Decommissioning a File Server Without Losing Anything

Discovery — Know What You're Removing

Before moving anything, audit everything on the server. The surprises during decommission come from undocumented shares, broken DFS links, and scripts that hardcode the server name.

# List all non-admin shares
Get-SmbShare | Where-Object {$_.Name -notlike "*$"} | Select Name, Path, Description

# Export share permissions
Get-SmbShare | ForEach-Object {
  $name = $_.Name
  Get-SmbShareAccess -Name $name |
    Select @{N='Share';E={$name}}, AccountName, AccessRight
} | Export-Csv C:\share-permissions.csv -NoTypeInformation

# Export NTFS permissions
Get-SmbShare | Where-Object {$_.Name -notlike "*$"} | ForEach-Object {
  $acl = Get-Acl $_.Path
  [PSCustomObject]@{ Share=$_.Name; Path=$_.Path; ACL=$acl.AccessToString }
} | Export-Csv C:\ntfs-permissions.csv -NoTypeInformation

# Check DFS namespaces hosted by this server
Get-DfsnFolderTarget -Path "\\corp.local\shares\*" |
  Where-Object {$_.TargetPath -like "*\\OLDFILESERVER*"}

# Find GPOs referencing the server
Get-GPO -All | ForEach-Object {
  $report = Get-GPOReport -Guid $_.Id -ReportType Xml
  if ($report -like "*OLDFILESERVER*") { Write-Output $_.DisplayName }
}

Migrate Data with Robocopy

Robocopy preserves NTFS permissions, timestamps, and ownership. Run an initial sync during business hours, then a final sync after hours.

# Initial sync — run during business hours (safe, additive only)
robocopy \\OLDFILESERVER\shares \\NEWFILESERVER\shares /E /COPYALL /R:3 /W:5 /LOG:C:\robocopy-initial.log

# Final sync after hours — /MIR mirrors the source and DELETES files on
# destination that don't exist on source. Verify your paths before running.
robocopy \\OLDFILESERVER\shares \\NEWFILESERVER\shares /MIR /COPYALL /R:3 /W:5 /LOG:C:\robocopy-final.log

# Check for errors in the log
Select-String -Path C:\robocopy-final.log -Pattern "ERROR|FAILED"

Update DFS Namespaces

Add the new target first, verify it works, then take the old target offline — never remove the old one first.

# Add new target
New-DfsnFolderTarget -Path "\\corp.local\shares\dept" -TargetPath "\\NEWFILESERVER\dept"

# Verify both targets are online
Get-DfsnFolderTarget -Path "\\corp.local\shares\dept"

# Set old target offline (graceful — doesn't remove it yet)
Set-DfsnFolderTarget -Path "\\corp.local\shares\dept" `
  -TargetPath "\\OLDFILESERVER\dept" -State Offline

# After confirming users hit the new target — remove old target
Remove-DfsnFolderTarget -Path "\\corp.local\shares\dept" `
  -TargetPath "\\OLDFILESERVER\dept" -Confirm:$false

Update GPO Drive Maps

For each GPO that maps drives using the old server UNC path:

1. Open Group Policy Management Console
2. Edit the GPO → User Configuration → Preferences → Windows Settings → Drive Maps
3. Update the UNC path from \\OLDFILESERVER\share to \\NEWFILESERVER\share
4. Set the Action to Update — this updates existing mappings on client machines

Verify No Active Sessions

Before shutting down, verify no users have open files. Cutting a server with open files causes data loss.

# List all open sessions
Get-SmbSession | Select ClientComputerName, ClientUserName, NumOpens

# List open files
Get-SmbOpenFile | Select Path, ClientComputerName, ClientUserName

# Close all sessions (notify users first)
Get-SmbSession | Close-SmbSession -Confirm:$false

Decommission and Clean Up AD

# Remove all shares (stops responding to UNC paths)
Get-SmbShare | Where-Object {$_.Name -notlike "*$"} |
  Remove-SmbShare -Confirm:$false

# Remove from DNS
Remove-DnsServerResourceRecord -ZoneName "corp.local" -Name "OLDFILESERVER" -RRType A -Force

# Remove from Active Directory
Get-ADComputer -Identity OLDFILESERVER | Remove-ADObject -Recursive -Confirm:$false