sample domain migration process

8/7/2019 Sample Domain Migration Process

1/20

Migration Process

NT4 W2K- W2K3 Domain Migration

Revision 4.1

June 19, 2002

Prepared by:

Akos Sandor

2929 West 4th

Ave,

Vancover, BC,V6k 4T3604-736-7395

Winzero Canada. Table of Contents Page: 1


2/20


3/20

1. Introduction

The purpose of the Migration plan is to outline the process necessary to assist the in aWindows NT - W2K W2K3 structured Migration. The content for the process isgathered throughout the qualification and educational phases of the process.

With these requirements, a transition approach is developed to help get to the end-state. The scope of a structured pilot will be identified and the transition approach will betested based on the requirements. These requirements will be tested through astructured set of testing criteria throughout the pilot so all of the requirements andobjectives are addressed and tested.

The deliverable will give the results necessary to move the Project Plan forward.

2. Positioning Statement

The structured process outlined in this document would be valued by a Technical andEconomical sponsor.

3. Overview

The following is a process to conduct a Migration.

1. A Terms of Reference is created which outlines the project objective, scope, andassumptions.

2. Define business and technical requirements,3. Translate these requirements into functional requirements,4. The functional requirements are separated into mandatory and desirable requirements,5. Source domain:6. Target domain:7. Source sites:8. Pilot site:9. Step by step migration process

4. Migration Process

To assist a structured Migration, a defined process has been developed. The followingprocess can be used as a checklist to work through to the desired end state.

Understand the business and technical drivers,

Understand the challenges, Understand this projects against the other corporate priorities, Review project documentation

Review project plan and schedule (if exists), Review transition plan (if exists), Review transition process (if exists), Review testing methodology (if exists), Review pilot locations (if identified), Review project risks (if identified),

Winzero Canada. NT W2K W2K3 Migration Process Page: 2


4/20

Review resource list (if exists),Understand the current state of the Source Domain environment,

Domain structure, Location of the Domains PDCs, Number of Servers and workstations,

Workstation types and installed application (desirable), Domain, Server type and function, Server hardware specifics (desirable) Remote offices and speed of communication lines, Dial-in users (desirable), Legacy systems and multiNOS systems (desirable). Understand the Administrative resources in the remote locations, Understand the mandatory and desirable functional requirements,

Identify a transition process, Identify any transition issues, Validate the transition process,

Identify / determine the scope of a pilot and its requirements, Identify the geographical locations included in the pilot, Determine the source and target Domains? Determine the users and global groups to re-create in the target Domain, Determine the user global rules specified for the new target Domain accounts, Determine the location and name of the Winzero administrative account, Determine the source Domain servers to be updated,

Identify a process to test and validate the transition of user accounts based on thecustomers pilot requirements,

Build the testing criteria required for the Winzero migration tools operator throughout the

pilot, Determine the duration of the pilot, Define Winzeros support throughout the pilot (i.e. SE, Executive sponsor, etc), Determine pilot obstacles, Determine the pilot milestones, Primary and Secondary contact information. Validate the customers identified process against the testing criteria, throughout the

assigned pilot period. Product Migration is complete



5/20

5. Migration Form

The following questions can be used as a quideline to help work through a structured product

Migration. The best approach is to setup a conference call with the Technical sponsor andProject Manager, walk through the Migration form with the customer over the phone. Theanswers to the form will populate the Migration Plan.

---------------------------------------------------------------------------------------------------------------------------

Organization name:

Contact name:

Date:

Business drivers behind the project.

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

Technical drivers behind the project.

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

6. Network Information

Domains Number of Servers Number of Workstation & types

Specify WFW311, Windows 95 & / or NTWRK



6/20

If your organization has pre-defined workstation configuration types, please identify theworkstation configuration types and identify the installed software packages. In addition, pleaseidentify the location of the software package(s)?

Workstation Configuration Types(NT/W2K/XP Class 1, Class 2, etc) Software application installed(MS Office, Rumba, SMS Client.) Application installed locallyor installed on the network

Please identify the Domain, the server types and their functions within the network .

Domain Name Server Name and Type(DC PDC, BDC or Member )(ex. FS001 PDC)

Server Function(File / Print, APP, SMS, SNA,etc)

Please identify the Server CPU, memory and hard disk size. In addition, identify the remainingspace used on the disks and the number of files and directory folders. (The purpose of thisquestion is to be able to get a rough estimate on the length of time it will take to update theACLs)

Server Name Server CPU Memory Installed(MB)

Logical DriveSize (GB)

Used DiskSpace(GB)

# of files&Directories

(1,000)

Please identify the average number of ACE entries for each share, directory and file?

Server Name # of Shares.Specify the avg# of ACE

# of files &Directories.Specify theavg. # of ACE



7/20

Please identify the geographical location(s) of your offices, the communication types and thespeed of those communicates types.(if a physical Network exists, this is not required)

Location Communication Type

(Frame Relay, Lease Line, Satellite)

Communication Speed

(56 Kbps, 512, T1, T3, etc)

Do users have dial-in access to the network? Yes No(Please circle one)

If remote users do exist, please identify the number of remote users accessing the NT networkvia RAS dial-in or through other remote connectivity needs? Furthermore, identify theworkstation type and the software application installed.

Remote Workstation Configuration Types(WFW311 Class 1, Win95 or Win NT wrk, etc)

Software application installed(MS Office97, Rumba, SMS Client.)

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Do you have any legacy systems located in your current network and if so, please identifybelow?

Legacy System Location Communication type andSpeed

Gateway Software or BackOfficeProduct configured(SNA, etc..

Do you have multiple NOSs installed in your current network. If so, please identify which typesof NOS gateway software used and the purpose of the additional NOSs installed.

NOS Location Gateway Software or BackOfficeProduct configured

Purpose of the NOSinstalled



8/20

Do you have administrative resources located in the remote offices. If so, please specify based onlocation?

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

7. Functional Requirements

Please identify your functional requirements for a Domain re-configuration tool? Can you please

specify your mandatory and desirable requirements? Please fill in the chart below.

Functional Requirement Mandatory Desirable

Overview

Ability to support a proven methodology.

Ability to access the methodology from a

central Web site

Ability to access domain re-configuration

project documentation and value added

tools

Ability to track all migrated project

activity centrally.

Ability to support the project through a

wizard GUI interface.

Reporting

Ability to report to a text file throughout

each stage of the domain re-configuration.

Ability to report the following:

Domains

Computer Accounts

Trust relationships between Domain

Controllers

NT Users

User Properties

Local and Global Group memberships

NT Server SharesNT Share ACLs

Ability to report to the screen or to a text

file

Ability to report exceptions when objects

are bypassed.

Ability to identify the number of NT disk

objects when they were updated.

Ability to report to a Text file if not



9/20

granted the appropriate permissions.

User Stage

Ability to select individual users from a

source Domain.

Ability to select the users by GlobalGroups.

Ability to support the following User

global rules:

Description

Profile location

Login Script location

Set the Home Drive ACL

Disable / Enable Target Users

Standardize Home Drive letters

Copy Logon hours

Copy RAS permissions

Ability to un-migrate the target accounts

Ability to append the Home Drive ACLs.

Ability to enable / disable migrated user

accounts.

Ability to track selected users throughout

the whole domain re-configuration

process.

Global Groups

Ability to select individual Global

Groups.

Ability to merge Global Group members.

Ability to add a prefix to the target Global

Groups.Ability to pre-process the creation of the

Global Groups without effecting the

target state.

Ability to un-migrate the Global Groups

Ability to report on the status of each

stage of the process.

Local Groups

Ability to select servers to update Local

Groups

Ability to append migrated users and

Global Groups to the Local Groups.Ability to confirm if the operator has

access to the source server.

Ability to pre-process the appending of

the migrated users and Global Groups

without effecting the target state.



Ability to execute the updating process



10/20

separately from the main application.

Ability to run the updating process in

parallel.

ACLs

Ability to select servers to update the

ACLs.Ability to update specific Shares.

Ability to update hidden Shares.

Ability to update root NTFS drive

volumes.

Ability to append the migrated users and

Global Groups to the NTFS File,

Directory and Share ACLs.

Ability to confirm if the operator has

access to the source NTFS volume


stage of the updating process.


separately from the main application.Ability to run the updating process in

parallel.

User Rights

Ability to select servers to update the

User Rights.

Ability to append the migrated users and

Global Groups to the Servers User

Rights.

Ability to confirm if the operator has

access to the source Server.

Ability to report to the display and text

file on the status of each stage of theprocess.


separately from the main application.

Ability to execute the updating process in

parallel.

Computer Accounts NA

Ability to select the source Computer

Accounts.

NA

Ability to add the source Computer

Accounts to the target Domain.

NA

Ability to report on the status of eachstage of the process. NA

Ability to enumerate the Workstations

and Member Servers into the target

Domain.

NA

Ability to make the appropriate changes

to the Workstation and Member Servers

to enumerate to the target Domain,

centrally.

NA

Ability to report on the status of each NA



11/20


Workstation Profiles

Ability to update only the migrated users.

Ability to update the Local Profiles on

NT Workstations.

Ability to update the Roaming Profiles onNT Workstations.

Ability to update the Workstations

Registry ACLs,

Ability to have access to the Workstation

with either the source or target Domain

accounts.

Ability to maintain all Profile properties

with either NT account.



Update Exchange mailboxes

Ability to change the Primary account onsource Exchange mailbox.

Ability to preserve and append all

delegated entrees in a given mailbox.

Ability to update only the migrated users

mailboxes.

Ability to update the Exchange mailboxes

through a wizard GUI interface.

Ability to report to the status of each




12/20

Distribution Method

Ability to update NT Computers Local

Groups, ACLs, and User Rights in

parallel.

Ability to push the updating process toexecute only once.

Ability to pull scheduled Computers to

centrally update when additional project

migrations take place.

Ability to schedule the updating process

to selected Computers by the time of the

day.

Ability to update all Computers centrally.

Ability to monitor the updating process

centrally.

Ability to remove all project components

when removing the distribution service.

8. Preparing for the Pilot

The pilot location, will ______. The source domain will be ____ and the target domain willbe ______. The pilot will be executed from the target domain located in ______.

Once the MMT file is created it must be physically verified for accuracy. The user creationprocess of the migration will be run using the MMT created for the project

________________________________________________________________________________

________________________________________________________________________________

User properties to copy over to the target domain.

User NT account Yes NoUser Full Name Yes No

User Description Yes NoUsers NT password Yes NoUsers Profile Yes NoUsers Login Script Yes NoUser Home drive Yes NoAccount disable status Yes NoHome drive location Yes NoLogon Hours Yes No



13/20

Logon on as Yes NoAccount expire date Yes NoAccount group Type (default is Global Group) Yes NoRAS Dial-in information Yes No

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Global groups required to be created in the target Domain:

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Appendix A Winzero Migration Tools Transition Process

The process will identify a method of pulling the NT accounts and Global Groups to the newAccounts Domain using Winzero Migration tools, giving them the same access to all of thereresources (Local Groups, ACLs & User Rights) in the source Domain .

Preliminary Activities

Analysis

Determine the expired accounts, locked accounts, disabled accounts and old accountsthat have not logged in over a certain length of time,

Determine the service accounts because they will stay in Source Domain,

Identify Duplicate accounts

Identify users with dual accounts

Identify Null passwords

Check password policies

Identify Workstations and user association in source domain on going prior to

migration Identify all SQL servers in Source domain

Identify field service

Identify Radius Issues

Identify any Citrix issues

Identify terminal Server issues

Identify any unique applications that are tied to the domain name or accounts

Place All account used for migration into target Domain Admins Global Group;



14/20

Place sourceDomain admins group in target Administrators group

Place target Domain admins group in source domain Administrators group

Ensure all trusts has been established;

Run Adminchecker to determine you have Administrative access to all scheduledworkstations and Servers,

Append the NETLOGON Share permissions on target Domain with the Migrator accountand grant Change access;

Communicate the upcoming changes to all users (Ensure the communication includes:Leave workstation on and Turn off Power save BIOS option)

Verify or Install Winzero Tools in target domain

Global Changes to Network

(Assumption: Freeze source environment for one week)

Transition source NT users to target Domain using the created MMT and HDR files;

Transition global groups except the System Global groups (i.e. Domain Admin, DomainGuest and Administrator) to the target Domain prefixed with CX;

Update Local groups, ACLs, Profiles and User rights on NT Servers in the sourceDomain,

Using the Remote updater, update the NettApp servers Local groups, ACLs profiles,userrights in source domain

Update the ACLs, profiles, local groups and userrights on the NT workstations in thesource Domain,

Update Exchange severs in the source Domain,

Update SQL severs in the source Domain

Create laptop Updater

Verify changes have taken in effect,

Manually update laptops, off line workstations the were missed Verify changes have taken in effect,

Enable all verfied users in target domain and diable source domain accounts run scriptto enable users

Run script to change default logon domain from source to target

Randomly verify enduser migration with check list

Post Migration effort

(Caution: Work will be done after the network is stable)

Cleanup Old ACLs in source domain

Remove migrated users and global groups from source domain run script RemoveOldAcc.exe

Then Synchronize the PDCs to force a SAM update to all DCs,

Remove Two way trust from source and target Domain.



15/20

Appendix B - Transition Isssues, notes

1. SQL applications tied to NT acount references2. Do not transition expired, disabled and locked NT user accounts to target Domain3. Do not migrate NT Service accounts4. Identify citrix issues5. Identify in house application issues6. Identify radius server issues



16/20

Appendix C - Pilot Testing Criteria

The purpose of this section is to outline the individual tests required for the lab and pilottesting of the Winzero product. Each sub-section, identifies a number of processesrequired to ensure that each component of the transition (i.e. including manual effort and

Winzero tools) will function properly.

The procedures have been broken out for each stage based on the TransitionProcesses.

Global Changes

(Assumption: Freeze NT Account creation for 1 week)

User Transition

Test Procedure Yes No

1. You were able to create Mapping File?

2. Where you able to Pre-process the Users?

3. Were you able to Migrate the Users over to the Target Domain?

4. Using User Manager, were all the users moved over on the targetDomain?

5. Are all of the user properties migrated over to the target Domain?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Global Groups Transition except Domain Admin group


1. Were you able to select the source Global Groups?

2. Were you able to Preprocess the Global Groups?

3. Were you able to Migrate the prefixed Global Groups?

4. Using User Manager, were all of the Global Groups migrated over tothe target Domain?

5. Using User Manager, were all of the members for the Global Groupmigrated over to the target Domain?

Deficiencies: _________________________________________________________



17/20

_________________________________________________________

Update Local Groups

on NT Servers & NT Workstations in Source Domain


1. Were you able to select the servers to process?

2. Were you able to Preprocess the Local Groups?

3. Were you able to Update the Local Groups?

4. Using User Manager in the new Domain and user accounts havebeen updated in the Local Groups?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update User Share, Directory and File ACLs


1. Were you able to select the servers to process?

2. Were you able to select the shares on the servers selected?

3. Were you able to Preprocess the ACLs?

4. Were you able to Update the ACLs on the target servers?5. Verify the NT share, Directory and File ACLs have been updated?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update User Rights

on NT Servers & NT Workstations


1. Were you able to select the Mapping File?

2. Were you able to Preprocess the User Rights?

3. Were you able to Update the User Rights on the target servers?

4. Verify the User Rights have been updated?

Deficiencies: _________________________________________________________



18/20

_________________________________________________________

Exchange Updater


1. Export the account mapping file?2. Did Exchange Updaterlogs produce errors?

3. Use Exchange Administrator to verify the NT account change?

4. Have an Exchange user log into exchange and confirm the usersmail and properties still exist?

5. Did the script change the primary NT account on the Mailbox andthe access permissions on the mailbox?

6. Was the user able to access their schedule Plus calendar (i.e. havethe permissions changed)?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update NT Workstation Profiles


1. Were you able to select the Mapping file?

2. Were you able to point to a specific workstation and update himproperly?

3. Login to the NT workstation with target test NT account andvalidate all desktop settings, printers and UNC drive mappings are

preserved?

Deficiencies: _________________________________________________________

_________________________________________________________

Enabale User Accounts in target Domain


1 Were you able to select the Mapping File?

2 Were you able to select the appropriate option?

3 Were you able to view the results on the screen?

4 Using User Manager, were all the new user accounts enabled?

Deficiencies: _________________________________________________________



19/20

_________________________________________________________

Disable User Accounts in Source Domain


1 Were you able to select the Mapping File?

2 Were you able to select the appropriate option?

3 Were you able to view the results on the screen?

4 Using User Manager, were all the old user accounts disabled?

Deficiencies: _________________________________________________________

_________________________________________________________

Conduct a Full Backup of all NT Servers


1. Did you conduct a full backup on all NT servers?

2. Review the Backup logs, any issues arose?

Deficiencies: _________________________________________________________

_________________________________________________________

After all Transition Sites have been Completed

Clean-up old User Accounts and Global groups from Source Domain


1. Were you able to select the Mapping File?

2. Were you able to view the results on the screen?

3. Using User Manager, were all the users and Global groups removedfrom the Source Domain?

4. Using Server Manager, were the updates replicated throughout the

Domain(s)?5. Using User Manager, have the two way trusts have been removed?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________



20/20


sample domain migration process

Documents