We are moving from one domain to another and it seems to take a lot of time to add permissions to special folders on shared folders to new users.
(We use AD-migrate to transfer the users.)
Is there any way to transfer all folder permissions from the user in the old domain to the new user in the new domain using powershell or anything else?
Related
I am very new to AD and to powershell and I can't quite figure this out.
Lets suppose I have this folder "\\server\Departament\ExampleFolder" and I don't have any permissions to read, I can't even see who the owner is. Get-Acl returns me an error UnauthorizedAccessException because well, I don't have any permission to do so.
I need to create a script that finds the owner of this folder and sends a email asking for access permissions.
My question is this: There is anyway I can find the folder owner using AD without having any permission to the folder?
The owner it's in the same ad domain as me (at least it should be)
The answer is no.
If you look at the NTFS File Permissions table, you will need at least the Special Permission: Read Permissions privilege in order to read the permissions including folder ownership. If you don't have the general Read permissions or Special Permission: Read Permissions privilege, then you can't see folder ownership at all.
There is no way around it or tricks... because security is... well... security and that's how it works.
you must first take ownership to see who has access, although overwriting means you will never who used to have ownership. if you are the network admin administering access to these files then you can click on change, navigate to the location of that server admin, and apply, then push down to all child objects (NOTE do not push the NTFS permissions JUST the owner)
i do believe that MS should allow you to view owner of a folder even without read, but not the full permissions list or of course, no files. but allowing you to view owner means you could then ask that owner for access without any security breaches to the files themselves
We have a requirement to create new AD users through perl using NET::LDAPS.
The new user needs to be a copy of an existing user.
On the Active Directory GUI (dsa.msc), we would simply select the existing user and create a copy with new username and details. This copies all attributes including groups the user is a member of.
Is there similar code using LDAP that would copy all attributes of an existing user into a new user(including groups).
Alternatively, do we need to first create the AD user and then add the user to existing groups. In this case, how do we find out the groups that the existing user is a member of?
No, you have to update the directory manually. Keep in mind that perl-ldap is a library for the protocol LDAP and not for Active Directory which is just one application for LDAP.
And, by the way, it's Net::LDAPS, not Net::LDAP. The latter will only work on case-insensitive file systems.
I am using the cPanel "Account Level Filtering" functionality to block incoming mail from spamming servers and email addresses. Throughout the years I have created an extensive list of rules to block specific spammers.
I would like to know if there is a way to export the "Account Level Filtering" rules and have a backup file of them.
I also wonder if it's possible to import the filtering rules to a cPanel account (through WHM or terminal) instead of adding them one by one manually through cPanel.
/etc/vfilters/domain.com contains all your account level filters. You can make a copy of that. If you do not have root access to the server, ask your hosting company to provide you with a copy of this file.
It is possible to backup and restore email forwarders configuration and email filters configuration using 'Backup Wizard' tool available in main cPanel menu.
I had the same problem and wanted to share some fairly extensive Global Email Filters to various websites instead of replicating all the filter rules manually, which would take days. Using the Backup wizard did not work for this: when I imported the email filter files into another website it generated a user incompatibility error.
Instead, I logged into cpanel on the original website:
I opened file manager.
Then I opened the folder: .cpanel
(If you can't see this folder, click on settings then check the box next to 'Show Hidden Files (dotfiles)' and click Save).
Then I downloaded these two files:
filter.cache
filter.yaml
then uploaded those two files to the same location in the cpanel of the new websites.
Note: I had not created ANY spam filters in the new (recipient) websites so the new files were a clean upload, not an over-write of previous files. If you have already created spam filters in the recipient site, then uploading the files saved from the donor site will overwrite them.
i got tasked with decommissioning an old file server.
so now i would like to move user files from it to another server.
however i need to change the user's home drive without logging them off (desktops in locked state).
a few assumptions can be made for the of this question.
1)i know the user's computer name
2)the user does not have any files in a locked/open state
3)i have powershell v4
4)i have access over AD
5)i do not have the user's password
an idea i had was to try and make a credential object based on a user's AD entry and then use New-PSDrive to make a persistent remap of the drive. i don't need to see a user's clear-text password if i can make a credential object from an encrypted password.
might i be on the right track or did i derail somewhere?
It's usually much easier to make the new server answer to multiple netbios names so the old drive mappings still work with the new server.
http://windowsitpro.com/networking/how-can-i-define-multiple-netbios-names-machine
I have a cpanel account with multiple addon domains. I am in the process of moving every website to its own cpanel account.
I have email set up on the addon domains and before I go and move the files and the database over to the new account, I want to make sure that their emails move over as well.
I don't want the users to have to change their passwords, lose any email, etc. I have a couple clients that have dozens of email accounts attached to them, and they cannot afford to lose anything or change passwords.
I believe I can assist you. I suggest you create a test/fake domain to test! You can use your hosts file to point to a fake domain at your cpanel server!
Lets get started:
I have a cpanel account with multiple addon domains.
This means each addon domain have a folder in the main user account!
/home/main_user/addon_domain.tld
I am in the process of moving every website to it's own cpanel account.
I guess you will create a new account for each addon addon_domain.tld
and move to /home/New_addon_domain_username/public_html
I have email set up on the addon domains and before I go and move the files and the #database over to the new account, I want to make sure that their emails move over as well.
For the databases there are 2 cases! We can get back to that later.
For the email accounts, the solution may not be as hard as you think, and the users can keep there emails. Better, they will not notice any changes. All you need to know is this:
1- DATA
emails data is stored at /home/main_user/mail, you can copy those folders and sym-links for and in the separated accounts your create
There you can run the command "ls -l" and you will get it. (if not paste the results here)
2- Authentication, user/password
This can be found at /home/main_user/etc , take note they're hidden files (ls -a)
the files are .passwd and .shadow
I believe that in /home/main_user/etc you will find a unique folder for each addon_domain
which will contain both of .passwd and .shadow
I don't want the users to have to change their passwords, lose any email, etc. I have a
couple clients that have dozens of email accounts attached to them, and they cannot afford
to lose anything or change passwords.
I've done this zillions of time, the users keep the same account and password.
As I suggested, before you start, try with a test domain! Or at least create a test mail account to know where the data goes (/home.../mail) and the password auth goes (/home/.../etc)
Careful, you can not have the same mail account in 2 cpanel accounts. If you move it to a new one, you have to delete it from the previous one.