This action might not be possible to undo. Are you sure you want to continue?
NT4 – W2K- W2K3 Domain Migration
Revision 4.1 June 19, 2002
Prepared by: Akos Sandor
2929 West 4th Ave, Vancover, BC,V6k 4T3 604-736-7395
Table of Contents
Table of Contents
1. 2. 3. 4. 5. 6. 7. 8. Introduction _________________________________________________ 2 Positioning Statement_________________________________________ 2 Overview____________________________________________________ 2 Migration Process ____________________________________________ 2 Migration Form_______________________________________________ 4 Network Information __________________________________________ 4 Functional Requirements ______________________________________ 7 Preparing for the Pilot ________________________________________ 11
Preliminary Activities ________________________________________________ 12 Global Changes to Network___________________________________________ 13 Post Migration effort ________________________________________________ 13
Appendix A – Winzero Migration Tools Transition Process ____________ 12
Appendix B - Transition Isssues, notes _____________________________ 14 Appendix C - Pilot Testing Criteria _________________________________ 15
Global Changes ____________________________________________________ 15
User Transition __________________________________________________________ 15 Global Groups Transition except Domain Admin group ___________________________ 15 Update Local Groups _____________________________________________________ 16 Update User Share, Directory and File ACLs ___________________________________ 16
Update User Rights _________________________________________________ 16
Exchange Updater________________________________________________________ 17 Update NT Workstation Profiles _____________________________________________ 17 Enabale User Accounts in target Domain ______________________________________ 17 Disable User Accounts in Source Domain _____________________________________ 18
Conduct a Full Backup of all NT Servers ________________________________ 18 After all Transition Sites have been Completed __________________________ 18
Clean-up old User Accounts and Global groups from Source Domain ________________ 18
Table of Contents
1. Review transition process (if exists). The content for the process is gathered throughout the qualification and educational phases of the process. The scope of a structured pilot will be identified and the transition approach will be tested based on the requirements. Pilot site: 9. NT – W2K – W2K3 Migration Process Page: 2 . Target domain: 7. Review transition plan (if exists). 3. Migration Process To assist a structured Migration. The following process can be used as a checklist to work through to the desired end state. The functional requirements are separated into mandatory and desirable requirements. Translate these requirements into functional requirements. 2. Source domain: 6. scope. Review testing methodology (if exists). A “Terms of Reference” is created which outlines the project objective. 4. The deliverable will give the results necessary to move the Project Plan forward. These requirements will be tested through a structured set of testing criteria throughout the pilot so all of the requirements and objectives are addressed and tested. 1. and assumptions. Review project risks (if identified). Winzero Canada. Define business and technical requirements. Review project documentation Review project plan and schedule (if exists). Positioning Statement The structured process outlined in this document would be valued by a Technical and Economical sponsor. Understand this projects against the other corporate priorities. Review pilot locations (if identified). a transition approach is developed to help get to the endstate. a defined process has been developed. With these requirements. Step by step migration process 4. Overview The following is a process to conduct a Migration. Source sites: 8. Introduction The purpose of the Migration plan is to outline the process necessary to assist the in a Windows NT . 5.W2K – W2K3 structured Migration. Understand the business and technical drivers. 3. Understand the challenges. 2.
Validate the customer’s identified process against the testing criteria. NT – W2K – W2K3 Migration Process Page: 3 . Server hardware specifics (desirable) Remote offices and speed of communication lines. Determine pilot obstacles. SE. Workstation types and installed application (desirable). Product Migration is complete Winzero Canada. Identify the geographical locations included in the pilot. Determine the user global rules specified for the new target Domain accounts.Review resource list (if exists). Server type and function. Domain structure.e. Identify a transition process. Location of the Domain’s PDCs. Number of Servers and workstations. Validate the transition process. Determine the duration of the pilot. etc). Determine the location and name of the Winzero administrative account. Determine the source Domain servers to be updated. Understand the Administrative resources in the remote locations. Domain. Identify / determine the scope of a pilot and it’s requirements. Build the testing criteria required for the Winzero migration tools operator throughout the pilot. Define Winzero’s support throughout the pilot (i. Primary and Secondary contact information. Determine the pilot milestones. Identify any transition issues. Executive sponsor. Determine the source and target Domains? Determine the users and global groups to re-create in the target Domain. Identify a process to test and validate the transition of user accounts based on the customer’s pilot requirements. Understand the mandatory and desirable functional requirements. Legacy systems and multiNOS systems (desirable). Understand the current state of the Source Domain environment. throughout the assigned pilot period. Dial-in users (desirable).
______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Technical drivers behind the project. walk through the Migration form with the customer over the phone. Network Information Domains Number of Servers Number of Workstation & types Specify WFW311. --------------------------------------------------------------------------------------------------------------------------- Organization name: Contact name: Date: Business drivers behind the project. NT – W2K – W2K3 Migration Process Page: 4 . The best approach is to setup a conference call with the Technical sponsor and Project Manager. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ 6. The answers to the form will populate the Migration Plan. Migration Form The following questions can be used as a quideline to help work through a structured product Migration. Windows 95 & / or NT WRK Winzero Canada.5.
Specify the avg. identify the remaining space used on the disks and the number of files and directory folders. etc) Please identify the Server CPU. # of ACE Winzero Canada. BDC or Member ) (ex. APP. Class 2. SMS Client. Domain Name Server Name and Type (DC PDC. (The purpose of this question is to be able to get a rough estimate on the length of time it will take to update the ACLs) Server Name Server CPU Memory Installed (MB) Logical Drive Size (GB) Used Disk Space (GB) # of files & Directori es (1. In addition.) Application installed locally or installed on the network Please identify the Domain. NT – W2K – W2K3 Migration Process Page: 5 . In addition. Rumba. please identify the workstation configuration types and identify the installed software packages. SMS. etc) Software application installed (MS Office. Specify the avg # of ACE # of files & Directories. please identify the location of the software package(s)? Workstation Configuration Types (NT/W2K/XP Class 1. directory and file? Server Name # of Shares. FS001 – PDC) Server Function (File / Print. the server types and their functions within the network. memory and hard disk size.If your organization has pre-defined workstation configuration types. SNA.000) Please identify the average number of ACE entries for each share.
SMS Client. identify the workstation type and the software application installed. the communication types and the speed of those communicates types. Rumba. Lease Line. etc) Do users have dial-in access to the network? (Please circle one) Yes No If remote users do exist.Please identify the geographical location(s) of your offices. Do you have multiple NOSs installed in your current network. this is not required) Location Communication Type (Frame Relay. NOS Location Gateway Software or BackOffice Product configured Purpose of the NOS installed Winzero Canada. T1. Win95 or Win NT wrk. please identify which types of NOS gateway software used and the purpose of the additional NOSs installed. Remote Workstation Configuration Types (WFW311 Class 1. NT – W2K – W2K3 Migration Process Page: 6 . please identify the number of remote users accessing the NT network via RAS dial-in or through other remote connectivity needs? Furthermore. T3. 512. If so. (if a physical Network exists. please identify below? Legacy System Location Communication type and Speed Gateway Software or BackOffice Product configured (SNA. etc) Software application installed (MS Office97.) ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Do you have any legacy systems located in your current network and if so. Satellite) Communication Speed (56 Kbps.. etc.
If so. Ability to report the following: Domains Computer Accounts Trust relationships between Domain Controllers NT Users User Properties Local and Global Group memberships NT Server Shares NT Share ACLs Ability to report to the screen or to a text file Ability to report exceptions when objects are bypassed. NT – W2K – W2K3 Migration Process Page: 7 . please specify based on location? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ 7. Ability to report to a Text file if not Mandatory Desirable Winzero Canada. Reporting Ability to report to a text file throughout each stage of the domain re-configuration. Ability to access the methodology from a central Web site Ability to access domain re-configuration project documentation and value added tools Ability to track all migrated project activity centrally. Ability to identify the number of NT disk objects when they were updated. Ability to support the project through a wizard GUI interface. Functional Requirement Overview Ability to support a proven methodology. Functional Requirements Please identify your functional requirements for a Domain re-configuration tool? Can you please specify your mandatory and desirable requirements? Please fill in the chart below.Do you have administrative resources located in the remote offices.
Ability to confirm if the operator has access to the source server. Ability to un-migrate the Global Groups Ability to report on the status of each stage of the process. Ability to report on the status of each stage of the process. Ability to merge Global Group members. NT – W2K – W2K3 Migration Process Page: 8 . Global Groups Ability to select individual Global Groups. Local Groups Ability to select servers to update Local Groups Ability to append migrated users and Global Groups to the Local Groups. Ability to track selected users throughout the whole domain re-configuration process. Ability to pre-process the creation of the Global Groups without effecting the target state. Ability to select the users by Global Groups. Ability to add a prefix to the target Global Groups. Ability to enable / disable migrated user accounts.granted the appropriate permissions. Ability to execute the updating process Winzero Canada. Ability to pre-process the appending of the migrated users and Global Groups without effecting the target state. User Stage Ability to select individual users from a source Domain. Ability to support the following User global rules: Description Profile location Login Script location Set the Home Drive ACL Disable / Enable Target Users Standardize Home Drive letters Copy Logon hours Copy RAS permissions Ability to un-migrate the target accounts Ability to append the Home Drive ACLs.
separately from the main application. Ability to append the migrated users and Global Groups to the NTFS File. Ability to update specific Shares. Ability to add the source Computer Accounts to the target Domain. Ability to execute the updating process separately from the main application. centrally. Computer Accounts Ability to select the source Computer Accounts. Ability to confirm if the operator has access to the source NTFS volume Ability to report on the status of each stage of the updating process. NA NA NA NA NA NA NA Page: 9 NT – W2K – W2K3 Migration Process . Ability to append the migrated users and Global Groups to the Server’s User Rights. User Rights Ability to select servers to update the User Rights. Ability to enumerate the Workstations and Member Servers into the target Domain. Ability to run the updating process in parallel. Ability to make the appropriate changes to the Workstation and Member Servers to enumerate to the target Domain. Ability to execute the updating process separately from the main application. Ability to report on the status of each Winzero Canada. Ability to run the updating process in parallel. Ability to execute the updating process in parallel. Ability to report to the display and text file on the status of each stage of the process. Ability to update hidden Shares. Directory and Share ACLs. Ability to report on the status of each stage of the process. Ability to confirm if the operator has access to the source Server. Ability to update root NTFS drive volumes. ACLs Ability to select servers to update the ACLs.
Ability to maintain all Profile properties with either NT account. Ability to update the Local Profiles on NT Workstations.stage of the process. Ability to have access to the Workstation with either the source or target Domain accounts. Update Exchange mailboxes Ability to change the Primary account on source Exchange mailbox. Ability to update only the migrated users mailboxes. NT – W2K – W2K3 Migration Process Page: 10 . Winzero Canada. Ability to update the Exchange mailboxes through a wizard GUI interface. Ability to report on the status of each stage of the process. Workstation Profiles Ability to update only the migrated users. Ability to report to the status of each stage of the process. Ability to update the Roaming Profiles on NT Workstations. Ability to preserve and append all delegated entrees in a given mailbox. Ability to update the Workstation’s Registry ACLs.
Distribution Method Ability to update NT Computer’s Local Groups. ACLs. 8. Ability to push the updating process to execute only once. Ability to schedule the updating process to selected Computers by the time of the day. Preparing for the Pilot The pilot location. Ability to monitor the updating process centrally. Once the MMT file is created it must be physically verified for accuracy. Ability to pull scheduled Computers to centrally update when additional project migrations take place. The source domain will be ____ and the target domain will be ______. The pilot will be executed from the target domain located in ______. and User Rights in parallel. NT – W2K – W2K3 Migration Process Page: 11 . will ______. Ability to update all Computers centrally. The user creation process of the migration will be run using the MMT created for the project _______________________________________________________________________ _________ _______________________________________________________________________ _________ User properties to copy over to the target domain. Ability to remove all project components when removing the distribution service. User NT account User Full Name User Description User’s NT password User’s Profile User’s Login Script User Home drive Account disable status Home drive location Logon Hours Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No Winzero Canada.
Preliminary Activities • Analysis • Determine the expired accounts. ACLs & User Rights) in the source Domain. • Determine the service accounts because they will stay in Source Domain.Logon on as Account expire date Account group Type (default is Global Group) RAS Dial-in information Yes Yes Yes Yes No No No No ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Global groups required to be created in the target Domain: ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Appendix A – Winzero Migration Tools Transition Process The process will identify a method of pulling the NT accounts and Global Groups to the new Accounts Domain using Winzero Migration tools. . NT – W2K – W2K3 Migration Process Page: 12 • Winzero Canada. locked accounts. giving them the same access to all of there resources (Local Groups. disabled accounts and old accounts that have not logged in over a certain length of time. • Identify Duplicate accounts • Identify users with dual accounts • Identify Null passwords • Check password policies • Identify Workstations and user association in source domain… on going prior to migration • Identify all SQL servers in Source domain • Identify field service • Identify Radius Issues • Identify any Citrix issues • Identify terminal Server issues • Identify any unique applications that are tied to the domain name or accounts Place All account used for migration into target Domain Admins Global Group.
Remove Two way trust from source and target Domain. Update SQL severs in the source Domain Create laptop Updater Verify changes have taken in effect. update the NettApp servers – Local groups.• • • • • • • Place sourceDomain admins group in target Administrators group Place target Domain admins group in source domain Administrators group Ensure all trusts has been established. ACLs. Using the Remote updater.exe Then Synchronize the PDCs to force a SAM update to all DCs. Communicate the upcoming changes to all users (Ensure the communication includes: Leave workstation on and Turn off Power save BIOS option) Verify or Install Winzero Tools in target domain Global Changes to Network (Assumption: Freeze source environment for one week) • • • • • • • • • • • • • • Transition source NT users to target Domain using the created MMT and HDR files. Profiles and User rights on NT Servers in the source Domain.e. Manually update laptops. Domain Guest and Administrator) to the target Domain prefixed with CX. profiles. Winzero Canada. Update Local groups. ACLs profiles. off line workstations the were missed Verify changes have taken in effect. NT – W2K – W2K3 Migration Process Page: 13 . Append the NETLOGON Share permissions on target Domain with the Migrator account and grant Change access. local groups and userrights on the NT workstations in the source Domain. userrights in source domain Update the ACLs. Enable all verfied users in target domain and diable source domain accounts run script to enable users Run script to change default logon domain from source to target Randomly verify enduser migration with check list Post Migration effort (Caution: Work will be done after the network is stable) • • • • Cleanup Old ACLs in source domain Remove migrated users and global groups from source domain run script RemoveOldAcc. Run Adminchecker to determine you have Administrative access to all scheduled workstations and Servers. Transition global groups except the System Global groups (i. Domain Admin. Update Exchange severs in the source Domain.
4. notes 1. NT – W2K – W2K3 Migration Process Page: 14 . 5. 2.Transition Isssues. disabled and locked NT user accounts to target Domain Do not migrate NT Service accounts Identify citrix issues Identify in house application issues Identify radius server issues Winzero Canada. SQL applications tied to NT acount references Do not transition expired. 6. 3.Appendix B .
5. 2. Test Procedure You were able to create Mapping File? Where you able to Pre-process the Users? Were you able to Migrate the Users over to the Target Domain? Using User Manager. 2. Each sub-section. Global Changes (Assumption: Freeze NT Account creation for 1 week) User Transition 1. identifies a number of processes required to ensure that each component of the transition (i. NT – W2K – W2K3 Migration Process Page: 15 . 5. were all the users moved over on the target Domain? Are all of the user properties migrated over to the target Domain? Yes No Deficiencies: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ Global Groups Transition except Domain Admin group 1. 4. The procedures have been broken out for each stage based on the Transition Processes. 4. including manual effort and Winzero tools) will function properly. were all of the Global Groups migrated over to the target Domain? Using User Manager.Appendix C . were all of the members for the Global Group migrated over to the target Domain? Yes No Deficiencies: _________________________________________________________ Winzero Canada.Pilot Testing Criteria The purpose of this section is to outline the individual tests required for the lab and pilot testing of the Winzero product. 3.e. 3. Test Procedure Were you able to select the source Global Groups? Were you able to Preprocess the Global Groups? Were you able to Migrate the prefixed Global Groups? Using User Manager.
Directory and File ACLs Test Procedure Were you able to select the servers to process? Were you able to select the shares on the servers selected? Were you able to Preprocess the ACLs? Were you able to Update the ACLs on the target servers? Verify the NT share. Deficiencies: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ Update User Rights on NT Servers & NT Workstations 1. 3. Deficiencies: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ Update User Share._________________________________________________________ Update Local Groups on NT Servers & NT Workstations in Source Domain Test Procedure Were you able to select the servers to process? Were you able to Preprocess the Local Groups? Were you able to Update the Local Groups? Using User Manager in the new Domain and user account’s have been updated in the Local Groups? Yes No 1. 3. 4. 5. 2. 4. 3. _________________________________________________________ NT – W2K – W2K3 Migration Process Page: 16 . 2. 4. 2. Directory and File ACLs have been updated? Yes No 1. Test Procedure Were you able to select the Mapping File? Were you able to Preprocess the User Rights? Were you able to Update the User Rights on the target servers? Verify the User Rights have been updated? Yes No Deficiencies: Winzero Canada.
have the permissions changed)? Yes No 1. 2. Test Procedure Were you able to select the Mapping file? Were you able to point to a specific workstation and update him properly? Login to the NT workstation with target test NT account and validate all desktop settings. 3. were all the new user accounts enabled? Yes No Deficiencies: _________________________________________________________ Winzero Canada. 6. NT – W2K – W2K3 Migration Process Page: 17 ._________________________________________________________ Exchange Updater Test Procedure Export the account mapping file? Did Exchange Updaterlogs produce errors? Use Exchange Administrator to verify the NT account change? Have an Exchange user log into exchange and confirm the users mail and properties still exist? Did the script change the primary NT account on the Mailbox and the access permissions on the mailbox? Was the user able to access their schedule Plus calendar (i. 4. 3. Deficiencies: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ Update NT Workstation Profiles 1. 5.e. 2. printers and UNC drive mappings are preserved? Yes No Deficiencies: _________________________________________________________ _________________________________________________________ Enabale User Accounts in target Domain 1 2 3 4 Test Procedure Were you able to select the Mapping File? Were you able to select the appropriate option? Were you able to view the results on the screen? Using User Manager.
have the two way trusts have been removed? Yes No 1. 2. Test Procedure Did you conduct a full backup on all NT servers? Review the Backup logs. 3._________________________________________________________ Disable User Accounts in Source Domain 1 2 3 4 Test Procedure Were you able to select the Mapping File? Were you able to select the appropriate option? Were you able to view the results on the screen? Using User Manager. NT – W2K – W2K3 Migration Process Page: 18 . 5. 4. any issues arose? Yes No Deficiencies: _________________________________________________________ _________________________________________________________ After all Transition Sites have been Completed Clean-up old User Accounts and Global groups from Source Domain Test Procedure Were you able to select the Mapping File? Were you able to view the results on the screen? Using User Manager. Deficiencies: _________________________________________________________ _________________________________________________________ _________________________________________________________ Winzero Canada. 2. were all the old user accounts disabled? Yes No Deficiencies: _________________________________________________________ _________________________________________________________ Conduct a Full Backup of all NT Servers 1. were the updates replicated throughout the Domain(s)? Using User Manager. were all the users and Global groups removed from the Source Domain? Using Server Manager.
Winzero Canada. NT – W2K – W2K3 Migration Process Page: 19 .