Mailing List Archive: Copying NTFS Data with Orphaned SIDs

Copying NTFS Data with Orphaned SIDs

Sep 12, 2018, 6:29 AM

Post #1 of 4 (920 views)

Hi

We?re migrating some data from Windows file servers to CIFS shares on a 9.1p13 cluster (NTFS security style on the vols). We?re getting errors on some files and folders using Robocopy and the common thread seems to be objects with orphaned SIDs for the owner or DACL entries. We?ve tried other tools with the same results. Robocopy to another Windows file share works fine.

Has anyone else seen this behaviour? We?re assuming that the CIFS server is stopping the copy because it can?t resolve the SID. Is there any way to control that behaviour and just wrtie the DACL with the unresolved SID?

Thanks
Steve

Re: Copying NTFS Data with Orphaned SIDs [ In reply to ]

basilberntsen at gmail

Sep 12, 2018, 9:10 AM

Post #2 of 4 (919 views)

Permalink

Is the sid actually unresolvable?

On Wed, Sep 12, 2018 at 9:33 AM Stephen Stocke <scstocke@gmail.com> wrote:

> Hi
>
> We’re migrating some data from Windows file servers to CIFS shares on a
> 9.1p13 cluster (NTFS security style on the vols). We’re getting errors on
> some files and folders using Robocopy and the common thread seems to be
> objects with orphaned SIDs for the owner or DACL entries. We’ve tried other
> tools with the same results. Robocopy to another Windows file share works
> fine.
>
> Has anyone else seen this behaviour? We’re assuming that the CIFS server
> is stopping the copy because it can’t resolve the SID. Is there any way to
> control that behaviour and just wrtie the DACL with the unresolved SID?
>
> Thanks
> Steve
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>

Re: Copying NTFS Data with Orphaned SIDs [ In reply to ]

scstocke at gmail

Sep 12, 2018, 9:21 AM

Post #3 of 4 (919 views)

Permalink

Yes, these are SIDs from deleted users. Usually when some folder has been setup so that Creator/Owner is assigned rights. When the user that created the file/folder leaves, and their account is deleted, the ACE with the unresolved SID remains. It seems that when Robocopy tries to copy the DACL for the file/folder, the filer doesn?t accept it because the SID cannot be resolved. (Speculation based on what we are observing.)

We?re running a separate project to clean these orphaned SIDs up but would like to get the data migrated in the interim ?as-is? if possible.

Get Outlook for iOS<https://aka.ms/o0ukef>

________________________________
From: Basil <basilberntsen@gmail.com>
Sent: Wednesday, September 12, 2018 5:11 pm
To: Stephen Stocke
Cc: toasters@teaparty.net
Subject: Re: Copying NTFS Data with Orphaned SIDs

Is the sid actually unresolvable?

On Wed, Sep 12, 2018 at 9:33 AM Stephen Stocke <scstocke@gmail.com<mailto:scstocke@gmail.com>> wrote:
Hi

We?re migrating some data from Windows file servers to CIFS shares on a 9.1p13 cluster (NTFS security style on the vols). We?re getting errors on some files and folders using Robocopy and the common thread seems to be objects with orphaned SIDs for the owner or DACL entries. We?ve tried other tools with the same results. Robocopy to another Windows file share works fine.

Has anyone else seen this behaviour? We?re assuming that the CIFS server is stopping the copy because it can?t resolve the SID. Is there any way to control that behaviour and just wrtie the DACL with the unresolved SID?

Thanks
Steve
_______________________________________________
Toasters mailing list
Toasters@teaparty.net<mailto:Toasters@teaparty.net>
http://www.teaparty.net/mailman/listinfo/toasters

Re: Copying NTFS Data with Orphaned SIDs [ In reply to ]

Steve.Klise at wwt

Sep 12, 2018, 9:32 AM

Post #4 of 4 (919 views)

Permalink

You may have to reset the security.. Are you using /copyall option? If not, that may work. I usually used that in the past as it copies the security, as well as the owner of the file.

From: <toasters-bounces@teaparty.net> on behalf of Stephen Stocke <scstocke@gmail.com>
Date: Wednesday, September 12, 2018 at 9:29 AM
To: Basil <basilberntsen@gmail.com>
Cc: "toasters@teaparty.net" <toasters@teaparty.net>
Subject: Re: Copying NTFS Data with Orphaned SIDs

Yes, these are SIDs from deleted users. Usually when some folder has been setup so that Creator/Owner is assigned rights. When the user that created the file/folder leaves, and their account is deleted, the ACE with the unresolved SID remains. It seems that when Robocopy tries to copy the DACL for the file/folder, the filer doesn’t accept it because the SID cannot be resolved. (Speculation based on what we are observing.)

We’re running a separate project to clean these orphaned SIDs up but would like to get the data migrated in the interim ‘as-is’ if possible.

Get Outlook for iOS<https://aka.ms/o0ukef>

________________________________
From: Basil <basilberntsen@gmail.com>
Sent: Wednesday, September 12, 2018 5:11 pm
To: Stephen Stocke
Cc: toasters@teaparty.net
Subject: Re: Copying NTFS Data with Orphaned SIDs

Is the sid actually unresolvable?

On Wed, Sep 12, 2018 at 9:33 AM Stephen Stocke <scstocke@gmail.com<mailto:scstocke@gmail.com>> wrote:
Hi

We’re migrating some data from Windows file servers to CIFS shares on a 9.1p13 cluster (NTFS security style on the vols). We’re getting errors on some files and folders using Robocopy and the common thread seems to be objects with orphaned SIDs for the owner or DACL entries. We’ve tried other tools with the same results. Robocopy to another Windows file share works fine.

Has anyone else seen this behaviour? We’re assuming that the CIFS server is stopping the copy because it can’t resolve the SID. Is there any way to control that behaviour and just wrtie the DACL with the unresolved SID?

Thanks
Steve
_______________________________________________
Toasters mailing list
Toasters@teaparty.net<mailto:Toasters@teaparty.net>
http://www.teaparty.net/mailman/listinfo/toasters