This is our current situation: We have an active directory with Server 2008 R2 and roaming profiles which is currently in use (old server), and we have a new Server 2008 R2. We already set up a new AD on the new server and only want to copy the users files from the old to the new AD. (We have about 20 users, thus we can copy the old files to the new profile folders by hand.)
The new server is a hosted server, and our admin-user(-group) is not in the builtin Administrators group. To copy the users files to the new profile folders, we need to access the latter.
The problem is, windows server 2008 R2 only adds the builtin Administrators group to a profile folders ACL. Even if we add our admin-users-group to the root-profile-folder (with "This folder, subfolders and files"), the profile folders do not inherit this setting. We can take ownership of each profile folder, but this does not seem to be the right way.
So how can we add out admin-user-group to each profile folders ACL?
First of all, please make sure the policy "Allow Administrator group to Roaming Profiles" is applied to client pc, run "gpupdate /force" or restart the clients pc.
This article explains how to set that policy (make sure it is set on your OU with your computers in.)
The way I would transfer your profiles to your new server is to : log onto a client pc so the current profile is loaded, then change the profile patch in Active Directory to the location on your new server. (while the user is logged on) now when the user logs off the profile should copy from the client to your new server.
This will only work if the computers and servers are on the same domain.
The way to go is doing what you suspect not to be the right way. It also is the only way.
You need to set permissions on each profile directory individually (since inheritance from the parent directory typically is not enabled). To do that it may be necessary to take ownership of all profile directories including all files and subdirectories.
Since you have only 20 users it might not be worthwhile to automate the task. If you still want to do it, have a look at my free tool SetACL.
Changing ownership and permissions on a larger number of directories can be very tedious in Explorer. SetACL Studio makes that work much easier.