1

I have a file server role utilizing an Active Directory Domain on Windows Server 2012 and I'm attempting to replace one User Object with another User Object across all existing file server share ACLs.

Essentially user A departed from the company and user B is to take over their responsibilities while maintaining their previous ACLs. User A was a department manager so had Ownership on multiple directories and was manually added to several other department directories for different projects.

Is there a way to replace user A with user B while maintaining user B's ACL's?

Will B.
  • 73
  • 8

1 Answers1

7

You can script this with icacls or set-acl.

As an aside, this is why you use security groups in ACLs and not individual users.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • I was hoping with WS-2012 I could avoid having to script anything in powershell. I agree using domain groups unless denying permission for a specific user is best practice. I am not able to control other users who explicitly define a user as opposed to a group when defining permissions, despite being informed to use groups. For this specific issue the domain groups user B is being added to does not have Full Control, but does have read/write. – Will B. Jun 20 '14 at 14:16
  • 1
    Don't avoid scripting. Embrace it. Sysadmins that can't script or write code will be jobless dinosaurs or at the bottom rung of the industry shortly if they aren't already. – MDMarra Jun 20 '14 at 14:18
  • Sorry poor wording I am capable, I didn't mean avoid scripting all together. Though I am happy that this will provide a bit of job security rather than allowing my superiors to be able to do it using an MMC snap-in interface via remote server admin tools. Thanks :) – Will B. Jun 20 '14 at 14:35