Windows 2003 IIS FTP Server Migration w/ User Accounts

windows windows-server-2003 iis ftp migration
6,667

Solution 1

There is no "easy" solution to this problem - ACLs for local accounts are lost when moved to a new server because the SID associated with that user doesn't map to a valid user account any longer.

There is a way to do it though without having to wipe out your system. I'm going to walk through what I think is the easiest way, using Powershell (with WMI), icacls and some text editing.

  1. Create all of the new users on the new server

  2. On both the old server and the new server, get a listing of all the username to SID mappings. To do this, open up Powershell and run the command (on each server):

    get-wmiobject win32_useraccount | where { $_.localaccount } | export-csv serverusers.csv

  3. You've got some manual work to do now - you need to take both of the spreadsheets and map the SIDS from the old server users to the new ones. Create this in a new CSV (c:\sids.csv) with a format this is something like: oldusername,newusername,oldsid,newsid

  4. On the old server, save the ACLs for the files you care about using icacls. For example, if your files are in a folder called c:\ftproot\ you would go into that folder and do:

    icacls * /save c:\acls.bak /T

  5. Now you need to do a search and replace on the acls.bak file - for every row in your CSV, find all instances of oldsid and replace it with newsid. Here is a powershell script to do that:

    $file = get-content C:\acls.bak -encoding unicode
    $csv = import-csv c:\sids.csv
    foreach ($row in $csv) {
    $file = $file -replace $row.oldsid,$row.newsid
    }
    set-content c:\acls2.bak $file -encoding unicode

  6. Copy all of the files to the new server

  7. Restore the ACLs on the files in the new server (again, assuming this is under c:\ftproot):

    icacls . /restore c:\acls2.bak /T

And that should do it - the files should now have the permissions set using the new local user accounts.

Solution 2

The easiest way is to use IIS Sites Transfer software or IIS Easy Migration Tool from http://www.hoststools.com There are free versions. These tools help to migrate FTP sites, FTP accounts as long as ACL permissions.

Share:
6,667

Related videos on Youtube

Brad
Author by

Brad

Updated on September 17, 2022

Comments

  • Brad
    Brad over 1 year

    I'm trying to figure out the best way to migrate an FTP server from old hardware to new hardware. The server is on a domain, but not all the users setup on the server (to use FTP) are domain accounts, some are local to the server.

    For example, I have users both ways:

    domain\username machinename\username

    The new machine name will be different.

    So I need to copy all the files with permissions in tact from the old server to the new server. Then I need to convert all the user accounts from the old server to the new server. Then I need to change the file permissions so that they are no longer oldserver\username but newserver\username.

    Can this be accomplished all with CALCS? Is there an easy way that perhaps I'm missing?

  • Brad
    Brad about 14 years
    I wish this was an option, but it's not.
  • Brad
    Brad about 14 years
    One more question, that CSV file, can it just have both sids listed in two columns? Are those just column names used for the PowerShell CSV object?
  • MattB
    MattB about 14 years
    @Brad: The CSV really only needs the old sid and new sid. For it to work properly in Powershell, the first row of the CSV has to be a "header" row with the column names, so something like oldsid,newsid and then you can use $row.oldsid and $row.newsid when you loop through.
  • Brad
    Brad about 14 years
    @MattB: I've ran into another issue. The ACL file dumped by ICACLS seems to be formatted differently. After I run my PowerShell command and replace the SIDs the file size is half as big. I downloaded WinMerge to compare the two, and the originaly dump has a (00) code after every character. Will this matter when restoring the permissions?
  • Brad
    Brad about 14 years
    @MattB: Nevermind, I think I've figured it out. set-content c:\acls2.bak $file needs to be appended with -encoding unicode
  • MattB
    MattB about 14 years
    @Brad: sorry, my test script had that - not sure how I missed it in the copy/paste.
  • Brad
    Brad about 11 years
    I didn't care for this tool, especially the Gather function which tries to pull in all the domain groups/users instead of just those that exist on the local machine.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Run FTP server on port 80 along with web traffic
IIS FTP Folder Access Issues (550)
How can I find out which version of Microsoft Internet Information Services (IIS) my server is running?
Which port number to use for FTP on IIS 7
IIS6: Turn off or disable a virtual directory for downtime/upgrade
Configure IIS FTP with a Virtual Directory to a UNC path
IIS 6 SSL breaks after VMware clone with customization
How to backup IIS 6.0 Configuration to work across different Servers?
Need to run an IIS website in 32bit mode on a 64bit Windows Server
Data Channel Port Range box in IIS Manager is disabled