Your account | Cart Cart
 Search
Home Products FAQs Download Shop Contact
UMove for Active Directory
IntroductionIntroduction
Choice of OperationChoice of Operation
Loading Active DirectoryLoading Active Directory
Advanced TopicsAdvanced Topics
Error MessagesError Messages
Override of Warning MessagesOverride of Warning Messages
Warning: Applications installed too soonWarning: Applications installed too soon
Warning: Damaged ACL foundWarning: Damaged ACL found
Warning: DFSR is not stableWarning: DFSR is not stable
Warning: Encrypted FilesWarning: Encrypted Files
Warning: Expired BackupWarning: Expired Backup
Warning: Insufficient Disk SpaceWarning: Insufficient Disk Space
Warning: No DNS Server InstalledWarning: No DNS Server Installed
Warning: No IPV6 InstalledWarning: No IPV6 Installed
Warning: Registry Size Too SmallWarning: Registry Size Too Small
Warning: Wrong Service PackWarning: Wrong Service Pack
Warning: Windows disk letters differWarning: Windows disk letters differ
Warning: Windows May Need Network ActivationWarning: Windows May Need Network Activation

Warning: Damaged ACL found

The Access Control List (ACL) is a list of security permissions that determine what users or groups are allowed to access a file or a folder. Every file/folder has an associated ACL. The warning message means that the ACL permissions for a folder appear to be incorrect or damaged.

On the source computer: This error means that a system folder (for example, C:\Windows\System32 or C:\Windows\Sysvol) contains a damaged ACL entry. The ACL for the folder may have been inadvertently reset by the administrator with Windows Explorer.

The ACL entry should be fixed before backup (see below). Otherwise Active Directory may not function correctly when the backup is loaded on the destination computer.

On the destination computer: This error means the staging folder contains a damaged or incorrect ACL entry. This is usually due to an improper manual transfer of the staging folder where the ACL permissions were not copied correctly to the destination computer.

How to Fix This Error On The Source Computer

To fix this error on the source computer you need to manually restore the missing ACL entry for the system folder before backing up Active Directory. The error message will indicate the name of the missing group.

The following procedure will add an entry to the ACL to a folder:

  1. Click on Start -> Run.
  2. Type "EXPLORER.EXE" and click Ok. This will launch Windows Explorer.
  3. Find the damaged folder and right-click on it.
  4. In the popup menu click on Policies and select Sharing and Security...
  5. Click on the tab Security.
  6. Click on the button Add..
  7. Click on the button Object Types...
  8. Check the box for Groups. Uncheck all other boxes and click Ok.
  9. Click the button Advanced (lower left corner).
  10. Click the button Find now (right side).
  11. Scroll down and find the name of the missing group. (The language may vary.) Click on the name so it is highlighted.
  12. Click Ok. This will add the name to the selection box.
  13. Click Ok again. This will add the name to the list "Group or user names“.
  14. Check the box Full control or Read (as applicable) under Allow, and click Ok. This will update the ACL entry.

In rare cases UMove may report that the ACL is not protected against inheritance from the parent folder. The following procedure will turn off inheritance on a folder:

  1. Click on Start -> Run.
  2. Type "EXPLORER.EXE" and click Ok. This will launch Windows Explorer.
  3. Find the damaged folder and right-click on it.
  4. In the popup menu click on Policies and select Sharing and Security...
  5. Click on the tab Security.
  6. Click on the button Advanced
  7. Clear the first checkbox: Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here. Verify that the box is not checked and click Ok.
  8. A dialog box will pop up. Click on Copy.
  9. Click Ok to close the remaining dialog boxes.

The above procedures should be used only on the source computer. Do not use the above procedures on the destination computer. Instead re-copy the staging folder (see next section).

How to Fix This Error On The Destination Computer

To fix this error on the destination computer, you need to re-copy the staging folder so that the security settings are preserved unchanged from the source computer. The ACLs must be copied correctly for Active Directory to load successfully.

The best way to guarantee that ACLs are copied correctly is to use a .BKF file. If you must do a manual transfer, use a utility that preserves ACLs. For example use XCOPY /O.

Overriding the Warning Message

The only time you should override this warning message is when you are restoring AD from a 3rd-party backup utility that you know contains a damaged ACL from the source computer. Do not override this warning message when doing a manual transfer, as the ACL damaged probably happened on the destination computer. You must correctly copy the ACL permissions from the source computer to the destination computer in order for Active Directory and the Group Policy files in SYSVOL to load successfully.

How to override this warning
Algin Technology LLC
   Home -- Products -- FAQs -- Shop -- Download -- Reseller -- Privacy -- Contact
Copyright © 2010, Algin Technology LLC