keeping sysvol current using robocopy?

Jeff Sadowski jeff.sadowski at
Fri Oct 21 16:54:21 MDT 2011

before I posted asking how to keep sysvol synced and some wrote that I
should use rsync.
but rsyn doesn't keep ntfs permissions. So I found how to do this from
my windows server with
robocopy that comes with 2003 resource tool kit.

Here are the steps I took to get my sysvol's with the correct permissions.
First I browsed to the samba servers sysvol  directory using my 2003
DC's desktop to do it from.
Then I created a test directory in the samba servers sysvol.
Then right click on the test directory and select properties.
Go to the permissions tab up top.
Then I opened my windows sysvol in a file browser on the same desktop
I selected an area of white space and right clicked and selected properties
and go to its permissions tab.
Edit the test directories permissions to match the sysvol permissions
save your work and then use the linux commands on your samba server as follows

perms=`samba-tool ntacl get --as-sddl
/usr/local/samba/var/locks/sysvol/<test directory>`
samba-tool ntacl set "${perms}" /usr/local/samba/var/locks/sysvol

now we can go back to the windows machine and delete everything from
the samba servers sysvol
and run the following commands in a windows shell to rebuild it with
the permissions

robocopy /MIR /SEC /Z \\<ip of 2003 DC>\sysvol \\<ip of samba server>\sysvol

and wala you have all the same permissions now in your samba servers files

I keep it synced from the windows server with robocopy scripts that
look as follows

robocopy /E /Copy:S /IS /IT \\<ip of 2003 DC>\sysvol \\<ip of samba

that I run from the windows scheduler.

More information about the samba-technical mailing list