Member Server Migrations
You can freely move member servers between NT domains, so you don't need to rebuild them. Migrating a member server that's holding only user data is simple. You back up the server, change the domain in the Control Panel Network applet, and reboot. Perhaps the main thing to remember is that the server must be able to see the PDC in both the old and new domains.
You must be a little more careful with servers that run BackOffice applications such as Exchange or SQL Server because of the embedded SIDs in application-based ACLs and the operation of service accounts. You must verify that user accounts in domain X that use a service on a domain X server can still use the service if you move the accounts to domain Y before the server moves to domain Y. Likewise, you should verify that the accounts can use the service if you move the server first.
You might want to consider consolidating Exchange organizations at the same time you migrate domains. For details about how to migrate an Exchange organization, see Tony Redmond, "Planning an Exchange 2000 Migration Strategy," http://www.exchangeadmin.com, InstantDoc ID 8860.
Workstation Migrations
If your migration tool has a mechanism for migrating workstations, it might work if your workstations are on 24 * 7, but it won't work well for other environments. Workstation-migration mechanisms are particularly ineffective at migrating remote workstations, which probably won't be suitably connected at the time you want to migrate them.
To migrate a workstation, you must first delete its account in the old domain and create an account in the new domain. Then, you must prompt the workstation to join the new domain. You should also add the Domain Admins global group from the new domain to the local Administrators group on the workstation. Your particular workstation configuration might demand other changes as well (e.g., reconfiguring the SMS Package Command Manager service).
We suggest developing a mechanism that migrates workstations gradually and at a time when you know that they'll be available. You can write an addition to an NT logon script that makes use of standard Microsoft Windows NT Server 4.0 Resource Kit utilities such as Netdom, Usrtogrp, and Nltest to perform the migration. For more information about the Netdom command, see Mark Minasi, This Old Resource Kit, "Netdom's Member Option," May 1999, InstantDoc ID 5216, and "Netdom 2000," November 1999, InstantDoc ID 7311. Each client OS requires slightly different code, but you can apply a gradual approach to the task of migrating most workstation types.
The SIDs Are All Right
All the objects on servers that you've moved to the new domain still have ACL entries against them for the original user account SIDs that had permissions to those objects. A final pass of the migration tool will remove these references.
After you've migrated all the user accounts, (almost) all the servers, and all the workstations out of a domain, you should be left with only the PDC. Turn off the PDC for a trial period of a day to determine whether any dependencies on the now-empty domain still exist. When you can leave the PDC off for a period of a few weeks without any ill effects, you can consider the domain "dead." A ceremonial burial beneath the raised floor of the server room might not be inappropriate if the migration has gone well.
Infrastructure integration work can be extremely rewarding, but you'll probably need to get your accolades from your teammates. If you've done your job well, users won't notice any difference other than that they now log on to a different domain and some had to bring their laptops in on a specified day for some updates. Do the job wrong, and you could be cleaning up for months. As we've tried to convey, the secret to success is solid preparation and incredible attention to detail. Miss nothing, challenge all your assumptions, and make sure you have an account with the local pizza delivery company to get you through those long migration evenings and weekends.
End of Article
Prev. page
1
2
3
4
[5]
next page -->
