So we took over a new client and their file server is frankly a mess.
We have migrated their old file server from a 2k box to a 2k8 DFS cluster and now I'm looking at rebuilding both the folder structure and their permissions. Unfortunately its been half done with AD groups (poorly named/no description/notes) and half with individuals named in security on the folders themselves.
What I'm looking to do is to dump a complete list of all the folders with their security permissions (ideally I'd like to ignore files but not essential).
CACLS got me half way there but fails with an odd error message and its output isn't particularly user friendly and I'm working with roughly 2Tb/250,000 files here so I really need something that gives me a bit more functionality.
Question : does anyone have any experience of something similar/know of a bit of software that might help me out?
you have several options. But first I would suggest you maybe make your life easier by using xcopy to only copy the directories and their respective ACL/Auditing settings.
you might be able to continue with cacls or use something else...
All that, but why not do the human part and sit down with people and ask who needs access to what? Then create a new structure and permissions based on the needs using your conventions and documentation.
A number of years ago I created a system for my own use that was designed to save and recreate share based permissions. i.e. It will recreate shares and the permission son those share, plus any lower down permissions that differ from the share itself.
The only case I can think of where it might not do what you want to do is on a Terminal Server, where the permissions are not necessarily below a share. Although it has never been tested on 2008 I see no reason it shouldn't work on that version as well.
You can download it from here and you are free to use it without restriction. Be sure to read the ReadMe.txt before using it. It was created to be effective, not elegant.