sample domain migration process
TRANSCRIPT
-
8/7/2019 Sample Domain Migration Process
1/20
Migration Process
NT4 W2K- W2K3 Domain Migration
Revision 4.1
June 19, 2002
Prepared by:
Akos Sandor
2929 West 4th
Ave,
Vancover, BC,V6k 4T3604-736-7395
Winzero Canada. Table of Contents Page: 1
-
8/7/2019 Sample Domain Migration Process
2/20
-
8/7/2019 Sample Domain Migration Process
3/20
1. Introduction
The purpose of the Migration plan is to outline the process necessary to assist the in aWindows NT - W2K W2K3 structured Migration. The content for the process isgathered throughout the qualification and educational phases of the process.
With these requirements, a transition approach is developed to help get to the end-state. The scope of a structured pilot will be identified and the transition approach will betested based on the requirements. These requirements will be tested through astructured set of testing criteria throughout the pilot so all of the requirements andobjectives are addressed and tested.
The deliverable will give the results necessary to move the Project Plan forward.
2. Positioning Statement
The structured process outlined in this document would be valued by a Technical andEconomical sponsor.
3. Overview
The following is a process to conduct a Migration.
1. A Terms of Reference is created which outlines the project objective, scope, andassumptions.
2. Define business and technical requirements,3. Translate these requirements into functional requirements,4. The functional requirements are separated into mandatory and desirable requirements,5. Source domain:6. Target domain:7. Source sites:8. Pilot site:9. Step by step migration process
4. Migration Process
To assist a structured Migration, a defined process has been developed. The followingprocess can be used as a checklist to work through to the desired end state.
Understand the business and technical drivers,
Understand the challenges, Understand this projects against the other corporate priorities, Review project documentation
Review project plan and schedule (if exists), Review transition plan (if exists), Review transition process (if exists), Review testing methodology (if exists), Review pilot locations (if identified), Review project risks (if identified),
Winzero Canada. NT W2K W2K3 Migration Process Page: 2
-
8/7/2019 Sample Domain Migration Process
4/20
Review resource list (if exists),Understand the current state of the Source Domain environment,
Domain structure, Location of the Domains PDCs, Number of Servers and workstations,
Workstation types and installed application (desirable), Domain, Server type and function, Server hardware specifics (desirable) Remote offices and speed of communication lines, Dial-in users (desirable), Legacy systems and multiNOS systems (desirable). Understand the Administrative resources in the remote locations, Understand the mandatory and desirable functional requirements,
Identify a transition process, Identify any transition issues, Validate the transition process,
Identify / determine the scope of a pilot and its requirements, Identify the geographical locations included in the pilot, Determine the source and target Domains? Determine the users and global groups to re-create in the target Domain, Determine the user global rules specified for the new target Domain accounts, Determine the location and name of the Winzero administrative account, Determine the source Domain servers to be updated,
Identify a process to test and validate the transition of user accounts based on thecustomers pilot requirements,
Build the testing criteria required for the Winzero migration tools operator throughout the
pilot, Determine the duration of the pilot, Define Winzeros support throughout the pilot (i.e. SE, Executive sponsor, etc), Determine pilot obstacles, Determine the pilot milestones, Primary and Secondary contact information. Validate the customers identified process against the testing criteria, throughout the
assigned pilot period. Product Migration is complete
Winzero Canada. NT W2K W2K3 Migration Process Page: 3
-
8/7/2019 Sample Domain Migration Process
5/20
5. Migration Form
The following questions can be used as a quideline to help work through a structured product
Migration. The best approach is to setup a conference call with the Technical sponsor andProject Manager, walk through the Migration form with the customer over the phone. Theanswers to the form will populate the Migration Plan.
---------------------------------------------------------------------------------------------------------------------------
Organization name:
Contact name:
Date:
Business drivers behind the project.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Technical drivers behind the project.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
6. Network Information
Domains Number of Servers Number of Workstation & types
Specify WFW311, Windows 95 & / or NTWRK
Winzero Canada. NT W2K W2K3 Migration Process Page: 4
-
8/7/2019 Sample Domain Migration Process
6/20
If your organization has pre-defined workstation configuration types, please identify theworkstation configuration types and identify the installed software packages. In addition, pleaseidentify the location of the software package(s)?
Workstation Configuration Types(NT/W2K/XP Class 1, Class 2, etc) Software application installed(MS Office, Rumba, SMS Client.) Application installed locallyor installed on the network
Please identify the Domain, the server types and their functions within the network .
Domain Name Server Name and Type(DC PDC, BDC or Member )(ex. FS001 PDC)
Server Function(File / Print, APP, SMS, SNA,etc)
Please identify the Server CPU, memory and hard disk size. In addition, identify the remainingspace used on the disks and the number of files and directory folders. (The purpose of thisquestion is to be able to get a rough estimate on the length of time it will take to update theACLs)
Server Name Server CPU Memory Installed(MB)
Logical DriveSize (GB)
Used DiskSpace(GB)
# of files&Directories
(1,000)
Please identify the average number of ACE entries for each share, directory and file?
Server Name # of Shares.Specify the avg# of ACE
# of files &Directories.Specify theavg. # of ACE
Winzero Canada. NT W2K W2K3 Migration Process Page: 5
-
8/7/2019 Sample Domain Migration Process
7/20
Please identify the geographical location(s) of your offices, the communication types and thespeed of those communicates types.(if a physical Network exists, this is not required)
Location Communication Type
(Frame Relay, Lease Line, Satellite)
Communication Speed
(56 Kbps, 512, T1, T3, etc)
Do users have dial-in access to the network? Yes No(Please circle one)
If remote users do exist, please identify the number of remote users accessing the NT networkvia RAS dial-in or through other remote connectivity needs? Furthermore, identify theworkstation type and the software application installed.
Remote Workstation Configuration Types(WFW311 Class 1, Win95 or Win NT wrk, etc)
Software application installed(MS Office97, Rumba, SMS Client.)
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Do you have any legacy systems located in your current network and if so, please identifybelow?
Legacy System Location Communication type andSpeed
Gateway Software or BackOfficeProduct configured(SNA, etc..
Do you have multiple NOSs installed in your current network. If so, please identify which typesof NOS gateway software used and the purpose of the additional NOSs installed.
NOS Location Gateway Software or BackOfficeProduct configured
Purpose of the NOSinstalled
Winzero Canada. NT W2K W2K3 Migration Process Page: 6
-
8/7/2019 Sample Domain Migration Process
8/20
Do you have administrative resources located in the remote offices. If so, please specify based onlocation?
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
7. Functional Requirements
Please identify your functional requirements for a Domain re-configuration tool? Can you please
specify your mandatory and desirable requirements? Please fill in the chart below.
Functional Requirement Mandatory Desirable
Overview
Ability to support a proven methodology.
Ability to access the methodology from a
central Web site
Ability to access domain re-configuration
project documentation and value added
tools
Ability to track all migrated project
activity centrally.
Ability to support the project through a
wizard GUI interface.
Reporting
Ability to report to a text file throughout
each stage of the domain re-configuration.
Ability to report the following:
Domains
Computer Accounts
Trust relationships between Domain
Controllers
NT Users
User Properties
Local and Global Group memberships
NT Server SharesNT Share ACLs
Ability to report to the screen or to a text
file
Ability to report exceptions when objects
are bypassed.
Ability to identify the number of NT disk
objects when they were updated.
Ability to report to a Text file if not
Winzero Canada. NT W2K W2K3 Migration Process Page: 7
-
8/7/2019 Sample Domain Migration Process
9/20
granted the appropriate permissions.
User Stage
Ability to select individual users from a
source Domain.
Ability to select the users by GlobalGroups.
Ability to support the following User
global rules:
Description
Profile location
Login Script location
Set the Home Drive ACL
Disable / Enable Target Users
Standardize Home Drive letters
Copy Logon hours
Copy RAS permissions
Ability to un-migrate the target accounts
Ability to append the Home Drive ACLs.
Ability to enable / disable migrated user
accounts.
Ability to track selected users throughout
the whole domain re-configuration
process.
Global Groups
Ability to select individual Global
Groups.
Ability to merge Global Group members.
Ability to add a prefix to the target Global
Groups.Ability to pre-process the creation of the
Global Groups without effecting the
target state.
Ability to un-migrate the Global Groups
Ability to report on the status of each
stage of the process.
Local Groups
Ability to select servers to update Local
Groups
Ability to append migrated users and
Global Groups to the Local Groups.Ability to confirm if the operator has
access to the source server.
Ability to pre-process the appending of
the migrated users and Global Groups
without effecting the target state.
Ability to report on the status of each
stage of the process.
Ability to execute the updating process
Winzero Canada. NT W2K W2K3 Migration Process Page: 8
-
8/7/2019 Sample Domain Migration Process
10/20
separately from the main application.
Ability to run the updating process in
parallel.
ACLs
Ability to select servers to update the
ACLs.Ability to update specific Shares.
Ability to update hidden Shares.
Ability to update root NTFS drive
volumes.
Ability to append the migrated users and
Global Groups to the NTFS File,
Directory and Share ACLs.
Ability to confirm if the operator has
access to the source NTFS volume
Ability to report on the status of each
stage of the updating process.
Ability to execute the updating process
separately from the main application.Ability to run the updating process in
parallel.
User Rights
Ability to select servers to update the
User Rights.
Ability to append the migrated users and
Global Groups to the Servers User
Rights.
Ability to confirm if the operator has
access to the source Server.
Ability to report to the display and text
file on the status of each stage of theprocess.
Ability to execute the updating process
separately from the main application.
Ability to execute the updating process in
parallel.
Computer Accounts NA
Ability to select the source Computer
Accounts.
NA
Ability to add the source Computer
Accounts to the target Domain.
NA
Ability to report on the status of eachstage of the process. NA
Ability to enumerate the Workstations
and Member Servers into the target
Domain.
NA
Ability to make the appropriate changes
to the Workstation and Member Servers
to enumerate to the target Domain,
centrally.
NA
Ability to report on the status of each NA
Winzero Canada. NT W2K W2K3 Migration Process Page: 9
-
8/7/2019 Sample Domain Migration Process
11/20
stage of the process.
Workstation Profiles
Ability to update only the migrated users.
Ability to update the Local Profiles on
NT Workstations.
Ability to update the Roaming Profiles onNT Workstations.
Ability to update the Workstations
Registry ACLs,
Ability to have access to the Workstation
with either the source or target Domain
accounts.
Ability to maintain all Profile properties
with either NT account.
Ability to report on the status of each
stage of the process.
Update Exchange mailboxes
Ability to change the Primary account onsource Exchange mailbox.
Ability to preserve and append all
delegated entrees in a given mailbox.
Ability to update only the migrated users
mailboxes.
Ability to update the Exchange mailboxes
through a wizard GUI interface.
Ability to report to the status of each
stage of the process.
Winzero Canada. NT W2K W2K3 Migration Process Page: 10
-
8/7/2019 Sample Domain Migration Process
12/20
Distribution Method
Ability to update NT Computers Local
Groups, ACLs, and User Rights in
parallel.
Ability to push the updating process toexecute only once.
Ability to pull scheduled Computers to
centrally update when additional project
migrations take place.
Ability to schedule the updating process
to selected Computers by the time of the
day.
Ability to update all Computers centrally.
Ability to monitor the updating process
centrally.
Ability to remove all project components
when removing the distribution service.
8. Preparing for the Pilot
The pilot location, will ______. The source domain will be ____ and the target domain willbe ______. The pilot will be executed from the target domain located in ______.
Once the MMT file is created it must be physically verified for accuracy. The user creationprocess of the migration will be run using the MMT created for the project
________________________________________________________________________________
________________________________________________________________________________
User properties to copy over to the target domain.
User NT account Yes NoUser Full Name Yes No
User Description Yes NoUsers NT password Yes NoUsers Profile Yes NoUsers Login Script Yes NoUser Home drive Yes NoAccount disable status Yes NoHome drive location Yes NoLogon Hours Yes No
Winzero Canada. NT W2K W2K3 Migration Process Page: 11
-
8/7/2019 Sample Domain Migration Process
13/20
Logon on as Yes NoAccount expire date Yes NoAccount group Type (default is Global Group) Yes NoRAS Dial-in information Yes No
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Global groups required to be created in the target Domain:
________________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
Appendix A Winzero Migration Tools Transition Process
The process will identify a method of pulling the NT accounts and Global Groups to the newAccounts Domain using Winzero Migration tools, giving them the same access to all of thereresources (Local Groups, ACLs & User Rights) in the source Domain .
Preliminary Activities
Analysis
Determine the expired accounts, locked accounts, disabled accounts and old accountsthat have not logged in over a certain length of time,
Determine the service accounts because they will stay in Source Domain,
Identify Duplicate accounts
Identify users with dual accounts
Identify Null passwords
Check password policies
Identify Workstations and user association in source domain on going prior to
migration Identify all SQL servers in Source domain
Identify field service
Identify Radius Issues
Identify any Citrix issues
Identify terminal Server issues
Identify any unique applications that are tied to the domain name or accounts
Place All account used for migration into target Domain Admins Global Group;
Winzero Canada. NT W2K W2K3 Migration Process Page: 12
-
8/7/2019 Sample Domain Migration Process
14/20
Place sourceDomain admins group in target Administrators group
Place target Domain admins group in source domain Administrators group
Ensure all trusts has been established;
Run Adminchecker to determine you have Administrative access to all scheduledworkstations and Servers,
Append the NETLOGON Share permissions on target Domain with the Migrator accountand grant Change access;
Communicate the upcoming changes to all users (Ensure the communication includes:Leave workstation on and Turn off Power save BIOS option)
Verify or Install Winzero Tools in target domain
Global Changes to Network
(Assumption: Freeze source environment for one week)
Transition source NT users to target Domain using the created MMT and HDR files;
Transition global groups except the System Global groups (i.e. Domain Admin, DomainGuest and Administrator) to the target Domain prefixed with CX;
Update Local groups, ACLs, Profiles and User rights on NT Servers in the sourceDomain,
Using the Remote updater, update the NettApp servers Local groups, ACLs profiles,userrights in source domain
Update the ACLs, profiles, local groups and userrights on the NT workstations in thesource Domain,
Update Exchange severs in the source Domain,
Update SQL severs in the source Domain
Create laptop Updater
Verify changes have taken in effect,
Manually update laptops, off line workstations the were missed Verify changes have taken in effect,
Enable all verfied users in target domain and diable source domain accounts run scriptto enable users
Run script to change default logon domain from source to target
Randomly verify enduser migration with check list
Post Migration effort
(Caution: Work will be done after the network is stable)
Cleanup Old ACLs in source domain
Remove migrated users and global groups from source domain run script RemoveOldAcc.exe
Then Synchronize the PDCs to force a SAM update to all DCs,
Remove Two way trust from source and target Domain.
Winzero Canada. NT W2K W2K3 Migration Process Page: 13
-
8/7/2019 Sample Domain Migration Process
15/20
Appendix B - Transition Isssues, notes
1. SQL applications tied to NT acount references2. Do not transition expired, disabled and locked NT user accounts to target Domain3. Do not migrate NT Service accounts4. Identify citrix issues5. Identify in house application issues6. Identify radius server issues
Winzero Canada. NT W2K W2K3 Migration Process Page: 14
-
8/7/2019 Sample Domain Migration Process
16/20
Appendix C - Pilot Testing Criteria
The purpose of this section is to outline the individual tests required for the lab and pilottesting of the Winzero product. Each sub-section, identifies a number of processesrequired to ensure that each component of the transition (i.e. including manual effort and
Winzero tools) will function properly.
The procedures have been broken out for each stage based on the TransitionProcesses.
Global Changes
(Assumption: Freeze NT Account creation for 1 week)
User Transition
Test Procedure Yes No
1. You were able to create Mapping File?
2. Where you able to Pre-process the Users?
3. Were you able to Migrate the Users over to the Target Domain?
4. Using User Manager, were all the users moved over on the targetDomain?
5. Are all of the user properties migrated over to the target Domain?
Deficiencies: _________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
Global Groups Transition except Domain Admin group
Test Procedure Yes No
1. Were you able to select the source Global Groups?
2. Were you able to Preprocess the Global Groups?
3. Were you able to Migrate the prefixed Global Groups?
4. Using User Manager, were all of the Global Groups migrated over tothe target Domain?
5. Using User Manager, were all of the members for the Global Groupmigrated over to the target Domain?
Deficiencies: _________________________________________________________
Winzero Canada. NT W2K W2K3 Migration Process Page: 15
-
8/7/2019 Sample Domain Migration Process
17/20
_________________________________________________________
Update Local Groups
on NT Servers & NT Workstations in Source Domain
Test Procedure Yes No
1. Were you able to select the servers to process?
2. Were you able to Preprocess the Local Groups?
3. Were you able to Update the Local Groups?
4. Using User Manager in the new Domain and user accounts havebeen updated in the Local Groups?
Deficiencies: _________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
Update User Share, Directory and File ACLs
Test Procedure Yes No
1. Were you able to select the servers to process?
2. Were you able to select the shares on the servers selected?
3. Were you able to Preprocess the ACLs?
4. Were you able to Update the ACLs on the target servers?5. Verify the NT share, Directory and File ACLs have been updated?
Deficiencies: _________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
Update User Rights
on NT Servers & NT Workstations
Test Procedure Yes No
1. Were you able to select the Mapping File?
2. Were you able to Preprocess the User Rights?
3. Were you able to Update the User Rights on the target servers?
4. Verify the User Rights have been updated?
Deficiencies: _________________________________________________________
Winzero Canada. NT W2K W2K3 Migration Process Page: 16
-
8/7/2019 Sample Domain Migration Process
18/20
_________________________________________________________
Exchange Updater
Test Procedure Yes No
1. Export the account mapping file?2. Did Exchange Updaterlogs produce errors?
3. Use Exchange Administrator to verify the NT account change?
4. Have an Exchange user log into exchange and confirm the usersmail and properties still exist?
5. Did the script change the primary NT account on the Mailbox andthe access permissions on the mailbox?
6. Was the user able to access their schedule Plus calendar (i.e. havethe permissions changed)?
Deficiencies: _________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
Update NT Workstation Profiles
Test Procedure Yes No
1. Were you able to select the Mapping file?
2. Were you able to point to a specific workstation and update himproperly?
3. Login to the NT workstation with target test NT account andvalidate all desktop settings, printers and UNC drive mappings are
preserved?
Deficiencies: _________________________________________________________
_________________________________________________________
Enabale User Accounts in target Domain
Test Procedure Yes No
1 Were you able to select the Mapping File?
2 Were you able to select the appropriate option?
3 Were you able to view the results on the screen?
4 Using User Manager, were all the new user accounts enabled?
Deficiencies: _________________________________________________________
Winzero Canada. NT W2K W2K3 Migration Process Page: 17
-
8/7/2019 Sample Domain Migration Process
19/20
_________________________________________________________
Disable User Accounts in Source Domain
Test Procedure Yes No
1 Were you able to select the Mapping File?
2 Were you able to select the appropriate option?
3 Were you able to view the results on the screen?
4 Using User Manager, were all the old user accounts disabled?
Deficiencies: _________________________________________________________
_________________________________________________________
Conduct a Full Backup of all NT Servers
Test Procedure Yes No
1. Did you conduct a full backup on all NT servers?
2. Review the Backup logs, any issues arose?
Deficiencies: _________________________________________________________
_________________________________________________________
After all Transition Sites have been Completed
Clean-up old User Accounts and Global groups from Source Domain
Test Procedure Yes No
1. Were you able to select the Mapping File?
2. Were you able to view the results on the screen?
3. Using User Manager, were all the users and Global groups removedfrom the Source Domain?
4. Using Server Manager, were the updates replicated throughout the
Domain(s)?5. Using User Manager, have the two way trusts have been removed?
Deficiencies: _________________________________________________________
_________________________________________________________
_________________________________________________________
Winzero Canada. NT W2K W2K3 Migration Process Page: 18
-
8/7/2019 Sample Domain Migration Process
20/20
Winzero Canada. NT W2K W2K3 Migration Process Page: 19