• subscribe
Search
Browse By: Author | Issue
November 01, 1998 12:00 AM

NT 5.0's Directory Service Migration Tool

Douglas Toombs
Windows IT Pro
InstantDoc ID #3936

After you import your NDS data into Directory Service Migration Tool, you can evaluate and manipulate the data, if necessary. At this step in the migration process, you'll really appreciate the utility. For example, suppose your NDS structure uses the letters NW (for NetWare) in some object names. Such a naming scheme might be misleading in an NT directory structure, so you need to find all occurrences of NW in your directory object names and replace the NW with NT. Directory Service Migration Tool can perform this global find-and-replace task automatically and commit the changes to its copy of your NDS data.

You can also tell Directory Service Migration Tool to globally apply a certain type of password to each user account it imports. It can apply random passwords to user accounts, apply a password you choose to every account, remove passwords from accounts, or use a user's logon name as the password.

If you change your mind about alterations you make to the directory data, just delete the project you're manipulating, create a new project with the same NDS data, and start your changes over on the new copy of the data. When you're satisfied with Directory Service Migration Tool's copy of your NDS data, you're ready to write that directory information to AD. Make sure you know where in your AD structure you want to place the NDS data. You might want to import the NDS data into new OUs within AD so that you can keep it separate from your existing AD structure until you're sure Directory Service Migration Tool migrated all the NDS data correctly. When you're confident that all your data migrated correctly, you can move the new objects within AD to place them in the proper OUs. I created an OU called NDS to import my NDS data into, then moved the data to its final location when I was confident that my migration was successful.

Microsoft gave the AD-import function the not-so-intuitive name Configure Objects to NTDS. To open the function, right-click an object within your project and select Task, Configure Objects to NTDS, as Screen 5 shows. The Configure Objects to NTDS window will open. This window lets you select a destination container in AD to import the NDS directory data into, as Screen 6, page 164, shows. After you select a destination container, Directory Service Migration Tool writes directory information to AD. Screen 7 shows the outcome of my sample migration: Directory Service Migration Tool successfully migrated my OUs and user objects from NDS to AD.

Almost Ready
Directory Service Migration Tool is a powerful feature of NT 5.0, but the version that came with NT 5.0 beta 1 isn't complete. For example, I added user attributes including a telephone number, account expiration date, and title to the NDS record for DougT. However, the utility didn't migrate my telephone number or account expiration information. I'm not sure where the NDS Title field should have appeared in my AD user record, but that property didn't survive the migration either. Losing such important information in a migration is a problem, but I'm confident that this failure is a result of the beta 1 Directory Service Migration Tool's incompleteness.

The beta 1 version of the utility is also light on documentation, but because of the complexity of NDS and AD, I expect Microsoft to have thorough documentation for this utility by the time the company releases NT 5.0. I hope that the documentation will include a translation table that shows which NDS objects and properties Directory Service Migration Tool can migrate, which objects and properties it can't migrate, and which AD field NDS properties (such as the Title property) end up in. No large-scale enterprise migration plan can be complete if administrators can't access such a table.

Finally, the beta 1 version is missing a feature that will benefit administrators. No migration to NT is complete without data migration, so Directory Service Migration Tool (like its predecessor, NWConvert) lets you migrate all your files. Unlike NWConvert, the new tool migrates file permissions and security, so it keeps your security configuration intact when it migrates your data from NDS to AD. This functionality isn't in the beta 1 version of the utility, but documentation in beta 1 states that it will be in the final NT 5.0 release.

Directory Service Migration Tool is useful. You can migrate entire branches of your NDS directory to NT with just a few mouse clicks and keystrokes. The final version's inclusion of a security configuration migration feature will make migrations fast and easy. File permission structures on large enterprise networks are usually complex, and when Directory Service Migration Tool makes migrating security information as easy as migrating user accounts, the utility will save administrators a lot of time.



ARTICLE TOOLS

Comments
Add A Comment
  • Mel
    9 years ago
    Feb 28, 2003

    HI,

    I'm wondering if this DSMT is still existing?
    I cannot find it in Windows 2000 server.
    Are we suppose to use the MSDSS tools instead?

    regds

  • James Petro
    13 years ago
    Aug 06, 1999

    Windows NT Magazine is fond of saying, “We’re not owned by Microsoft.” If that’s true, what’s up with the opening page (page 161) of Douglas Toombs’ “NT 5.0’s Directory Service Migration Tool” (November 1998)?
    The article and illustration imply that Active Directory (AD) is superior to Novell Directory Services (NDS). From what I’ve read about both directory services, nothing could be further from the truth. Why didn’t you publish an article comparing the two directory services? I don’t mean something like the article you ran a few months back encompassing all the available directories from every vendor—–I mean a direct, unbiased comparison between NDS and AD. Wouldn’t that kind of article help readers decide which directory is most appropriate for their situations? If you can’t run such an article, how can you print an article concerning migrating from NDS to AD? How are we to know that we are not migrating to an inferior product?
    In the same issue, on the other end of the prejudicial spectrum is David Chernicoff’s NT Intelligence: “Walking the Walk and Talking the Talk,” which was a breath of fresh air to me. Wouldn’t it be nice if the entire magazine followed the logic and reason in this all-too-rare and excellent piece.
    Your masthead contains a funny bit of irony in “Writing for Windows NT Magazine.” The statement reads, “All articles are edited to ensure that they conform to our editorial standards of quality and objectivity.” I agree with the quality part, but if page 161 is “objective,” I think you need to relearn the meaning of the word.

    --James Petro



    Windows NT Magazine appreciates reader feedback; we take it very seriously. Administrators who work with NT every day and want to share their discoveries and solutions with fellow professionals write most of the magazine’s articles. Of the two articles that you mention, an employee of the magazine wrote “Walking the Walk and Talking the Talk.” We ensure that articles are technically accurate, but we don’t tell our authors what position to take. We encourage authors to express their opinions.

    --Karen Forster

You must log on before posting a comment.

Are you a new visitor? Register Here

© 2012 Penton Media, Inc.

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.