Voltar
-
Título
Group was migrated successfully but RUM won't apply dual-ACL on the source share/folder -
Descrição
A select number of groups are not being processed when processing servers. Groups have been matched and migrated successfully.
Processing was done by RUM and also by running vmover.exe manually.
-
Causa
Permissions anomaly or unrecognizable source SIDs -
Resolução
During investigation, we've found an anomaly:- source server Explorer GUI would show a group in question is listed in share/folders ACLs- PowerShell Get-Acl on any folder in the share will also list a group by name, but won't show SIDs in SDDL section- we were able to re-add the same exact group from source domain into ACLs manuallyAlternatively, users/groups can be shown properly by Explorer GUI, but analysis by Get-Acl command revealed, that they're having SIDs, that do not belong to source and target domain SIDs in vmover.ini file.To resolve the problem, it may be needed to reapply the source group permissions even though it may end up showing the same group twice. Then re-process the server in RUM/vmover. -
Informações adicionais
vmover doesn't care about names and reading SIDs from ACLs to match them with vmover.ini. This happens during the RUM processing, so it's advisable to verify manual vmover processing if RUM is not working as expected.