Installation and Configuration
The emc CelerraCIFSManagement snap-in for Microsoft Management Console can be used to set up VNX Home Directory. It’s a nightmare to find unless you still have your CD’s that came with your Celerra/VNX but see my previous post on CAVA for a possible working link to it, assuming you already have a powerlink account with emc (free to set up).
emc Home Directory is a very neat piece of functionality whereby you change the users home directory path in AD to read \\cifsserver\home and upon hitting the home share on cifsserver the user will be automatically dropped into the subfolder containing their home directory files. If a home directory folder doesn’t already exist, it can (and will by default) create one.
You don’t need to create a home share on the VNX upfront, and if you do, HomeDirectory won’t actually start. You will need a filesystem though. You start the homedirectory feature from the CelerraCIFSManagement snap in, but remember to do a custom install and untick UNIX Users and CAVA if you have no intention of using them, since Unix Users will attempt to change your AD schema (but will fail if you’re account is not a schema admins member). You can always add the other features later by re-installing and HomeDirectory will not be affected.
Once the snap in is installed, you can enable Home Directory. It’ll warn that theres currently no database and that one should be created. Once this is created, all you need to do is create a rule for users * with a path to your filesystem\<d>\<u> whereby <d> is the domain name they’ve logged in on and <u> is their username. This is what controls what folder they get dropped off at and/or the folder structure that needs to be created for them if there’s no pre-existing home directory for that user.
The default security is that the users home directory is fully secured so that only they can get to it. This can be changed by setting domain admins full control on a top level folder for the domain, and making a registry change to the emc Home Directory settings in HKLM\Software\emc\homedirectory and setting 0 to 1 which turns on inheritance.
The full official doc can be read here HomeDirectory , but that is the basic gist of it, and I found it worked first time, so it’s pretty straightforward to get installed and running and makes subsequent adminstration of home directories a cinch.
Migrating users Home Directories
You can view my previous post on using robocopy or emcopy to migrate data. Note that since existing home directories are each individually shared in their own right, you may feel the desire to use sharedup to migrate the shares to the VNX – This is not required since each user maps the same share and the datamover paths them through to their own subfolder. You may want to set up an adminstrative hidden share on the root of the filesystem though, so that you can get to ALL the home directories for the purpose of deleting old users, dealing with any support problems.
There is another issue which will affect your ability to migrate users home dirs (possibly) and that is that Windows 7 et al, tend to display a users home directory as “My Documents” occasionally. This is due to the desktop.ini file misbehaving and can easily be fixed by simply deleting it without consequence. Obviously desktop.ini would need to be deleted for all users, and this can be done using this example forfiles script.
forfiles /p x:\homedirs /s /m desktop.ini /c “cmd /c attrib -h -s @path”
forfiles /p x:\homedirs /s /m desktop.ini /c “cmd /c del @path”
Or alternatively, exclude desktop.ini from your robocopy or emcopy using /XF desktop.ini in the command line, e.g.
emcopy \\sourcesvr\homedirs\username \\destsvr\homedirs\username *.* /s /nosec /o /a /i /d /c /xf desktop.ini /th 32 /r:5 /w:3
robocopy \\sourcesvr\homedirs\username \\destsvr\homedirs\username *.* /e /fft /np /xf desktop.ini /r:5 /w:3
If a migrated user logs on and is directed to a non-existent home directory hosted on VNX using VNX HomeDirectory, then one will automatically be created and the permissions automatically secured so that only that user can access it*
*default behaviour assuming registry flag on cifs server is still set to 0 and the rule in cifsmanagement snapin home directory settings is set to autocreate
For all other users being directed by homedirectory to their migrated home directories, the security will be inherited from the root of the filesystem*
*assuming the root has everyone full control, or has specific perms set and the registry flag for home directory on the cifs server is set to 1 to inherit all the way to the users home directory
To subsequently secure migrated home directories, we need to list each home directory and then set the permissions for the user on each one*
*assuming the home directory has the same name as the user – probable scenario given the emc HomeDirectory rules use of the <u> variable to represent the users username when creating their homedirectory.
The following command has been used successfully to add a specific Access Control Entry to the permissions on the users home directory, allowing them Full Control.
for /f %f IN (‘dir /ad /b X:\homedirs\’) DO cacls X:\homedirs\%f /e /p %f:F
Note that to execute this command in a batch file, you need to replace %f with %%f
If your filesystem fills up and you want to move, say all users beginning with u6 to a separate filesystem, then the following command is a working example. robocopy doesn’t allow you do only copy folders matching a wildcard pattern (although it does allow you to copy all folders, excluding certain patterns).
for /f “delims=” %f IN (‘dir u:\u6* /ad /b’) DO robocopy u:\%f j:\%f /MIR /R:1 /W:1 /B
Update: 28/2/2017 Real World Example: Two passes, two different approaches. One does inital copy of just usernames beginning with u5, the second generates a list of missing users after the first pass and does a second pass targeting the missing users.
for /f “delims=” %%f IN (‘dir s:\root\u5* /ad /b/ o’) DO robocopy s:\root\%%f t:\root\%%f /COPYALL /R:1 /W:1 /ZB /NP /FFT /LOG+d:\mattb\u5mig.log (does first pass on all u5 users)
dir /ad /b /o s:\root\u5* | tr ‘[:upper:]’ ‘[:lower:]’ | tee t:\src.txt | wc –l (counts 2113 and writes list of all u5 users to src.txt)
dir /ad/b /o t:\root\u5* | tr ‘[:upper:]’ ‘[:lower:]’ | tee t:\dest.txt | wc –l (counts 2113 and writes list of all u5 users to dest.txt)
comm -23 t:\src.txt t:\dest.txt | tee t:\missing.txt | wc –l (counts 0 differences and writes list of any missing u5 users to missing.txt)
for /f “delims=” %%f IN (cat t:\missing.txt) DO robocopy s:\root\%%f t:\root\%%f /COPYALL /R:1 /W:1 /ZB /NP /FFT /LOG+d:\mattb\u5mig.log (does 2nd pass on any missing users only)