This topic describes how to ensure consistency in the Access Control Entries (ACEs) during migration.
The migration utility copies all of the security information, including the ACEs, from the source to the destination tree. Because of how the operating system handles inheritance of ACEs and dynamic propagation, it is possible that the destination tree ACE list is not the same as the source ACE list.
The migration tool disables the inheritance feature on the destination folder so this tree does not inherit any ACEs from its parents. This also prevents the destination folder from passing ACEs down to its children. If the source data being migrated was inheriting ACEs from its parents in the source, these inherited ACEs will not be applied in the destination folder. In this case, you will see an ACE mismatch error during the verify phase of migration.
This condition might occur when the newly-created destination folder does not have the same ACEs as the source had before the migration was run. To avoid this condition, you can manually create the destination folder and manually apply the source ACEs to the destination before starting the migration.
Parent topic: Planning the security strategy