General discussion

Locked

Restoring user accounts and permissions

By Blackcurrant ·
Hi

I am considering reformatting and reinstalling our domain controller which runs Win2k Server with Small Business Server 2k. The domain contains just the single domain controller, a Dell 2400 Poweredge.

I would like to make my job as easy as possible. I do not want to spend ages recreating user accounts so have exported a list of all users using the LDIFDE command to a .ldf file. After reinstallation will it be enough to use the LDIFDE command to import this file and restore all the user accounts? I've never used this feature and am not certain this will be enough.

My second question concerns permissions. As part of the reinstallation procedure I want to move all the company data off the two extra hard drives (SCSI) to network locations, then copy the the data back once the reinstallation has completed. I want to do this 1. just in case the reinstallation goes completely bonkers and the hardware needs to be reconfigured and 2. copying the data back will effectively defragment the data. I know how to copy the permissions with the data using the xcopy command, but I need to make sure that the Administrator account has permission to copy every single file and folder. So, is there a way I can determine that the Administrator account has full control over every single folder without manually examining each folder's security permissions?

I want to be able to minimise my time setting up the newly installed OS as much as possible. If I can get the user accounts restored and the company data restored retaining all permissions I will be very happy indeed.

As ever, I will be very pleased with any useful comments anyone has to offer about this plus anything else you think I should take into account.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by curlergirl In reply to Restoring user accounts a ...

What kind of backup software are you using? If you are using a good, reliable backup software with routine backups on a daily/weekly/monthly basis, AND if you are backing up the System State and System Volume Information every time you do a backup, as you should be, then....Why not simply do a couple of good, solid, tested full backups and use these to restore everything to your server once you have reformatted and reinstalled the OS and backup software? Backing up the System State with something like Backup Exec or Arcserve backs up all of your AD and registry info, so you wouldn't lose anything there, as well as your data, programs, etc. There are specific steps to be followed to restore AD, though, and you need to review these for whatever software you are using before you go ahead with this. Seeing as you apparently will be using exactly the same hardware, this would seem to me be the easiest way to do this.

Hope this helps!

Collapse -

by Blackcurrant In reply to

Well, thanks again for your input.

Collapse -

by Blackcurrant In reply to Restoring user accounts a ...

synergy/dlo: many thanks for your comments. We have GFS tape backups (Arcserve), which also include the system state and system volume information. Although this is a good route to go down, our server needs a completely fresh installation of the OS.

One thing I was wondering: does the LDIFDE command also export computer account information...

Collapse -

by sgt_shultz In reply to Restoring user accounts a ...

mind if i talk out loud (thru hat)?
you mean; you are worried, what if i copy my files off onto an external drive, then change my domain all to heck, will anybody have the rights to see what is on the external drive?? this is worth testing imho. you wonder this because if true is giant security hole blasting other carefully contrived complicated schemes all to heck, yes? 'no security without physical security' which there hardly ever is so why bother. but i digress...
try it. use robocopy or xcopy. copy to external usb or firewire. take home. hook to personal computer. see if can read it. you may simulate these conditions in the lab you set up to for this undertaking yes? because you are not doing this over a weekend, say, on top of hard drive/controller upgrade, flashing server BIOS, like that, right? (rdl)
wonder, you got iis and exchange and dns server to worry about also or just using file server and domain controller part of sbs2k. wonder: do you run AD and what kind of ous and stuff...
wonder how many gigs of data you are watching over...wonder what other functions snuck onto box, like antivirus server or ...
i use robocopy to copy files with permissions intact and i examine the log to see if any fail. xcopy would work same also i would think. you can run it in batch file as a Scheduled Task using any account/password you wish to test. examine log for errors.
i think you are right to be skeptical about how smoothly this might go. ;&gt
maybe easy way out is 'upgrade' or in your case sounds like 'migrate' (ie new hardware?) to next version. with free handholding from ms maybe...
you getting a new box or what?

Collapse -

by Blackcurrant In reply to

Thanks for answering.

Collapse -

by Blackcurrant In reply to Restoring user accounts a ...

sgt schultz: thank you for your comments. I am not concerned about anyone accessing the data once it has been copied to another machine. My main concern is being able to copy it off the server, reinstall the OS, then copy it back again - intact, with all permissions preserved.

The server is just a file server - that's it. It's not used for anything else - all apps are installed locally, and Terminal Services is configured for administration only.

The last time I reinstalled the OS the tasks that took the longest were creating the users and setting up file and folder permissions.

I want to be able to import all the user and computer accounts into the new AD (which shall have exactly the same name), using the LDIFDE command, and then copy the data back to the drives.

Thanks again for taking the time to answer my question

Collapse -

by Blackcurrant In reply to Restoring user accounts a ...

Does anyone else have any comments about this? Has anyone ever used the LDIFDE command before? If so, did it work as you expected it to?

Collapse -

by Blackcurrant In reply to Restoring user accounts a ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums