

 

Common Tab

Check Item-level Targeting >Click on Targeting > New Item > Security Group > Select the respective group to  access the shared folder under Group > OK

 Apply the GPO either Domain Level or to the OU, where all users are located. The users may be spread across the different dept, location, or function, in that case, it is better to apply the policy at the domain level. Item-level Targeting is the feature, where we can use a GPO based on Security Group, rather OU.

                     

 Pix-08 : Common Tab- Item-level Targeting

 

Pix-09: Security Group Selection: Item-level Targeting

 After changing the share folder location from the old server (REDAD01/10.10.10.30), we need to modify the existing Item-level Targeting GPO.

      Action: Replace

Location: New UNC path for the shared folder.

Pix-10: Changes: Item-level Targeting for New Server

7.    Ask the user to restart the system to reflect the change in GPO.

 _________________________________________________________

N1: Share permission tells who has access & who doesn’t have. NTFS permission tells, what user can & can't do after accessing the shared folder. The effective permission for Share+NTFS is most restrictive. i.e. If Share permission is Full Control & NTFS permission is Read. Effective permission is Read.  

N2: To check the target server of mapped NW drive - net use command.

 

Pix-11: Net use command

Comments

  1. AnonymousMonday, January 24, 2022

    Can this not be done using Storage Migration Service instead?

    ReplyDelete

Post a Comment

Thank you.

Popular posts from this blog

Google Chrome Bookmark & Homepage through GPO

Image
Goals: We need to create a GPO for Google Chrome Bookmarks & home page/landing page. Under the bookmarks, few URLs would be there. It will be easy for users to access these url/site. Also by home page – most useful/frequently open site can be set, so that when user open Google chrome, the page will be displayed first. Gyan: All policy setting for Group Policy Management Console are not readily available. Sometime to manipulate group policy settings for higher version OS (i.e. Screensaver for Windows 10) or third party application (i.e. Google Chrome),we need to download group policy setting supported files – admx (policy settings) along with adml (language suppot). Both files are stored into central storage repository, known as “ Central Store ”. For higher Windows it is “ PolicyDefinitions” – automaticall created when a DC built under C:\Windows\ Process: Incorporate Chrome GPO templates:         1.       To manage...
Read more

DNS Server IP Address change in Client Systems through Group Policy

Image
  Scenario: Recently our network team, restructure IP segments & it is recommended to change the IP address of our DNS server. It is an AD integrated DNS server & around 1000 desktops & laptops are in the network – all have static IP addresses. We need to change the DNS IP for all the systems. Procedure: We can change the DNS IP through Group Policy with the help of a simple *.bat file. We will apply the GPO in Startup as Computer base policy. But here tricky part is, we need run the batch file in "Run as Administrator" mode. Most of the Computer-based Startup GPO is not run in normal mode. The batch file as below, suppose it name DNSIP_Change.bat   :   Replace your DNS Server “ set dnsserver=X.X.X.X ” @echo off set dnsserver=10.10.10.31 set dnsserver2=10.10.10.30 for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (   if %%i EQU Enabled (   rem echo change "%%l" : %dnsserver%   netsh interface ...
Read more