• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 21 subscribers
  • Views 7390 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

reACL Filer (SAN) - cleanup source accounts

pothitos.baikas
over 7 years ago

Using Vmover.exe to reACL a share located on a SAN with /volume command line option, practically adds the matching target user/group to the ACL, and retains the source object with the same access rights. How one can remove the source accounts at the end of the migration? To the best of my understanding, not doing so and de-commissioning the source domain (or deleting the source objects) will leave orphaned SIDs on the share - and this is not nice.

P.S. my experience till now, is that "adding" the target account is the standard functionality with the vmover.ini. I suspect that an option in vmover.ini possibly controls the functionality I am after, however not all options in vmover.ini are fully documented.

  • +1 over 7 years ago
    There is an option the vmover.ini "CleanUp=No" that controls this function. Change it to "CleanUp=Yes" and re-run your vmover command line. That will remove the source account acls.
  • +1 over 7 years ago
    Thanks, however I was about to answer to myself the response that this can be found on the MM console UI. I never paid attention to this little check box there, subsequently I was trying to do it the hard way. BTW, I produced different versions of the ini file using the UI and the result was what you suggested. Now, this raises one more question: Are there any pre-requisites for this option to take effect - I mean, one can do it during the accounts co-existence period, or the option also takes into account other info e.g. the Enable/Disable status of the account?
  • +1 over 7 years ago
    I was going to suggest the UI as it is the preferred method, but was not sure if you were doing something unique with the command line. No, I'm not aware of any pre-reqs to using the option, you can run it as needed. Enabled/disabled account status won't matter. It's really no different from running RUM on a workstation with the cleanup option.