domain migration/administration for the college of
TRANSCRIPT
Domain Migration/Administration Domain Migration/Administration for thefor the
College Agricultural SciencesCollege Agricultural Sciences
Chad BeamSystems Administrator
ObjectivesObjectives• Migrate all AG users and services to a new Forest before July
1, 2006
• Provide a Seamless and Transparent migration process (as much as possible!!!)
• Centrally manage Exchange and Domain user accounts
• Users continue to logon with PSU account
• Improve Fault tolerance for key services ie. Exchange, SQL, Web, Data.
• Improve Administration through the implementation of Microsoft Operations Manager 2005 (MOM).
Current Domain EnvironmentCurrent Domain Environment
• AGSCI domain is a Child domain of WIN
• Approx. 1200 users faculty and Staff – (1800 future growth)
• Approx. 2200 workstations
• 82 Servers - 47 Remote Servers, 35 at UP
• 75 Sites (67 County Extension offices, Research and UP buildings)
New Domain EnvironmentNew Domain Environment• AG.PSU.EDU Forest
• Production Servers located in Co-Location Center
• Direct trust to the K5 realm, dce.psu.edu.
• Dell CX500 SAN - File and Exchange clusters.
• 82 Servers - 47 Remote Servers, 35 UP Co-Lo and Ag Admin Bldg
• 75 Sites (67 County Extension offices, Research and UP buildings)
Page 1
AG Domain Migration Process
Communication – phase 1
· Week in advance: Notify Departments/Groups of their scheduled migration and impact.
· Users log off that night· Exchange will be unavailable
for those users
PlanningDetermine the order of
departments/offices and schedule
Information Gathering· Collect user/workstation info (IP/
User ID)· Determine the users mailbox size.· Document all of the departmental
and user data located on the files servers that is to be migrated to the AG file cluster.
· Review current NTFS permissions on directories using CACLS.exe, Group membership and departmental/group shares
User Settings Capture(USMT)
Capture with USMT (User State Migration Tool) night of the
migration
Migrate ComputerMove workstation from
AGSCI.WIN.PSU.EDU to AG.PSU.EDU using ADMT
(Active Directory Migration Tool)
Create User Skeleton Accounts
(VB Script)Via custom vbs script to create
user accounts in default OU and populate attributes with
available data
Security Groups(ADMT)
· Migrate local/global groups from AGSCI.WIN.PSU.EDU to AG.PSU.EDU using ADMT Group Account Migration and add users
· Add AG users to security groups
· Add Security Groups to appropriate directories
Data Migration – phase 1
(Robocopy)3 days in advance - Copy
departmental shared data and user redirected my docs folders to
File Cluster using Robocopy
Move User Accounts to OU
· User accounts will be moved to the appropriate department OU
Data Migration – phase 2
(Robocopy)Night of: Incremental copy of departmenta shared data and
user redirected my docs folders to File Cluster using Robocopy
User Settings Restore(USMT)
· Restore with USMT (User State Migration Tool) night of the migration
· Script will add the user to the local Administrators group
Migrate Exchange Mailboxes
(ADMT)· Setup information stores on
backend server· Migrate mailboxes to personal
storage (.pst) files
Data Migration – phase 3
(Robocopy)· User logs on the morning
after the migration. USMT will launch automatically and restore the remaining user specific settings.
Re-create Shares· Recreate appropriate
directories on the file cluster DFS share using Robocopy
· Create DFS shares and document the old corresponding share so that users can be notified of the new share URL.
Post Migration Verification
· Morning after: On-site support walk floors to ensure successful migration.
Migration ProcessMigration Process
User State Migration Tool User State Migration Tool USMT 2.6.1USMT 2.6.1
Migrated settings:• Internet Explorer settings• Outlook Express settings and
store• Outlook settings and store• Dial-Up connections• Phone and modem options• Accessibility• Screen saver selection• Fonts• Folder options• Taskbar settings• Mouse and keyboard settings
What is USMT?What is USMT? … A customizable command line tool … A customizable command line tool that automates the migrations of single or multiple that automates the migrations of single or multiple user settings to different platforms. user settings to different platforms. http://www.microsoft.com/technet/itsolutions/cits/dsd/standard/UserState_5.mspx
• Sounds settings• Regional options• Office settings• Network drives and printers• Desktop folder• My Documents folder• My Pictures folder• Favorites folder• Cookies folder• Common Office file types
USMT Implementation USMT Implementation
• Capture the users AGSCI profile settings noted above, the night of the migration and store locally.
• Use USMT to map the AGSCI profile to AG.PSU.EDU
Active Directory Migration Tool Active Directory Migration Tool ADMT 2.0ADMT 2.0
What is ADMT? … It can be used to migrate users, computers, and security groups from one domain to another.
http://www.microsoft.com/technet/prodtechnol/exchange/2003/admt.mspx
ADMT ImplementationADMT Implementation
• Computer Migration Wizard: Migrate computer accounts to the appropriate OU in the AG domain.
• Group Account Migration Wizard: Migrate security groups in the AGSCI domain to the AG domain
Microsoft Exchange Mailbox Microsoft Exchange Mailbox Merge ProgramMerge Program(Exmerge.exe)(Exmerge.exe)
• What is Exmerge? …Enables an Exchange Server administrator to extract data from mailboxes on an Exchange Server computer and then merge this data into the same mailboxes on another computer that is running Exchange Server.
• http://support.microsoft.com/default.aspx?scid=kb;en-us;Q174197
PowerEdge 2850
(NLB)Front End Servers
Back End Servers(MSCS Server Cluster)
PowerEdge 2850
PowerEdge 2850
Node 1 - Active
Node 2 - Active
Node 3 - Passive
PowerEdge 1850
PowerEdge 1850
Proxy OWA Requests
Domain Controllers
LDAP query for user to server mapping and Authenticaion
OWA Clients
HTTPS Request
Outlook Clients
SAN
MAPI Request
User Mailboxes
Page 1
AG Exchange TopologyExchange.AG.PSU.EDU
PowerEdge 1850
PowerEdge 2850
LUN10; RG1; RAID1/0; 1GB – Quorum [Q:]
LUN12; RG1; RAID1/0; 50GB – EVS1 Transaction Logs [H:]
LUN13; RG1; RAID1/0; 50GB – EVS2 Transaction Logs [G:]
LUN2; RG2; RAID5; 536GB – EVS1 Data Store [F:]
LUN3; RG5; RAID5; 536GB – EVS2 Data Store [I:]
Dell/EMC CX500
Cluster - AGARRAY
15 x 300GB 10k RPM HD
15 x 250GB 7.2k RPM SATA HD
EMC2
SCSI
EMC2
SATA for Backup
AGEXFE1
AGEXFE2
AGEX1
AGEX2
AGEX3
AGDC1-GC
AGDC2-GC
External SMTP email
Bridgehead relays inbound mail from internet; SSL Auth.
Dual Xeon 3.40GHz; 4GB RAM
Dual Xeon 3.00GHz; 2GB RAM
Dual Xeon 3.40GHz; 4GB RAM
Dual Xeon 3.40GHz; 4GB RAM
Dual Xeon 3.00GHz; 2GB RAM
PowerEdge 1850
AGDC3-GC/DHCP
Exmerge.exe ImplementationExmerge.exe Implementation
• Two Step Mode: Copy data from the source server (single server) into personal folder (PST) files and then merges the data in the personal folders into the mailboxes on the destination server (Exchange Cluster)
• NOTE: It does not support Inbox Rules, forms, and Schedule+ data. Exmerge.exe merges Outlook Calendars and Contacts.
Microsoft Operations ManagerMicrosoft Operations ManagerMOM 2005MOM 2005
• What is MOM? ... MOM 2005 provides comprehensive event and performance management, proactive monitoring and alerting, reporting and trend analysis, and system and application specific knowledge and tasks to improve the manageability of Windows-based servers and applications.
http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/ed4712c6-96b5-4241-a2b5-0dfaed30619c.mspx?mfr=true
MOM ImplementationMOM Implementation
• 2 MOM Servers
• Primary server monitors 35 UP servers
• Secondary server monitors 47 remote County servers
• Migrate security groups in the AGSCI domain to the AG domain
• Management packs: Exchange, SMS, DHCP, WEB, IIS, SQL, DELL OM, Active Directory, Server Cluster, SharePoint.
ResourcesResources
• USMT 2.6.1:http://www.microsoft.com/technet/itsolutions/cits/dsd/standard/UserState_5.mspx
• ADMT 2.0: http://www.microsoft.com/technet/prodtechnol/exchange/2003/admt.mspx
• MOM 2005:http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/ed4712c6-
96b5-4241-a2b5-0dfaed30619c.mspx?mfr=true
• Exmerge.exe (Exchange Mailbox Migration): http://support.microsoft.com/default.aspx?scid=kb;en-us;Q174197
Questions?Questions?