Docu41470 - Using EMC Utilities For The CIFS Environment PDF

EMC® VNX™ Series
Release 7.1
Using EMC Utilities for the CIFS Environment

P/N 300-013-807 Rev 02
EMC Corporation
Corporate Headquarters:
Hopkinton, MA 01748-9103
1-508-435-1000
www.EMC.com
Copyright © 1998 - 2013 EMC Corporation. All rights reserved.
Published February 2013
EMC believes the information in this publication is accurate as of its publication date. The
information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION
MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO
THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an
applicable software license.
For the most up-to-date regulatory document for your product line, go to the Technical
Documentation and Advisories section on EMC Powerlink.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on
EMC.com.
All other trademarks used herein are the property of their respective owners.
Corporate Headquarters: Hopkinton, MA 01748-9103
2 Using EMC Utilities for the CIFS Environment 7.1

Contents
Preface.....................................................................................................5
Chapter 1: Introduction...........................................................................7
System requirements...............................................................................................8
Restrictions...............................................................................................................8
Related information................................................................................................8
Chapter 2: Concepts.............................................................................11
LGDUP....................................................................................................................12
EMCOPY.................................................................................................................12
SHAREDUP............................................................................................................12
EMCACL................................................................................................................12
EMCABE.................................................................................................................12
FSTOOLBOX..........................................................................................................12
Planning considerations.......................................................................................13
Chapter 3: Configuring.........................................................................15
LGDUP....................................................................................................................16
LGDUP command syntax..........................................................................17
LGDUP exit status codes............................................................................18
LGDUP example..........................................................................................19
EMCOPY.................................................................................................................24
EMCOPY command syntax.......................................................................26
EMCOPY exit status codes.........................................................................30
EMCOPY example 1....................................................................................30
EMCOPY example 2....................................................................................31
SHAREDUP............................................................................................................32
Using EMC Utilities for the CIFS Environment 7.1 3

Contents
SHAREDUP command syntax..................................................................33

SHAREDUP exit status codes....................................................................34
SHAREDUP example..................................................................................36
EMCACL................................................................................................................37
EMCACL command syntax.......................................................................37
EMCACL exit status codes.........................................................................39
EMCACL example......................................................................................40
EMCABE.................................................................................................................41
EMCABE command syntax.......................................................................41
EMCABE example 1....................................................................................42
EMCABE example 2....................................................................................42
EMCABE example 3....................................................................................43
FSTOOLBOX..........................................................................................................43
FSTOOLBOX command syntax.................................................................44
FSTOOLBOX example................................................................................45
Usage of EMC utilities for migration..................................................................50
Migrate EMC utilities..................................................................................51
Renaming the CIFS server....................................................................................62
Chapter 4: Troubleshooting..................................................................63
EMC E-Lab Interoperability Navigator..............................................................64
VNX user customized documentation...............................................................64
Error messages.......................................................................................................64
EMC Training and Professional Services...........................................................65
Glossary..................................................................................................67
Index.......................................................................................................69

Preface
As part of an effort to improve and enhance the performance and capabilities of its product lines,
EMC periodically releases revisions of its hardware and software. Therefore, some functions described
in this document may not be supported by all versions of the software or hardware currently in use.
For the most up-to-date information on product features, refer to your product release notes.
If a product does not function properly or does not function as described in this document, please
contact your EMC representative.

Preface
Special notice conventions

EMC uses the following conventions for special notices:
Note: Emphasizes content that is of exceptional importance or interest but does not relate to personal
injury or business/data loss.
Identifies content that warns of potential business or data loss.
Indicates a hazardous situation which, if not avoided, could result in minor or

moderate injury.
Indicates a hazardous situation which, if not avoided, could result in death or

serious injury.
Indicates a hazardous situation which, if not avoided, will result in death or serious
injury.
Where to get help

EMC support, product, and licensing information can be obtained as follows:
Product information—For documentation, release notes, software updates, or for

information about EMC products, licensing, and service, go to EMC Online Support
(registration required) at http://Support.EMC.com.
Troubleshooting—Go to EMC Online Support at http://Support.EMC.com. After
logging in, locate the applicable Support by Product page.
Technical support—For technical support and service requests, go to EMC Customer
Service on EMC Online Support at http://Support.EMC.com. After logging in, locate
the applicable Support by Product page, and choose either Live Chat or Create a service
request. To open a service request through EMC Online Support, you must have a
valid support agreement. Contact your EMC sales representative for details about
obtaining a valid support agreement or with questions about your account.
Note: Do not request a specific support representative unless one has already been assigned to
your particular system problem.
Your comments
Your suggestions will help us continue to improve the accuracy, organization, and overall
quality of the user publications.
Please send your opinion of this document to:
[email protected]

1
Introduction
The EMC VNX software includes utilities that perform a number of

functions. For instance, they can migrate groups, shares, files, and
directories from a Microsoft Windows Server to VNX keeping the original
security intact. Other utilities restrict access to files and shares, and help
manage user quotas. The utilities are executable files activated from a
Microsoft Windows Server console window with a user account with
specific privileges.
This document is part of the VNX information set and is intended for those
using the EMC CIFS utilities to migrate files and directories.
Topics included are:
◆ System requirements on page 8
◆ Restrictions on page 8
◆ Related information on page 8

Introduction
System requirements
Table 1 on page 8 describes the EMC® VNX™ series software, hardware, network, and
storage configurations.
Table 1. System requirements for EMC CIFS utilities
Software VNX version 7.0
Hardware No specific hardware.
Network The CIFS utilities are intended for use on CIFS clients only.
Storage No specific storage.
Restrictions
Restrictions are listed in each utility section.
Related information
Specific information related to the features and functionality described in this document is
included in:
◆ EMC VNX Command Line Interface Reference for File

◆ VNX for File man pages
◆ Parameters Guide for VNX for File
◆ Configuring and Managing CIFS on VNX
◆ Using Windows Administrative Tools on VNX
◆ Using International Character Sets on VNX for File
EMC VNX documentation on EMC Online Support

The complete set of EMC VNX series customer publications is available on EMC Online
Support. To search for technical documentation, go to http://Support.EMC.com. After
logging in to the website, click Support by Product and type VNX series in the Find a
Product text box. Then search for the specific feature required.

Introduction
VNX wizards
Unisphere software provides wizards for performing setup and configuration tasks. The
Unisphere online help provides more details on the wizards.
Related information 9
Introduction

2
Concepts
The EMC CIFS utilities include six tools that assist with migrating and
managing CIFS environments from servers by running Microsoft Windows
to VNX. This section provides a brief explanation of each utility and
planning considerations.
Topics included are:
◆ LGDUP on page 12
◆ EMCOPY on page 12
◆ SHAREDUP on page 12
◆ EMCACL on page 12
◆ EMCABE on page 12
◆ FSTOOLBOX on page 12
◆ Planning considerations on page 13

Concepts
LGDUP
LGDUP replicates the local groups and local users database from a server to a single Data
Mover. The local groups database of the target server can be updated. Prefix the local groups
database to maintain the original user rights when multiple local groups databases reside
on a single Data Mover.
EMCOPY
EMCOPY duplicates a directory tree from one server to another, keeping the security intact,
including access control lists (ACLs) with local groups' access control entries (ACEs). When
copying the local group security entries, EMCOPY first ensures that the local group database
has been replicated on the target server. If not, EMCOPY suggests using LGDUP first. Choose
other options to specify exactly which security properties to replicate during the copy process.
Table 6 on page 26 provides more information.
SHAREDUP
SHAREDUP duplicates the shares from one Windows Server to another with Windows
security intact including ACLs with local groups' ACEs.
EMCACL
EMCACL modifies all the security properties of existing files and directories on VNX. The
user can specify new ACEs (including local groups) and change the owner of the files or
directories.
EMCABE
EMCABE allows a user to enable or disable the access-based enumeration (ABE) feature of
a single share or all the shares of a server. The tool also allows a user to view the current
state of a specified share.
FSTOOLBOX
FSTOOLBOX helps to manage quota entries for a local or a mapped network drive. It allows
a user to list, move, or delete files and directories owned by any user on a specified drive.

Concepts
Planning considerations
This section describes planning considerations before using one of the utilities.
Note: EMC Professional Services can provide valuable assistance with planning CIFS migrations.
Contact EMC Customer Support Representative for more information.
Backups: Before using any utility, back up the contents (metadata and data) of the Windows
Servers to be moved to VNX.
Storage: Ensure there is enough storage capacity to hold the contents of the Windows Servers.
Map the Windows Servers contents to the Data Movers: Determine through which Data Movers
the contents of the servers are to be accessed before moving files from the Windows Server.
For example, move the local groups database from Windows Server A2 to which Data
Mover?
Group membership and rights: Before using EMC CIFS utilities, the user accounts used for
running the utilities must have certain group memberships and privileges. Unless otherwise
noted, the privileges apply only to the computer running the utilities.
Table 2 on page 13 summarizes the group memberships, access rights, and permissions
required for each utility.
Table 2. EMC CIFS utilities group membership and permissions
Utility Group Rights/permissions required

LGDUP Member of either the Administrators or Must have generate security audits and
Account Operators group on the source manage auditing and security log privi-
and target servers. leges.
EMCOPY Member of either the Administrators or ◆ Backup files and directories re-
Account Operators group on the source quired on the source.
and target computers. ◆ Restore files and directories re-
quired on the target.
SHAREDUP Member of the Administrators group on No special privileges.

the source and target servers.
EMCACL Member of the Users group. Backup and restore privileges on the
server where the pathname resides.
EMCABE Member of either the Administrators or No special privileges.

Account Operators group.
FSTOOLBOX Member of the Administrators group. Backup, restore, and security privileges
on the target side.
Planning considerations 13
Concepts

3
Configuring
The tasks to configure EMC CIFS utilities are:

◆ LGDUP on page 16
◆ EMCOPY on page 24
◆ SHAREDUP on page 32
◆ EMCACL on page 37
◆ EMCABE on page 41
◆ FSTOOLBOX on page 43
◆ Usage of EMC utilities for migration on page 50
◆ Renaming the CIFS server on page 62

Configuring
LGDUP
LGDUP copies the local groups or local users database from a Windows Server to a Data
Mover. This creates a local groups database on a Data Mover (target server) that otherwise
cannot access domain-based local groups. It also replicates user and group privileges to the
target server:
◆ By default, LGDUP merges the source and target local groups databases.
◆ The -r option replaces the target local groups database with the source local groups
database.
In LGDUP releases prior to LGDUP version 1.06, the -r option erased the local groups
database on the target server.
◆ By using the -p option, local groups databases can be copied from multiple source servers
(incrementally, not simultaneously) to one Data Mover, while leaving the privileges from
each source server intact. It prefixes the local group name by using the format
<source_server_name>_<local_group_name>.
If the -p option is not set, the local groups databases merge, and the privileges from the
source server change.
Requirements and limitations

The following requirements and limitations apply to the LGDUP utility:
◆ The user account must be a member of the Administrators or Account Operators local
group on both the source and target servers.
◆ Use an account with generate security audits and manage auditing and security log
privileges to successfully duplicate all the privileges.
◆ LGDUP must be run for each CIFS server (a Data Mover can house several CIFS
servers).
Dependencies with LGDUP and other CIFS utilities

In some circumstances, LGDUP must be run before EMCOPY or SHAREDUP. Therefore,
it may be necessary to use LGDUP to migrate local groups before using the other utilities.

Configuring
Table 3. EMC CIFS utilities LGDUP dependencies
Utility LGDUP conditions Reason
EMCOPY Run LGDUP.exe before EMCOPY.exe EMCOPY with the /lg option does not
with the /lg or /lu option enabled. copy the local group. It copies the se-
curity descriptors intact. The security
descriptors may include rights as-
signed to the local groups and informa-
tion about the local group.
If using the /lg option with EMCOPY,
the local group must reside on the
target server to guarantee the security
information copies intact.
SHAREDUP Run LGDUP.exe before SHAREDUP does not copy the local
SHAREDUP.exe with the /SD option groups database. If using the /SD op-
enabled. tion, the local groups database must
reside on the target server because
the security descriptor on shares can
include rights for the local groups.
LGDUP command syntax
Table 4 on page 17 lists the required arguments and options for LGDUP.
Table 4. EMC CIFS utilities LGDUP command syntax
Command/Option Description
Copies the local groups database from a Windows Server to VNX, where:
C:\>LGDUP.exe [-r]
[-p] [-s] [-v] [-u] <source> is the NetBIOS name of the source Windows Server.
[-1[+] <target> is the NetBIOS name of the target server.
<logFile>] [-nopriv]
\\<source>\\<target>
Note: For NetBIOS server names, place two slashes (\\) before the source
and target names.
-r Replaces the target local groups database with the source local groups
database. Without this option, LGDUP merges the contents of each local
groups database.
LGDUP 17
Configuring
Table 4. EMC CIFS utilities LGDUP command syntax (continued)
-p Adds a prefix to the local group name on the target server in the following
format:
<source_server_name> _<local_group_name>
Note: Use this option when maintaining the privledges from the source
server when migrating multiple source servers to a single target server.
-s Does not set or add any number of local groups on the first resolve error.
LGDUP stops adding members to a local group on the first resolve error.
-v Sets verbose mode. This displays all the information in detail for each ex-
ecuted operation from the utility, including:
◆ Local group members

◆ Privledge contents, including members' privledges
Note: If this option is not set, only concise informative messages and errors
are displayed.
-l <logFile> Redirects standard output to a new log file.
-l + <logFile> Appends standard output to an existing log file.
-nopriv Does not duplicate local group settings.
-u Allows the migration of a local user.
LGDUP exit status codes
LGDUP returns an encoding status to indicate whether an error occured in the command
execution. A nonzero status code indicates an error occured during the command execution.
The status code is stored in the errorlevel variable of the batch caller file. Table 5 on page
18 lists the exit status codes.
Table 5. EMC CIFS utilities LGDUP exit status codes
Encoding status Meaning
0 No error.
1 Usage error.

Configuring
LGDUP example
This example shows how to copy a local group database from one CIFS server to another,
replacing the existing local group database and setting verbose mode.
Action
To copy a local group database from one CIFS server to a Data Mover, replace the local group database, prefix it, and
set verbose mode, use this command syntax:
C:\>LGDUP.exe-r -p -v \\<source> \\<target>
Example:
◆ The source is a Windows Server: NTServer.

◆ The target is Data Mover 2.
C:\>LGDUP.exe -r -p -v \\NT1 \\dm2
LGDUP 19
Configuring
Output
LGDUP 1.0.7
Copyright (C) 1999, All Rights Reserved,

by EMC Corporation, Hopkinton MA.
Server source:NT1 5.0

Server target:dm2 4.1 EMC-SNAS:T4.2.7.0
**** Duplicate the local groups ****
Get \\dm2 current local groups...

Administrators:
Members can fully administer the machine
Users:
Ordinary users
Gusts:
Users granted guest access to the computer
Power users:
Members can share directories
Account operators:
Account operators of the machine
Backup Operators:
Members can bypass file security to backup files
Replicator:
Support file replication in a domain
NT1_WINS Users:
Members who have view-only access to the WINS Server
Get source local groups from \\NT1...

Administrators:
Administrators have complete and unrestricted
access to the computer/domain
Backup Operators:
Backup Operators can override security restrictions for the sole purpose
of backing up or restoring files
Guests:
Guests have the same access as members of the Users group by default,
except for the Guest account which is further restricted
Power Users:
Power Users possess most administrative powers with some restrictions.
Thus, Power Users can run legacy applications in addition to certified
applications
Replicator:
Supports file replication in a domain

Configuring
Output
Users:
Users are prevented from making accidental or intentional system-wide
changes. Thus, Users can run certified applications, but not most legacy
applications
LG1:
test1
LG2:
test2
WINS Users:
Members who have view-only access to the WINS Server
Check wellknown local groups...

OK
---
Duplicate Administrators...
WARNING: Member(s) of dm2\Administrators have been removed.
Get content of Administrators from ...
The Administrators group includes 2 member(s).

S-1-5-15-237abd17-ae2ae01d-be8ef665-1f4 User NT1\Administrator
S-1-5-15-23a68b82-2c5678eb-3f32a78a-200 Group ABCD3\Domain Admins
WARNING: Account NT1\Administrator cannot be resolved on server \\dm2
-> NT1\Administrator member is REMOVED.
1 members removed from local group Administrators of \\dm2.
1 members set in local group Administrators of \\dm2.
OK
---
Duplicate Backup Operators...

WARNING: Member(s) of dm2\Backup Operators have been removed.
Get content of Backup Operators from ...
The Backup Operators group includes 0 member(s).

OK
---
Duplicate Guests...
WARNING: Member(s) of dm2\Guests have been removed.
Get contents of Guests from ....
The Guests group includes 3 member(s).

S-1-5-15-234abd17-ab2ab01d-be8ef567-1f5 User NT1\Guest
S-1-5-15-234abd17-ab2ab01d-be8ef567-3e9 User NT1\IWAM_NT1
S-1-5-15-234abd17-ab2ab01d-be8ef567-3ea User NT1\IUSR_NT1
LGDUP 21
Configuring
Output
WARNING: Account NT1\Guest cannot be resolved on server \\dm2

-> NT1\Guest member is REMOVED.
WARNING: Account NT1\IWAM_NT1 cannot be resolved on server \\dm2
-> NT1\IWAM_NT1 member is REMOVED.
WARNING: Account NT1\IUSR_NT1 cannot be resolved on server \\dm2
-> NT1\IUSR_NT1 member is REMOVED.
3 members removed from local group Guests of \\dm2.
No member set in local group Guests of \\dm2.

OK
---
Duplicate Power Users...
WARNING: Member(s) of dm2\Power Users have been removed.
Get content of Power Users from ...
The Power Users group includes 0 member(s).

OK
---
Duplicate Replicator...
WARNING: Member(s) of dm2\Replicator have been removed.
Get content of Replicator from ...
The Replicator group includes 0 member(s).

OK
---
Duplicate Users...
WARNING: Member(s) of dm2\Users have been removed.
Get content of Users from ...
The Users group includes 1 member(s).

S-1-5-15-23a68b82-2c5678eb-3f32a78a-201 Group ABCD3\Domain Users
1 members set in local group Users of \\dm2.

OK
---
Duplicate LG1...
LG1 -> NT1_LG1
Create NT1_LG1...
OK
Get content of LG1 from ...
The LG1 group includes 1 member(s).

S-1-5-15-23a68b82-2c5678eb-3f32a78a-201 Group ABCD3\Domain Users
1 members set in local group NT1_LG1 of \\dm2.

OK

Configuring
Output
*---
Duplicate LG2...
LG2 -> NT1_LG2
Create NT1_LG2...
OK
Get content of LG2 from ...
The LG2 group includes 1 member(s).

S-1-5-15-28a68b82-2c7925eb-3f32a78a-200 Group ABCD3\Domain Admins
1 members set in local group NT1_LG2 of \\dm2.

OK
---
Duplicate WINS Users...
WINS Users -> NT1_WINS Users

WARNING: Member(s) of dm2\NT1_WINS Users have been removed.
Get content of WINS Users from ...
The WINS User group includes 0 member(s).

OK
**** Duplicate the privileges ****
Open policy to set privileges...

OK
---
Get accounts for "SeTakeOwnerShipPrivilege" from \\NT1...
OK
Grant "SeTakeOwnerShipPrivilege" on \\dm2 to...
S-1-5-20-220 \\BUILTIN\Administrators...OK
---
Get accounts for "SeBackupPrivilege" from \\NT1...
OK
Grant "SeBackupPrivilege" on \\dm2 to...
S-1-5-20-227 \\BUILTIN\Backup Operators...OK
---
Get accounts for "SeRestorePrivilege" from \\NT1...
OK
Grant "SeRestorePrivilege" on \\dm2 to...
---
Get accounts for "SeChangeNotifyPrivilege" from \\NT1...
OK
LGDUP 23
Configuring
Output
Grant "SeChangeNotifyPrivilege" on \\dm2dm2 to...

S-1-5-20-223 \\BUILTIN\Power Users...OK
S-1-5-20-221 \\BUILTIN\Users...OK
S-1-1-0 \\\Everyone...OK
---
Get accounts for "SeAuditPrivilege" from \\NT1...
OK
Grant "SeAuditPrivilege" on \\dm2 to...
S-1-5-15-28a68b82-2c1234eb-3f32a78a-455 \\ABCD3\admin...OK
S-1-5-15-237abd17-ae2ae01d-be8ef665-1f4 \\NT1\Administrator...OK
---
Get accounts for "SeIncreaseQuotaPrivilege" from \\NT1..
OK
Grant "SeIncreaseQuotaPrivilege" on \\dm2 to...
---
Get accounts for "SeSecurityPrivilege" from \\NT1..
OK
Grant "SeSecurityPrivilege" on \\dm2 to...
************************************************************************
LGDUP source:NT1 target:dm2
- 7 local group(s) have been fully duplicated.

- 2 local group(s) have been partially duplicated.
- 7 privilege(s) have been successfully duplicated.
***********************************************************************
EMCOPY
EMCOPY lets you copy a file or directory (and included subdirectories) from and to an
NTFS partition, keeping security the same on the copy as on the original.
EMCOPY allows you to back up the file and directory security—ACLs, owner information,
and audit information—from a source directory to a destination directory without copying
the file data.
EMCOPY, however, does not copy the local groups database from one computer to another.
You must use LGDUP first to copy the local groups database. Therefore, when the /lg or /lu
option is specified, EMCOPY initially verifies that all of the source server’s local groups
exist on the target server. Even if one group is missing, EMCOPY stops and notifies you to
use LGDUP first, as described in LGDUP on page 16.

Configuring

The requirements and limitations for EMCOPY are as follows:
◆ User account should have the appropriate privileges, which bypass access checking,
to back up and restore files and directories. These are required to restore a directory
that you do not own.
◆ User account must be a member of the Backup Operators group.
◆ User account must be a member of the Administrators or Account Operators group
on both the source and destination computers.
◆ User account must have the Change Audit privilege to copy ACLs.
◆ Source and destination fields for the EMCOPY command must be directories.
◆ Privileges can be set by using Active Directory Users and Computers (ADUC) from
a domain controller in Windows environments, and from the Data Mover Security
Management Console for Windows 2000 environments. These privileges must be set
on both the source and the target server. If they are not, access can be denied, especially
on files that include denied ACEs in their ACL.
◆ Decrypt any encrypted directories or files before using EMCOPY. Otherwise the
computer running Windows 2000 used as the EMCOPY console should be a Microsoft
recovery agent or file owner to copy the encrypted files and directories to VNX.
Windows 2000 help provides more information on recovery agents.
Note: VNX does not support Encryption (EFS).
EMCOPY 25
Configuring
EMCOPY command syntax
Table 6 on page 26 lists the required variables and the options for EMCOPY.
Table 6. EMC CIFS utilities EMCOPY command syntax
Copies a file or directory (and included subdirectories) from and to an NTFS
C:\>EMCOPY.exe
partition, keeping security the same on the copy as on the original, where:
<source>
<destination> <source> is the path to the source directory.
[file [<file> ] ...]
<destination> is the path to the destination directory.
Note: The source and directory variables must be directories.
<file> is a name of the file being copied. To copy a list of files, you can
specify wildcard characters. For example, to copy only matched files in all
scanned directories, type the following as the file list:
*.cpp *.h
Note: EMCOPY copies all files when the file argument is omitted.
/nosec Disables the copy of the security descriptor properties of the file or directory.
By default, DACLs are replicated on the created file or directory.
Note: This option takes priority over the default on the /o, /a, /lg,
and /i options.
/o Copies the file’s (or directory’s) owner.Without this option, the user account
used for the copy becomes the file/directory owner on the target server.
/a Copies auditing information.
Note: The user account must also have granted the manage audits and
security log privilege on both the source and destination clients before this
option is enabled.
/secfix Forces an update of Windows security properties even if the destination

file or directory already exists. If this option is omitted, the security properties
are replicated only on newly created files and directories to optimize the
performance of the copy.

Configuring
Command/Option (continued) Description
/lg Copies local group security entries:
◆ Without this option, local group entries are ignored.

◆ If the set of local groups on both the source and destination
servers is not identical, you must run the LGDUP utility to
copy the local groups database before running EMCOPY
with the /lg option.
/lu Enables the copy of local user security entries when asked to
copy the security information. Without this option, local user
entries are ignored.
/i Ignores security entries with local users:
◆ Use this option to ignore or suppress the ACEs for local

users, as this type of user cannot be used on the destina-
tion server. Local users are available only for the server
where the source files are located, that is, the source
server.
◆ Security errors can occur when this option is disabled be-
cause the local user is unknown to the destination server.
◆ To preserve the security of the file content, the /SD option
can be used to erase or suppress the file content when a
security error occurs.
/create Creates a file of zero length, rather than copying the data.
/s Copies the subdirectories.
/lev:<n> Sets the depth level (specified by <n>) of the subdirectories.

For example:
This command copies <n> (where <n> = 1, 2, or 3):
1 = Only files in the specified source directory.
2 = The first level of subdirectories, with their files.
3 = The first and second directory levels and their files (and so
on, for increasing the values of <n>).
/d Copies only the files with the LAST MODIFICATION time later
than the existing target copy.
Note: Use this option to copy only those files created on the
source directory to update a destination directory.
EMCOPY 27
Configuring
/sd Preserves the copied file’s security in the copy. If any error
occurs during the security setting, the target file is deleted or
erased:
◆ When this option is enabled, the utility copies the data of

only the security properties duplicated without any error.
◆ When this option is omitted, users can access a file on the
target that they do not normally have access to on the
source.
/l Lists only the files that should be copied without actually dupli-
cating any files.
If the /secfix option is also specified, the /l option com-
pares (and does not change) the Windows security of the
source and the destination files or directories. In this case, the
/o and /a options specify the owner and audit properties
comparison. When differences occur, the properties of both
the source and destination files or directories are printed.
/c Allows the process to continue after the retries.
Note: The copy stops this option is not specified.
Comand/Option (continued) Description
/z Restarts the copy process of the current file, in the event of a

failure, from the point of the failure, rather than from the begin-
ning of the file.
Note: This option is especially useful when you are copying

large files or are experiencing network problems.
/r:n Specifies the maximum number of retries. The default setting

is 100 retries.
/w:n Specifies the time in seconds to wait between two consecutive

retries. The default setting is 30 seconds.
/log:<filename> Creates and names a new file and redirects console messages
to it.
/log+:<filename> Appends new console messages to an existing file.

Configuring
/purge Removes file/purge from the destination tree that no

longer exist in the source tree.
Note: This option does not bypass Windows rights. ACEs

do not allow the user of EMCOPY to delete some files or
directories.
/q Disables file printing as standard output.
/f Requests a fullpath print that prints the source and destina-

tion paths. Only the source path prints by default.
/nocase Creates all file and directory names with lowercase charac-
ters.
/BackupSD Allows backup of security properties without copying the file

content. Extra files are removed from the destination,
equivalent to /purge forced.
This option takes priority over these options:
/nosec/o/lg/i
/create/purge/l/lu
/nocase/d/a
Note: There is no local group translation and local SID

suppression.
/Restore SD Restores the security properties without copying the file

content.
This option takes priority over these options:
/nosec/o/lg/i
/create/purge/l/lu
/nocase/d/a
Note: There is no local group translation and local SID

suppression.
/preserveSIDh Forces EMCOPY to preserve historical SID information

during the Security Descriptor translation. By default, every
obsolete SID is replaced by its valid substitute SID.
EMCOPY 29
Configuring
EMCOPY exit status codes
EMCOPY exit status codes

EMCOPY returns an encoding status to indicate whether an error occurred in the
command execution. A nonzero status code indicates an error occurred during command
execution. The status code is stored in the errorlevel variable of the batch caller file. Table
7 on page 30 lists the exit status codes.
Table 7. EMC CIFS utilities EMCOPY exit status codes
Encoding status Meaning
0 No error.
1 Mismatch error — A directory was not created because a file with the same name
exists.
2 Security error — One or more security descriptors were not applied.
4 Copy of data error — One or more files were not duplicated.
8 Critical error — No files and directories were copied.
EMCOPY example 1
This example shows how to copy one directory with all its contents and its owner to a
different directory on a Data Mover.
Action
To copy the source directory to the destination directory, copy the source directory’s owner and all the source directory’s
subdirectories, use this command syntax:
C:\>EMCOPY.exe <source> <destination>/o /s
Example:
C:\>EMCOPY.exe c:\source\ g:\destination /o /s

Configuring
Output Note
DACLs are also duplicated. By default, the DACLs are copied
EMCOPY 02.04b when the /NOSEC option is not set. The owner attribute of
Copyright (C) 2001, All Rights the directories and files is also duplicated. The command
Reserved, output includes the list of files and a summary that includes
by EMC Corporation, Hopkinton, MA
Date: 10/24/2001 12:10:26 the number of files, directories, bytes copied, and an error
Source path: c:\source count.
Desti. path: g:\destination
Files: *.*
List/Modify/Create options:
Security options: /o
Retry options: /r:1000000 /w:30
Server SRC: NTSERVER1 4.0
Server DEST:DM12_ANA0 4.1
Getting local group(s) from
\\NTSERVER1
Processing the copy from c:\source
to g:\destination...
c:\source\folder1\ ->
g:\destination\folder1
c:\source\folder1\ text1.txt ->
g:\destination\folder1\tetx1.txt
g:\destination\folder1\text2.txt
---
---
Summary results:
File(s) copied: 67
Directory(ies) created: 4
Security Descriptor Setting done: 71
Amount of copied bytes: 3 MB
(3864591 Bytes)
EMCOPY example 2
Action
To copy the source directory to the destination directory including the local groups security entries, use this command
syntax:
C:\>EMCOPY.exe <source> <destination>/o /s /lg
Example:
C:\>EMCOPY.exe c:\source\ g:\destination /o /s /lg
EMCOPY 31
Configuring
Output Note
You must use LGDUP before by using EMCOPY with the
EMCOPY 02.04b /lg option.
Copyright (C) 2001, All Rights
Reserved,
Date: 10/24/2001 12:10:26
Source path: c:\
Desti. path: g:\
Files: *.*
Security options: /o /lg
\\NTSERVER1
Processing the copy from c:\ to
g:\...
g:\dest\folder1\text1.txt
c:\source\folder2\abc2.txt ->
g:\dest\folder2\abc2.txt
d:\ntusrmap\ver0\usrmap.db ->
g:\ntusrmap\ver0\usrmap.db
d:\ntusrmap\ver0\usrmap.exe ->
g:\ntusrmap\ver0\usrmap.exe
d:\ntusrmap\ver0\usrmap.log ->
g:\ntusrmap\ver0\usrmap.log
---
---
Summary results:
File(s) copied: 67
SHAREDUP
SHAREDUP allows CIFS shares to be copied from one CIFS file server to another. Use it to
duplicate many shares. By using the /SD option, you can duplicate the ACLs for the shares
if there are local groups or local users in the ACL. The SIDs will be translated to the target
equivalent local group/user SID.

The SHAREDUP utility is subject to the following requirements:
◆ User must be a local administrator to run SHAREDUP.

◆ The target and source servers must be members of the Administrators group.

Configuring
◆ Before using the SHAREDUP with the /SD option, use LGDUP to ensure all local
groups of the source server are on the target server.
◆ A share cannot be created on a nonexistent directory.
◆ The newrootpath and subdirectories must exist.
◆ SHAREDUP does not duplicate system shares.
SHAREDUP command syntax
Table 8 on page 33 lists the required variables and the options for SHAREDUP.
Table 8. EMC CIFS utilities SHAREDUP command syntax
Copies CIFS shares from one server running Windows
C:\>SHARDUP.exe \\<source> \\<tar
to another, primarily when there are many shares to copy,
get>
where:
<srcdrive>
\\<source> = the NetBIOS name of the source.
\\<target> = the NetBIOS name of the target.
Note: For NetBIOS server names, the <source> and

<target> names must be preceded by two slashes
(\\).
<srcdrive> is the drive letter of the source server to

select for duplication (for example, C:). Specify ALL to
use all the drives in the source server.
/P <newrootpath> Specifies the root path prefixed to the directory of the

created shares.
/R Replaces the target share if it exists already.
/SD Duplicates the share’s security descriptor.
Note: Use LGDUP.exe prior to using this option to en-

sure that all the source server’s local groups reside on
the target server.
/PREFIX Adds a prefix to shares on the target server with the

source server name to avoid share name collision in case
of multiple server consolidations on a single VNX.
/FO:<outputFile> Creates the list of shares to duplicate on the target

server by using the selected options.
SHAREDUP 33
Configuring
Table 8. EMC CIFS utilities SHAREDUP command syntax (continued)
/FO+:<outputFile> Concatenates several drive letters for the same source
and target servers in a single file.
/FI:<inputFile> Uses the specified file as a list of shares to create on the

target server.
This option takes priority over the /p and /prefix
options.
/LOG:<path> Sets the log filename to the path. Erases the file.
/LOG+:<path> Sets the log filename to the path. Appends to the file.
/IP4700 Sets IP4700 compliance mode. Local groups are not

translated and local filters are not filtered. This option
must be set when the source of the share is an IP4700
system.
/ND:domain_name Translates SID by using the new domain name instead

of the original domain name when security descriptor
translation is asked.
/lu Enables the copying of local user security entries when

asked to copy the security information. Without this op-
tion, local user entries are ignored.
SHAREDUP exit status codes
SHAREDUP returns an encoding status to indicate whether an error occurred in the command
execution. A nonzero status code indicates an error occurred during command execution.
Table 9. EMC CIFS utilities SHAREDUP exit status codes
Exit status Meaning
0 No error.
1 Syntax error.
2 Server name error or server does not

respond.

Configuring
Table 9. EMC CIFS utilities SHAREDUP exit status codes (continued)
Exit status Meaning
3 Duplication error.
SHAREDUP 35
Configuring
SHAREDUP example
Action
To duplicate all the shares, including security properties, from the source to the destination server, prefix the created
shares with the source server name, use this command syntax:
C:\>SHAREDUP.exe \\<source> \\<target> <srcdrive>/P<newrootpath> /PREFIX /r /sd
Example:
C:\>SHAREDUP.exe \\NT1 \\dm2 D: /P \fs2 /PREFIX /r /sd
Output
SHAREDUP 01.05a (pre-release)

Source server:NT1 5.0

Target server:dm2 4.1 EMC-SNAS:T4.2.7.0
Getting local group(s) from \\NT1...

Getting local group(s) from \\dm2...
---
Creating share "\\dm2\NT1_share3"
to export directory "C:\abcd\top\share3"...
-> OK
---
-> OK
---
-> OK
***********************************************************************
SHAREDUP source:NT1 target:dm2
Summary results:
Number of share(s) successfully duplicated: 3
Number of error(s): 0

Configuring
EMCACL
EMCACL allows the ACLs of files or directories to be displayed and edited. It can also be
used to change the owner of files or directories. User entries supplied in the command line
can be local groups or local users of the server where the pathname is located.
◆ Enclose user/account names that include spaces in quotation marks. For example,
"domain account".
◆ Use wildcard characters to specify more than one file or directory in a command.
◆ Specify more than one user in a command (except for the /o option).
◆ Combine access rights.
◆ The ACL for a directory includes ACEs that control whether new files or directories
created in that directory inherit the directory’s user privileges.
◆ User account should have the appropriate privileges, which bypass access checking,
to back up and restore files and directories. These is required to restore a directory
that you do not own.
◆ User account must be a member of the Backup Operators group.
◆ User account must be a member of the Administrators or Account Operators group
on both the source and destination computers.
◆ User account must have the Change Audit privilege to copy ACLs.
EMCACL command syntax
Table 10 on page 37 lists the required variables and the options for EMCACL.
Table 10. EMC CIFS utilities EMCACL command syntax
Displays and edits ACLs for files and directories, and
C:\>EMCACL.exe <pathname>
changes file and directory owners, where:
<pathname> is the path to the target file or directory.
/H Requests more help.
/T By itself, the /T option requests a scan of only subdirec-

tories. For example, EMCACL dir1 /T displays the ACL
contents for dir1 without making any changes.
EMCACL 37
Configuring
Table 10. EMC CIFS utilities EMCACL command syntax (continued)
When specified with at least one of the following options:
/O, /G, /R, /P, or /D, the /T option changes the ACLs
of the files in the specified directory and all subdirectories.
/E Edits the file or directory’s ACL without replacing it.
Note: Use this to add an ACE to an existing ACL.
/C Directs the program to continue if an error occurs.
/O <user> Changes the owner to the specified user.
/G <user>:perm [; [T] spec] ] Grants specified user access rights:
◆ <user> is local groups or local users of the server

where the pathname is located.
◆ Permissions (perm) apply to files and, if the spec
option is omitted, to directories.
◆ The spec option, if specified, applies the spec rights
only to directories. The values for the spec option
are the same as those for the perm option.
The values for the perm and spec options are as fol-
lows. In this list, Special access means single type ac-
cess, such as Read, Write, and others:
R= Read (equivalent to E + X)
C= Change (write)
F= Full control (R + C + P + O + D)
P= Change permissions (Special access) — allows
modification of only the ACL content of a file or directory
O= Take ownership (Special access)
X= Execute (Special access)
E= Read (Special access)
W= Write (Special access)
D= Delete (Special access)
◆ The T flag applies only before the spec option.

◆ If the T flag appears just after the semicolon (;), the
inheritance of this ACE is disabled. That is, if the T

Configuring
Table 10. EMC CIFS utilities EMCACL command syntax (continued)
flag is present, new files within the parent directory
do not inherit the user privileges of the directory itself.
◆ If the T flag is omitted, the new files inherit the ACEs
of the parent directory.
/R <user> Revokes the specified user's access rights.
/P <user>:perm [; [T] spec] ] Replaces the specified user’s access rights. The values
for perm and spec are the same as those listed for
the /G option.
/D <user> Denies the specified user's access rights.
/Y Replaces the user’s access rights without confirmation.
/Q Prints only errors and a summary (Quiet switch).
EMCACL exit status codes
EMCACL returns an encoding status to indicate whether an error occurred in the command
execution. A nonzero status code indicates an error occurred during command execution.
Table 11. EMC CIFS utilities EMCACL exit status codes
Encoding Status Meaning
0 No error.
1 Syntax error - The command used the wrong syntax.
2 Given path not found - The pathname argument is incorrect or not found.
3 ACL change failure.
EMCACL 39
Configuring
EMCACL example
Action
To print the ACL for all the files or directories in the current directory and its subdirectories, use this command syntax:
C:\>EMCACL.exe <pathname>*.* /T
Example:
C:\>EMCACL.exe \\NT1\Draft\*.txt /t
Output
EMCACL 01.05

Server:NT1 4.1 EMC-SNAS:T5.0.5.4
\\NT1\Draft\
Owner:"UNIX UID=0x0 ''"
Group:"UNIX GID=0x0 '_c'"
DACL count:5
"BUILTIN\Administrators": Allowed FULL:EWXPOD (0x001F01FF)
Flags:OI,CI
"Power Users": Allowed FULL:EWXPOD (0x001F01FF) Flags:OI,CI,IO
S-1-5-20-225 : Allowed CHGE:EWXD (0x001301BF) Flags:OI,CI
"SYSTEM" : Allowed FULL:EWXPOD (0x001F01FF) Flags:OI,CI
"Everyone" : Allowed FULL:EWXPOD (0x001F01FF) Flags:OI,CI
\\NT1\Draft\r1.txt
Owner:”Domain A\administrator"
Group:"Domain A\Users"
DACL count:5
"BUILTIN\Administrators": Allowed FULL:EWXPOD (0x001F01FF) Flags:IA
S-1-2-34-567 : Allowed CHGE:EWXD (0x001301BF) Flags:IA
"SYSTEM" : Allowed FULL:EWXPOD (0x001F01FF) Flags:IA
"Everyone" : Allowed FULL:EWXPOD (0x001F01FF) Flags:IA
\\NT1\Draft\r2.txt
Owner:"Domain A\administrator"
Group:"Domain A\Users"
DACL count:6
"NT1\EDCBA_[b]" : Allowed READ:EX (0x001200A9)
"BUILTIN\Administrators": Allowed FULL:EWXPOD (0x001F01FF) Flags:IA
S-1-2-34-567 : Allowed CHGE:EWXD (0x001301BF) Flags:IA
"SYSTEM" : Allowed FULL:EWXPOD (0x001F01FF) Flags:IA
"Everyone" : Allowed FULL:EWXPOD (0x001F01FF) Flags:IA

Configuring
EMCABE
The EMCABE command-line tool enables ABE, disables ABE, and displays the ABE status
of a remote Data Mover’s shares. The EMCABE tool works with both Windows 2000 and
Windows Server 2003 clients. It is enabled by default for Windows Server 2008. EMCABE
command-line tool also supports Windows Server 2012.
EMCABE is similar to the Windows ABECMD tool with one additional option that displays
the ABE status of a share, as listed in Table 12 on page 41. EMCABE is also run from the
Windows command prompt.

This utility is subject to limitations:
◆ User must be a local administrator to run EMCABE.

◆ To set ABE on a share, you must be a member of the Windows Administrators Group
or Account Operators Group.
◆ ABE does not affect a user with backup privileges on a CIFS server.
◆ ABE impacts only the last path component of a share request. Parent directories are
not impacted.
EMCABE command syntax
Table 12 on page 41 lists the required variables and options for EMCABE.
Table 12. EMC CIFS utilities EMCABE command syntax
Enables and displays ABE and displays the status of
C:\>EMCABE [/E | /D | /G]
ABE, where:
[/T <servername>]
[/A | /S <sharename>] <servername>= the name of the server.
[/?] <sharename>= the name of the share.
/E Enables ABE on the specified shares.
/D Displays ABE on the specified shares.
/G Displays the status of the specified shares.
/T <servername> Applies the specified command option on the target

CIFS server. By default, the target CIFS server is on
the local machine.
EMCABE 41
Configuring
Table 12. EMC CIFS utilities EMCABE command syntax (continued)
/A Run EMCABE on all shares of the target CIFS server.
/S <sharename> Specifies the share on which to run EMCABE. By de-

fault, the system runs EMCABE on all shares of the
CIFS server.
/? Displays the syntax message.
EMCABE example 1
Action
To enable ABE on a share, use this command syntax:
C:\>EMCABE /E /T\\<servername>/S<sharename>
where:
<servername>= name of the server
<sharename>= name of the share
Example:
C:\>EMCABE /E /T \\winserver /S ufs2
Output
EMCABE 01.00

ABE is now enabled on share ufs2
EMCABE example 2
Action
To enable ABE on all shares of a CIFS server, use this command syntax:
C:\>EMCABE/E /T\\<servername> /A
where:
<servername>= name of the CIFS server

Configuring
Action
Example:
C:\>EMCABE /E /T \\winserver1 /A
Output
EMCABE 01.00

ABE is already enabled on share ufs2
EMCABE example 3
Action
To display the ABE status of all shares on a CIFS server, use this command syntax:
C:\>EMCABE /G /T\\<servername>/A
where:
<servername>= the name of the CIFS server
Example:
C:\>EMCABE /G /T \\winserver1 /A
Output
EMCABE 01.00

ABE is disabled on share ufs1

ABE is enabled on share ufs2
FSTOOLBOX
FSTOOLBOX is a tool to help manage quota entries for a local or mapped network drive. It
allows a user to list, move, or delete whole files and directories owned by a given user on
a specified drive.
EMCABE 43
Configuring
◆ User must be a local administrator to run FSTOOLBOX.

◆ Mapped resource must be the root level of the VNX file system to use FSTOOLBOX.
◆ Universal naming convention (UNC) paths are unsupported. Only network-mapped
resources are supported.
◆ Domain\name user notation is supported, as well as the user given as a SID value.
◆ Operator user account must grant the backup, restore, and security privileges on the
target side.
FSTOOLBOX command syntax
Table 13 on page 44 lists the command syntax for FSTOOLBOX.EXE.
Table 13. EMC CIFS utilities FSTOOLBOX command syntax
FSTOOLBOX is a tool that allows an administrator to
C:\>FSTOOLBOX <drive>: [info]
list, move, or delete files and directories, where:
[list domain\name]
[EnumAllFiles domain\name] [re <drive> = the name of the drive (local or network).
moveAllFiles domain\name] [remove
Quota domain\name] [removeFile
sAndQuota domain\name] [ChangeOwner
domain\oldowner domain\newowner]
[moveUserTree domain\name target
path]
info Prints the user quota setup of the file system.
list domain\name Enumerates all user quotas, or one particular user if

specified.
EnumAllFiles domain\name Enumerates all the user files and directories given a
domain\name or a SID value.
removeAllFiles domain\name Deletes all the user files and directories given a do-
main\name or a SID value.
removeQuota domain\name Removes the quota entry given a domain\name or

a SID value.

Configuring
Table 13. EMC CIFS utilities FSTOOLBOX command syntax (continued)
Note: This command functions only if any files belonging

to the user remain.
removeFilesAndQuota Deletes all the user files and directories and removes
domain\name the quota entry given a domain\name or a SID value.
ChangeOwner domain\oldowner Changes ownership to newowner given a do-

domain\newowner main\name or a SID value of files and directories
that were previously owned by the oldowner given a
domain\name or a SID value.
moveUserTree domain\name Moves all users files, directories, and subdirectories

targetpath given a domain\name or a SID value.
FSTOOLBOX example
The following example shows how to use fstoolbox.exe in a scenario where an administrator
wants to view the disk usage of a user, move that user’s files and directories, then remove
the quota entry of the user:
1. View the quota setting of a drive by using this command syntax:
C:\>FSTOOLBOX <drive>:info
where:
<drive>= letter of the drive
Example:
To view the quota setting of drive g:, type:
C:\>FSTOOLBOX g: info
Output:
FSTOOLBOX 45
Configuring
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=info

GetQuotaState=1
Quotas are ENABLED but the limit value is not being enforced.
Users may exceed their quota limit
DefValues THRESHOLD=0X1C200000 LIMIT=0X1F400000 Log=0
Default QuotaThreshold: 450 MB
Default QuotaLimit: 500 MB
DisplayQuotaLogState=0
Elapsed time: hours: 00, mins: 00, secs: 00
2. View the disk usage for a specified user by using this command syntax:
C:\>FSTOOLBOX <drive>: list <domain\name>
where:
<domain\name>= domain and name of the specified user
Example:
To view the disk usage for user dw2k3\admu1, type:
C:\>FSTOOLBOX g: list dw2k3\admu1
Output:
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=list

QuotaInfo for: DW2K3\admu1 S-1-5-15-597E341A-CE8E74D1-
C993CA8E-45D
Used: 2.40 MBytes (0x268000)
Threshold: 450.00 MBytes (0x1C200000)
Limit: 500.00 MBytes (0x1F400000)
Found 2 quota entries for this file system

3. List all the files and directories owned by a specified user by using this command syntax:
C:\>FSTOOLBOX <drive>: enumallfiles <domain\name>
where:
<domain\name>= domain and name of the specified user
Example:
To list all of the files and directories owned by dw2k3\admu1, type:

Configuring
C:\>FSTOOLBOX g: enumallfiles dw2k3\admu1
Output:
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=enumallfiles

Directory : G:\myfile
Directory : G:\myfile\Speech
File : G:\myfile\Speech\spchtel.dll
File : G:\myfile\Speech\speech.cnt
File : G:\myfile\Speech\speech.dll
File : G:\myfile\Speech\speech.GID
File : G:\myfile\Speech\speech.hlp
File : G:\myfile\Speech\vcauto.tlb
File : G:\myfile\Speech\vcmd.exe
2 dir and 7 files parsed status=0

4. Change the owner of all the files and directories of a specified user by using this command
syntax:
C:\>FSTOOLBOX <drive>:changeowner<domain\olduser> <domain\newuser>
where:
<domain\olduser>= domain and name of the user
<domain\newuser>= domain and name of the new user
Example:
To change the owner from dw2k3\admu1 to dw2k3\stdu1, type:
C:\>FSTOOLBOX g: changeowner dw2k3\admu1 dw2k3\stdu1
Output:
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=changeowner

Directory : G:\myfile owner set to dw2k3\stdu1
Directory : G:\myfile\Speech owner set to dw2k3\stdu1
File : G:\myfile\Speech\spchtel.dll owner set to dw2k3\stdu1
File : G:\myfile\Speech\speech.cnt owner set to dw2k3\stdu1
File : G:\myfile\Speech\speech.dll owner set to dw2k3\stdu1
File : G:\myfile\Speech\speech.GID owner set to dw2k3\stdu1
File : G:\myfile\Speech\speech.hlp owner set to dw2k3\stdu1
File : G:\myfile\Speech\vcauto.tlb owner set to dw2k3\stdu1
File : G:\myfile\Speech\vcmd.exe owner set to dw2k3\stdu1
FSTOOLBOX 47
Configuring
5. Verify there are no files or directories owned by a specified user by using this command
syntax:
C:\>FSTOOLBOX <drive>: enumallfiles<domain\user>
where:
<domain\user>= domain and username of the specified user
Example:
To list all of the files and directories owned by dw2k3\admu1, type:
C:\>FSTOOLBOX g: enumallfiles dw2k3\admu1
Output:
FSTOOLBOX 01.02



6. Move the files and directories of a specified user to another drive by using this command
syntax:
C:\>FSTOOLBOX <drive>: moveusertree<domain\user> <drive>:\<directory>
where:
<directory>= name of the destination directory
Example:
To move the files and directories of dw2k3\stdu1 from drive g: to c:\move_tree, type:
C:\>FSTOOLBOX g: moveusertree dw2k3\stdu1 c:\move_tree
Output:

Configuring
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=moveusertree
Server SRC :DW2K3B26S2 5.0 EMC-SNAS:T5.3.20.0

Server DEST:LEFRANC 5.0
Processing the move from G:\ to c:\myfile\ ...
G:\myfile
G:\myfile\Speech
G:\myfile\Speech\spchtel.dll
G:\myfile\Speech\speech.cnt
G:\myfile\Speech\speech.dll
G:\myfile\Speech\speech.GID
G:\myfile\Speech\speech.hlp
G:\myfile\Speech\vcauto.tlb
G:\myfile\Speech\vcmd.exe
Summary results:
File(s) copied: 7
Security Descriptor Setting(s) done: 9
Amount copied byte(s) : 2 MB (2 387 579 Byte(s))

7. Verify there are no files or directories owned by a specified user by using this command
syntax:
C:\>FSTOOLBOX <drive>: enumallfiles<domain\user>
where:
Example:
To verify that there are no files or directories owned by dw2k3\stdu1, type:
C:\>FSTOOLBOX g: enumallfiles dw2k3\stdu1
Output:
FSTOOLBOX 01.02



8. Remove the quota entry for a specified user by using this command syntax:
C:\>FSTOOLBOX <drive>: removequota<domain\user>
FSTOOLBOX 49
Configuring
where:
Example:
To remove the quota entry of dw2k3\stdu1, type:
C:\>FSTOOLBOX g: removequota dw2k3\stdu1
Output:
FSTOOLBOX 01.02

fstoolbox G:\ \\DW2K3B26S2\fs1sh Cmd=removequota

User quota removed for user dw2k3\stdu1
Usage of EMC utilities for migration

This section describes an example process that uses some of the EMC utilities. The LGDUP,
SHAREDUP, and EMCOPY utilities are used to migrate data and Windows attributes from
servers running Windows operating system to a Data Mover.
Migrating utilities example assumes:
◆ The Windows Server is quiet with no users accessing it.

◆ VNX is fully integrated into the target domain.
◆ The source computer resides in the same domain as the VNX.
◆ It is unnecessary to preserve NetBIOS names from the source server to the target server.
Note: EMC Customer Support Representatives offer custom migration solutions for CIFS data migration
requirements. If you need experienced help in conducting a more complex migration, contact your
local EMC Customer Support Representative.

Configuring
Migrate EMC utilities

The tasks to migrate EMC utilities are:
◆ Assign the user account to an administrative group with appropriate rights on page 52
◆ Log in as a NEWUSER on page 53
◆ Create a file system on page 54
◆ Create a mount point on page 55
◆ Mount the filesystem on page 56
◆ Export the root share on page 57
◆ Copy the local groups database on page 58
◆ Copy the directory to the Data Mover on page 59
◆ Duplicate the shares on page 60
◆ After migration is completed on page 61
Usage of EMC utilities for migration 51

Configuring
Assign the user account to an administrative group with appropriate rights
Assign the user account (NEWUSER) for the migration to the Domain Administrators group,
and assign the appropriate rights to the user account to run the utilities. The user account
performing these tasks must be a member of the Administrators group:
1. Select Start ➤ Programs ➤ Administrative Tools (Common) ➤ Active Directory Users and
Computers.
2. On the User menu, select Select Domains. The Select Domain dialog box appears.
3. Double-click the source domain, where source is the source computer running Windows.
The selected domain information appears in the Select Domain dialog box.
4. In the Groups pane, double-click Administrators.
In the local groups pane, add NEWUSER where NEWUSER is the user account that
conducts migration.
Note: NEWUSER is used for illustrative purposes. Select whichever user is appropriate.
The Local Group Properties dialog box appears.

5. In the Local Group Properties dialog box, click Add.
The Active Directory Users and Computers dialog box appears.
6. In the Active Directory Users and Computers dialog box, click the username of the user
account to conduct the migration.
Click Add. Click OK.
The Active Directory Users and Computers dialog box returns as the active window.
7. On the Policies menu, click User Rights. The User Rights Policy dialog box appears.
8. From the Rights drop-down list, select the right to add. Click Add.
The rights are:
•
Back up files and directories
•
Generate security audits
•
Manage auditing and security log
•
Restore files and directories
The Add Users and Groups dialog box appears.
9. In the Names pane, select the user to which you want to assign the right. Click Add. Click
OK.
Repeat steps 8 and 9 for each right.
10. Repeat steps 3 through 9 for the target domain, where the target is VNX.

Configuring
Log in as a NEWUSER
Log out of the Windows Server and log in as a NEWUSER:

1. Press Ctrl + Alt + Delete. The Security dialog box appears.
2. Click Log Off. A dialog box appears, querying whether you want to log off.
3. Click Yes. The Welcome to Windows dialog box appears.
4. Press Ctrl + Alt + Delete. The Log On to Windows dialog box appears.
5. Type the new username in the User name text box.
6. Type the password in the Password text box and click OK.
The operating system starts up.

Configuring
Create a file system
Before creating a file system, you must have a metavolume available.
Action
To create a file system, use this command syntax:
$ nas_fs -name <name> -create <volume_name>
Example:
$ nas_fs -name ufs1 -create mtv1
Output
id = 18
name = ufs1
acl = 0
in_use = False
type = uxfs
volume = mtv1
rw_servers=
ro_servers=
symm_devs = 002806000209-006, 002806000209-007, 002806000209-
008, 002806000209-009
disks = d3,d4,d5,d6

Configuring
Create a mount point
Create a mount point specifying the name of the Data Mover and path of the mount point
created.
Action
To create a mount point, use this command syntax:
$ server_mountpoint <movername> -create /<pathname>
Example:
$ server_mountpoint server_2 -create /ufs1
Output
server_2: done

Configuring
Mount the filesystem
Mount the file system specifying the name of the Data Mover, name of the file system to
mount, and the name of the mount point.
Action
To mount a file system, use this command syntax:
$ server_mount <movername> <fs_name> /<mount_point>
Example:
$ server_mount server_2 ufs1 /ufs1
Output
server_2: done

Configuring
Export the root share
Export the root share specifying the name of the Data Mover, name of the share, and path
of the mount point created.
Action
To export the root share, use this command syntax:
$ server_export <mover_name> -Protocol cifs -name <sharename> /<pathname>
Example:
$ server_export server_2 -Protocol cifs -name share1 /ufs1
Output
server_2: done

Configuring
Copy the local groups database
Use LGDUP to duplicate the local groups database from the source Windows computer to
the Data Mover.
Action
To copy the local groups database from the source server to the target server, replace any existing local groups database
on the target server, and prefix the source database, use this command syntax:
C:\>LGDUP.exe -r -p -v \\<source>\\<target>
Example:
C:\>LGDUP.exe -r -p -v \\NT1 \\dm_2
Output Notes
Refer to the LGDUP example on page 19. ◆ By adding a prefix to the local groups database for the
source, you can add additional databases and maintain
the original rights from each source.
◆ LGDUP does not migrate unknown accounts or user
accounts that are local to the source server, such as the
local administrator account.

Configuring
Copy the directory to the Data Mover
Use EMCOPY to copy the source directory and files to the Data Mover.
Action
To copy the source directory on the source to the destination directory on the target server, copy the source directory's
owner, audit information, and all the source directory's subdirectories; and update the destination files to Windows security,
use this command syntax:
C:\>EMCOPY.exe <source> <destination> /o /a /lg /s
Example:
C:\>EMCOPY.exe C:\source g:\destination /o /a /lg /s
Output Note
The DACLs are also duplicated. By default, the DACLs are
EMCOPY 02.04b copied when the /NOSEC switch is not set. The owner at-
Copyright (C) 2001, All Rights tribute of the directories and files is also duplicated. The
Reserved, command output includes the list of files and a summary that
includes the number of files, directories, and bytes copied,
Date: 10/24/2001 12:10:26
Source path: c:\source and an error count.
Desti. path: g:\
Files: *.*
Security options: /o /lg
\\NTSERVER1
Processing the copy from c:\ to
g:\...
g:\destination\folder1\tetx1.txt
c:\source\folder2\abc2.txt ->
g:\destination\folder2\abc2.txt
d:\ntusrmap\ver0\usrmap.db ->
g:\ntusrmap\ver0\usrmap.db
d:\ntusrmap\ver0\usrmap.exe ->
g:\ntusrmap\ver0\usrmap.exe
d:\ntusrmap\ver0\usrmap.log ->
g:\ntusrmap\ver0\usrmap.log
---
---
Summary results:
File(s) copied: 67

Configuring
Duplicate the shares
Use SHAREDUP to duplicate the shares from the source to the destination server.
Action
Note: Prior to this procedure, target directories for the shares must be copied to the Data Mover by using EMCOPY as
described in Copy the directory to the Data Mover on page 59.
To duplicate all shares from the source to the destination server and prefix share names on the destination server, use
this command syntax:
C:\>SHAREDUP.exe \\<source> \\<target> <srcdrive> /p <newrootpath>/PREFIX /r
/sd
Example:
C:\>SHAREDUP.exe \\NT1 \\EMC1 D: /p /mountfs1 /PREFIX /r /sd
Output
SHAREDUP 01.05a (pre-release)

Source server:NT1 5.0

Target server:dm2 4.1 EMC-SNAS:T4.2.7.0
Getting local group(s) from \\NT1...

Getting local group(s) from \\dm2...
---
-> OK
---
-> OK
---
-> OK
***********************************************************************
SHAREDUP source:NT1 target:dm2
Summary results:
Number of share(s) successfully duplicated: 3
Number of error(s): 0

Configuring
After migration is completed
After the migration is completed, repeat the tasks Copy the local groups database on page
58, Copy the directory to the Data Mover on page 59, and Duplicate the shares on page 60
with the next server running Windows. Attempt to access the files from VNX.

Configuring
Renaming the CIFS server

After the migration is complete and the source Windows Server is removed from the network,
the CIFS server can be renamed to the same name as the source Windows Server. After the
CIFS server is changed, the user clients will be able to continue accessing CIFS shares without
changing any configurations.
To rename a compname:
1. To unjoin the original compname from the domain, type:
$ server_cifs server_2 -Unjoin compname=W2kTemp,domain=abc.com,admin=Administrator
2. To delete the compname from the CIFS configuration of the Data Mover, type:
$ server_cifs server_2 -delete compname=W2kTemp
3. To add the compname back to the CIFS configuration of the Data Mover as a NetBIOS
name, type:
$ server_cifs server_2 add NetBIOS=W2kTemp,domain=abc,interface=fsn01
4. To rename the NetBIOS server to the new name, type:

$ server_cifs server_2 rename -NetBIOS W2kTemp W2kProd
5. To delete the renamed NetBIOS name in step 4 from the CIFS configuration, type:
$ server_cifs server_2 delete NetBIOS=W2kProd
6. To add the new compname to the CIFS configuration and active directory (AD) domain,
type:
$ server_cifs server_2 add compname=W2kProd,domain=abc.com,interface=fsn01
7. To join the new compname to the CIFS configuration and AD domain, type:
$ server_cifs server_2 Join compname=W2kProd,domain=abc.com,admin=Administrator

4
Troubleshooting
As part of an effort to continuously improve and enhance the performance

and capabilities of its product lines, EMC periodically releases new versions
of its hardware and software. Therefore, some functions described in this
document may not be supported by all versions of the software or
hardware currently in use. For the most up-to-date information on product
features, refer to your product release notes.
If a product does not function properly or does not function as described
in this document, contact your EMC Customer Support Representative.
Problem Resolution Roadmap for VNX contains additional information about
using EMC Online Support and resolving problems.
Topics included in this chapter are:
◆ EMC E-Lab Interoperability Navigator on page 64
◆ VNX user customized documentation on page 64
◆ Error messages on page 64
◆ EMC Training and Professional Services on page 65

Troubleshooting
EMC E-Lab Interoperability Navigator

The EMC E-Lab™ Interoperability Navigator is a searchable, web-based application that
provides access to EMC interoperability support matrices. It is available on EMC Online
Support at http://Support.EMC.com. After logging in, in the right pane under Product and
Support Tools, click E-Lab Navigator.
VNX user customized documentation

EMC provides the ability to create step-by-step planning, installation, and maintenance
instructions tailored to your environment. To create VNX user customized documentation,
go to: https://mydocs.emc.com/VNX.
Error messages
All event, alert, and status messages provide detailed information and recommended actions
to help you troubleshoot the situation.
To view message details, use any of these methods:
◆ Unisphere software:
• Right-click an event, alert, or status message and select to view Event Details, Alert
Details, or Status Details.
◆ CLI:
• Type nas_message -info <MessageID>, where <MessageID> is the message

identification number.
◆ Celerra Error Messages Guide:
• Use this guide to locate information about messages that are in the earlier-release
message format.
◆ EMC Online Support:
• Use the text from the error message's brief description or the message's ID to search
the Knowledgebase on EMC Online Support. After logging in to EMC Online Support,
locate the applicable Support by Product page, and search for the error message.

Troubleshooting
EMC Training and Professional Services

EMC Customer Education courses help you learn how EMC storage products work together
within your environment to maximize your entire infrastructure investment. EMC Customer
Education features online and hands-on training in state-of-the-art labs conveniently located
throughout the world. EMC customer training courses are developed and delivered by EMC
experts. Go to EMC Online Support at http://Support.EMC.com for course and registration
information.
EMC Professional Services can help you implement your system efficiently. Consultants
evaluate your business, IT processes, and technology, and recommend ways that you can
leverage your information for the most benefit. From business plan to implementation, you
get the experience and expertise that you need without straining your IT staff or hiring and
training new personnel. Contact your EMC Customer Support Representative for more
information.
EMC Training and Professional Services 65

Troubleshooting

Glossary
access control entry (ACE)

In a Microsoft Windows environment, an element of an access control list (ACL). This element
defines access rights to a file for a user or group.
access control list (ACL)

List of access control entries (ACEs) that provide information about the users and groups allowed
access to an object.
access-based enumeration (ABE)

With ABE enabled, Windows will not display files or folders that the user does not have the
rights to access. Only those files or folders that the user has the rights to access are visible, thus
increasing folder-level security.
Common Internet File System (CIFS)

File-sharing protocol based on the Microsoft Server Message Block (SMB). It allows users to
share file systems over the Internet and intranets.
discretionary access control list (DACL)

User-specified (as opposed to system- or administrator-specified) functions.
network basic input/output system (NetBIOS)

Network programming interface and protocol developed for IBM personal computers.
NT file system (NTFS)

See NTFS.

Glossary
NTFS
NTFS is the standard file system of Windows NT, including its later versions. NTFS supersedes
the FAT file system as the preferred file system for Microsoft Windows. NTFS has several
improvements over FAT such as improved support for metadata and the use of advanced data
structures to improve performance, reliability, and disk space utilization, plus additional
extensions such as security access control lists (ACLs) and file system journaling.
security identifier (SID)

Unique identifier that defines a user or group in a Microsoft Windows environment. Each user
or group has its own SID.

Index
E LGDUP (continued)
requirements and limitations 16
EMC E-Lab Navigator 64
EMCABE
command syntax 41 M
concepts 12 messages, error 64
example 42, 43 Migrate EMC utilities
requirements and limitations 41 after migration is completed 61
EMCACL assign user account 52
command syntax 37 copy directory to Data Mover 59
concepts 12 copy local groups database 58
example 40 create a file system 54
exit status codes 39 create a mount point 55
requirements and limitations 37 duplicate shares 60
EMCOPY export the root share 57
command syntax 26 log in as a new user 53
concepts 12 mount the file system 56
example 30, 31
exit status codes 30
requirements and limitations 25 P
error messages 64
Planning considerations
backups 13
F group membership and rights 13
map to Data Movers 13
FSTOOLBOX storage 13
command syntax 44
concepts 12
example 45 R
Related information 8
Restrictions 8
L
LGDUP S
command syntax 17
concepts 12 SHAREDUP
dependencies 16 command syntax 33
example 19 concepts 12
exit status codes 18 example 36

Index
SHAREDUP (continued) System requirements 8

exit status codes 34
T
troubleshooting 63

Docu41470 - Using EMC Utilities For The CIFS Environment PDF

Uploaded by

Copyright:

Available Formats

Docu41470 - Using EMC Utilities For The CIFS Environment PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Docu41470 - Using EMC Utilities For The CIFS Environment PDF

Uploaded by

Copyright:

Available Formats

What are some of the EMC utilities covered in this document and what are their main purposes?

What are some of the EMC utilities covered in this document and what are their main purposes?

What are some planning considerations mentioned when migrating these utilities?

What are some planning considerations mentioned when migrating these utilities?

EMC® VNX™ Series

Using EMC Utilities for the CIFS Environment

2 Using EMC Utilities for the CIFS Environment 7.1

Using EMC Utilities for the CIFS Environment 7.1 3

SHAREDUP command syntax..................................................................33

4 Using EMC Utilities for the CIFS Environment 7.1

Using EMC Utilities for the CIFS Environment 7.1 5

Special notice conventions

Identifies content that warns of potential business or data loss.

Indicates a hazardous situation which, if not avoided, could result in minor or

Indicates a hazardous situation which, if not avoided, could result in death or

Where to get help

Product information—For documentation, release notes, software updates, or for

6 Using EMC Utilities for the CIFS Environment 7.1

The EMC VNX software includes utilities that perform a number of

Using EMC Utilities for the CIFS Environment 7.1 7

Table 1. System requirements for EMC CIFS utilities

Software VNX version 7.0

Hardware No specific hardware.

Storage No specific storage.

◆ EMC VNX Command Line Interface Reference for File

EMC VNX documentation on EMC Online Support

8 Using EMC Utilities for the CIFS Environment 7.1

10 Using EMC Utilities for the CIFS Environment 7.1

Using EMC Utilities for the CIFS Environment 7.1 11

12 Using EMC Utilities for the CIFS Environment 7.1

Table 2. EMC CIFS utilities group membership and permissions

Utility Group Rights/permissions required

SHAREDUP Member of the Administrators group on No special privileges.

EMCABE Member of either the Administrators or No special privileges.

14 Using EMC Utilities for the CIFS Environment 7.1

The tasks to configure EMC CIFS utilities are:

Using EMC Utilities for the CIFS Environment 7.1 15

Requirements and limitations

Dependencies with LGDUP and other CIFS utilities

16 Using EMC Utilities for the CIFS Environment 7.1

Table 3. EMC CIFS utilities LGDUP dependencies

Utility LGDUP conditions Reason

LGDUP command syntax

Table 4. EMC CIFS utilities LGDUP command syntax

Table 4. EMC CIFS utilities LGDUP command syntax (continued)

◆ Local group members

-l <logFile> Redirects standard output to a new log file.

-l + <logFile> Appends standard output to an existing log file.

-nopriv Does not duplicate local group settings.

-u Allows the migration of a local user.

LGDUP exit status codes

Table 5. EMC CIFS utilities LGDUP exit status codes

Encoding status Meaning

18 Using EMC Utilities for the CIFS Environment 7.1

◆ The source is a Windows Server: NTServer.

Copyright (C) 1999, All Rights Reserved,

Server source:NT1 5.0

**** Duplicate the local groups ****

Get \\dm2 current local groups...

Duplicate the local groups

Duplicate the privileges