ADPro: How to run a manual ReACL through the command line (4316911)

Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Zurück

Feedback übermittelt

Konnten Sie mithilfe dieses Artikels ein Problem lösen?

Bewertung auswählen

Titel

ADPro: How to run a manual ReACL through the command line
Beschreibung

ADPro: How to run a manual ReACL through the command line
Lösung

If a device is unable to be picked up by the AD Pro console or if there are environmental settings, you do not wish to change to allow it to be picked up by the console. There is a method, you can use to run a ReACL locally from the device.

Firstly, we need to ensure that the required files are copied to the device in question.

If you already have the agent installed on the device you will need to copy the following files from a working device. You will need to copy to C:\Program Files (x86)\Binary Tree\ADPro Agent

map.gg

map.usr

ReAcl-config.json

If you did not have the agent on the device, you will need to copy the following files to a folder which you have created locally.

Once the required files are in place create a Test Folder on the device and add Permissions to that folder for a user that has been synchronized to the Target Domain. For this example, we have created c:\reacl_test

Edit the ReAcl-Config.json file with Notepad, this is to ensure that the Process only runs on the Test folder and not the entire Server.

Please note which updates have been set to true and which to false. If you also require fileshare and not just NTFS folder and file permissions you would also need to change updateDirectoryShares to true.

Open a Command Prompt and change directory to the folder that has the ReACL files located. Run the following from the command prompt:

Reacl.exe -f -g -p -r -s -u /config=ReAcl-config.json /mode=prepare

After completion examine the ReACL logfile and confirm permissions on the resource to verify the new Target Sid has been allocated the correct permissions

Now edit the ReAcl-Config.json file with Notepad and make the changes necessary to perform the ReACL as required. When done run the ReACL command from a command prompt again to ReACL the server:

Reacl.exe -f -g -p -r -s -u /config=ReAcl-config.json /mode=prepare

If you are doing multiple folders, then each one needs to be on a different entry for example

"localFolders": ["E:\\Fileshare"

],

"localFolders": ["c:\\temp"

],

"localFolders": ["c:\\test"

],

If you wish to run a manual reacl on a file share you will need to add the following

"updateRemoteFolders": true,

Then for each file share you need to add

"RemoteFolders": [{"path": "\\\\w12r2-fs-tiw\\techshare",}],

Please note that if you are stilling adding users and groups to be sync’d to the target domain then the map.gg and map.usr files will need to be updated on a regular basis either from a device which has had a recent ReACL or you can download direct from the AD Pro console from the mapping files section.

Please ensure any changes made to the ReAcl-config.json are backed up, any reacl to this device from the console will overwrite this file.