Wednesday, March 7, 2012

My Foray in Moving Disabled AD Accounts & Home Folder Directories Part 2

Last Friday I began with my plan to move users home folders from an old server to a new server. After doing the needed research on Friday and having successful tests the plan proceeded to be executed. below is the first line of code I used on the old server using robocopy:

|  robocopy \\oldserver\home\  \\newserver\home\ /S /E /COPY:DATSOU /R:1 /W:30 >C:\HomeDir_robocopy.log  |

The above robocopy command moved all home folder directories to the new server while retaining the ACL's. This process took about 1 hour to move 22GB's worth of files over the network while creating a log as well. I am sure I could have added more threads to this command using the /MT: switch, but I didn't. Live and learn.

After this process completed, I went through and checked the log file that was created to verify that all files were copied and that there were not any errors. No errors were logged, and the ACL's matched up. I consider that a great success. \\oldserver\home share was then removed from the available shares on the Windows 2008 server. No more old server home folder access for users. The folders are still on the server for the next couple of weeks in case a user is missing any files or cannot access their new home path.

Then the fun part began. I then used a powershell command to look through the Student OU and change all user objects home path to point to \\newserver\home\%username% with the following code:

|   get-qaduser -searchroot 'ou=youraccounts,dc=yourdomain,dc=com' | foreach-object {$folder = $_.samaccountname;set-qaduser $_.dn -homedirectory "\\yourserver\path\$folder" -homedrive 'M:'}   |

The above cmdlet is used after installing the Quest Active Roles AD Management PSSnapin. This cmdlet searches the OU specified in the domain and sets the homedirectory attribute to the path & drive letter that you specify. With all user's now using the proper home path all I needed to do was sit back and wait for someone to scream. So far, no one has complained and all seems to be working pretty smoothly after this move.

Overall this project was a great success and allowed my customer to start planning to allow this server to finally be decommissioned after a long waiting period resulting from this problem of duplicated home folders that were also not mapped properly and a need for ADUC cleaning. This server is now on it's way to becoming and RODC for a satellite office.