Contrary to some documentation out there in the internet ethers (how great icacls is compared to its predecessor, cacls), icacls has a serious flaw in bulk processing on server 2008 r2. As a followup to a post I wrote a year ago , I discovered that icacls does not set permissions properly when scripting acl’s in bulk.  Here’s my scenario:

Last July I changed employers, and one of my tasks in the past year was to deploy a new file server to replace a very badly configured, poorly deployed virtual machine file server. In addition, I discovered five different naming conventions were used when previous accounts were created in Active Directory. So, to get to a place where I can also prepare for an Exchange migration, I had a lot of account clean up. More »