So, this turned out to be a bunch'o'bullshit and an extraordinary waste of my time. I don't know why we didn't use the tool Truff mentioned, but they were just using rsync, which is why (I think) that windows permissions were getting axed; since this was not going to a Windows Server, where we couldn't turn on Services for Unix.
Further, there may not have even been any true Windows permissions applied at all. I was given a task and told to add whatever Windows permissions would be needed. Since it was literally all users, I decided to add Domain Admins, with full control, and the user, as owner, with full control. A test run, that just touched every file/folder, took ~9 hours. Apparently, the process that applies the permissions can take several seconds to do so on folders, depending on number of items below; up to a couple minutes. So, whenever it hit folders at the top level it screeched to a halt. I took almost the entire first day to hit all 1023 top-level folders. The good news was that it would speed up as it got closer to the leaf nodes, but who knows how long that would take; I was estimating a week for completion and they only gave me an 18 hour windows initially, before I even ran any tests. Great.
But it gets better! Since I was not given access to the destination until my 18 hour windows, there was no way for me to know that as I applied my Windows permissions, I was hosing the Unix permissions. Not total FUBAR, but I think the ACL application fucked up the inheritance on the Unix side, and further set group permissions to 750 instead of 700 that they need for SSH to work. So, Unix was having to reapply permissions all over, and repeating on anyone that my script hadn't touched yet. Then, they realized the cause, 3 days in, and had me stop all scripts. So, without doing enough research, or asking me to do a real test to see what would happen, we caused many extra hours of work, in general between Unix and Windows Teams, and for me specifically, all the hours of development work was for naught, since it all got rolled back anyway. At some point, I will try to go back on a new user creation and see what processes apply what permissions to these home areas, but I don't get access to the filers themselves to review Unix permissions properly. I can only see them from my Domain Admin account from what Windows will show me.
It was a shitty couple of weeks, for sure.