Migration Process

NT4 – W2K- W2K3 Domain Migration

Revision 4.1

June 19, 2002

Prepared by:

Akos Sandor

2929 West 4th Ave,

Vancover, BC,V6k 4T3
604-736-7395

Winzero Canada. Table of Contents Page: 1

 Table of Contents

1. Introduction _________________________________________________ 2
2. Positioning Statement_________________________________________ 2
3. Overview____________________________________________________ 2
4. Migration Process ____________________________________________ 2
5. Migration Form_______________________________________________ 4
6. Network Information __________________________________________ 4
7. Functional Requirements ______________________________________ 7
8. Preparing for the Pilot ________________________________________ 11
Appendix A – Winzero Migration Tools Transition Process ____________ 12
Preliminary Activities ________________________________________________ 12
Global Changes to Network___________________________________________ 13
Post Migration effort ________________________________________________ 13
Appendix B - Transition Isssues, notes _____________________________ 14
Appendix C - Pilot Testing Criteria _________________________________ 15
Global Changes ____________________________________________________ 15
User Transition __________________________________________________________ 15
Global Groups Transition except Domain Admin group ___________________________ 15
Update Local Groups _____________________________________________________ 16
Update User Share, Directory and File ACLs ___________________________________ 16
Update User Rights _________________________________________________ 16
Exchange Updater________________________________________________________ 17
Update NT Workstation Profiles _____________________________________________ 17
Enabale User Accounts in target Domain ______________________________________ 17
Disable User Accounts in Source Domain _____________________________________ 18
Conduct a Full Backup of all NT Servers ________________________________ 18
After all Transition Sites have been Completed __________________________ 18
Clean-up old User Accounts and Global groups from Source Domain ________________ 18

Winzero Canada. Table of Contents Page: 2

1. Introduction

The purpose of the Migration plan is to outline the process necessary to assist the in a
Windows NT - W2K – W2K3 structured Migration. The content for the process is
gathered throughout the qualification and educational phases of the process.
With these requirements, a transition approach is developed to help get to the end-
state. The scope of a structured pilot will be identified and the transition approach will be
tested based on the requirements. These requirements will be tested through a
structured set of testing criteria throughout the pilot so all of the requirements and
objectives are addressed and tested.
The deliverable will give the results necessary to move the Project Plan forward.

2. Positioning Statement

The structured process outlined in this document would be valued by a Technical and
Economical sponsor.

3. Overview

The following is a process to conduct a Migration.

1. A “Terms of Reference” is created which outlines the project objective, scope, and
assumptions.
2. Define business and technical requirements,
3. Translate these requirements into functional requirements,
4. The functional requirements are separated into mandatory and desirable requirements,
5. Source domain:
6. Target domain:
7. Source sites:
8. Pilot site:
9. Step by step migration process

4. Migration Process

To assist a structured Migration, a defined process has been developed. The following
process can be used as a checklist to work through to the desired end state.

‰ Understand the business and technical drivers,

‰ Understand the challenges,
‰ Understand this projects against the other corporate priorities,
‰ Review project documentation
‰ Review project plan and schedule (if exists),
‰ Review transition plan (if exists),
‰ Review transition process (if exists),
‰ Review testing methodology (if exists),
‰ Review pilot locations (if identified),
‰ Review project risks (if identified),

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 2

 ‰ Review resource list (if exists),
Understand the current state of the Source Domain environment,

‰ Domain structure,
‰ Location of the Domain’s PDCs,
‰ Number of Servers and workstations,
‰ Workstation types and installed application (desirable),
‰ Domain, Server type and function,
‰ Server hardware specifics (desirable)
‰ Remote offices and speed of communication lines,
‰ Dial-in users (desirable),
‰ Legacy systems and multiNOS systems (desirable).
‰ Understand the Administrative resources in the remote locations,
‰ Understand the mandatory and desirable functional requirements,

‰ Identify a transition process,

‰ Identify any transition issues,
‰ Validate the transition process,

‰ Identify / determine the scope of a pilot and it’s requirements,

‰ Identify the geographical locations included in the pilot,
‰ Determine the source and target Domains?
‰ Determine the users and global groups to re-create in the target Domain,
‰ Determine the user global rules specified for the new target Domain accounts,
‰ Determine the location and name of the Winzero administrative account,
‰ Determine the source Domain servers to be updated,

‰ Identify a process to test and validate the transition of user accounts based on the
customer’s pilot requirements,
‰ Build the testing criteria required for the Winzero migration tools operator throughout the
pilot,
‰ Determine the duration of the pilot,
‰ Define Winzero’s support throughout the pilot (i.e. SE, Executive sponsor, etc),
‰ Determine pilot obstacles,
‰ Determine the pilot milestones,
‰ Primary and Secondary contact information.
‰ Validate the customer’s identified process against the testing criteria, throughout the
assigned pilot period.
‰ Product Migration is complete

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 3

5. Migration Form

The following questions can be used as a quideline to help work through a structured product
Migration. The best approach is to setup a conference call with the Technical sponsor and
Project Manager, walk through the Migration form with the customer over the phone. The
answers to the form will populate the Migration Plan.

---------------------------------------------------------------------------------------------------------------------------

Organization name:

Contact name:

Date:

Business drivers behind the project.

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

Technical drivers behind the project.

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

6. Network Information

Domains Number of Servers Number of Workstation & types

Specify WFW311, Windows 95 & / or NT
WRK

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 4

 If your organization has pre-defined workstation configuration types, please identify the
workstation configuration types and identify the installed software packages. In addition, please
identify the location of the software package(s)?

Workstation Configuration Types Software application installed Application installed locally

(NT/W2K/XP Class 1, Class 2, etc) (MS Office, Rumba, SMS Client.) or installed on the network

Please identify the Domain, the server types and their functions within the network.

Domain Name Server Name and Type Server Function

(DC PDC, BDC or Member ) (File / Print, APP, SMS, SNA,
(ex. FS001 – PDC) etc)

Please identify the Server CPU, memory and hard disk size. In addition, identify the remaining
space used on the disks and the number of files and directory folders. (The purpose of this
question is to be able to get a rough estimate on the length of time it will take to update the
ACLs)

Server Name Server CPU Memory Installed Logical Drive Used Disk # of files
(MB) Size (GB) Space &
(GB) Directori
es
(1,000)

Please identify the average number of ACE entries for each share, directory and file?

Server Name # of Shares. # of files &

Specify the avg Directories.
# of ACE Specify the
avg. # of ACE

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 5

 Please identify the geographical location(s) of your offices, the communication types and the
speed of those communicates types.
(if a physical Network exists, this is not required)

Location Communication Type Communication Speed

(Frame Relay, Lease Line, Satellite) (56 Kbps, 512, T1, T3, etc)

Do users have dial-in access to the network? Yes No

(Please circle one)

If remote users do exist, please identify the number of remote users accessing the NT network
via RAS dial-in or through other remote connectivity needs? Furthermore, identify the
workstation type and the software application installed.

Remote Workstation Configuration Types Software application installed

(WFW311 Class 1, Win95 or Win NT wrk, etc) (MS Office97, Rumba, SMS Client.)

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Do you have any legacy systems located in your current network and if so, please identify
below?

Legacy System Location Communication type and Gateway Software or BackOffice

Speed Product configured
(SNA, etc..

Do you have multiple NOSs installed in your current network. If so, please identify which types
of NOS gateway software used and the purpose of the additional NOSs installed.

NOS Location Gateway Software or BackOffice Purpose of the NOS

Product configured installed

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 6

Do you have administrative resources located in the remote offices. If so, please specify based on
location?

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

7. Functional Requirements

Please identify your functional requirements for a Domain re-configuration tool? Can you please
specify your mandatory and desirable requirements? Please fill in the chart below.

Functional Requirement Mandatory Desirable

Overview
Ability to support a proven methodology.
Ability to access the methodology from a
central Web site
Ability to access domain re-configuration
project documentation and value added
tools
Ability to track all migrated project
activity centrally.
Ability to support the project through a
wizard GUI interface.

Reporting
Ability to report to a text file throughout
each stage of the domain re-configuration.
Ability to report the following:
Domains
Computer Accounts
Trust relationships between Domain
Controllers
NT Users
User Properties
Local and Global Group memberships
NT Server Shares
NT Share ACLs
Ability to report to the screen or to a text
file
Ability to report exceptions when objects
are bypassed.
Ability to identify the number of NT disk
objects when they were updated.
Ability to report to a Text file if not

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 7

 granted the appropriate permissions.

User Stage
Ability to select individual users from a
source Domain.
Ability to select the users by Global
Groups.
Ability to support the following User
global rules:
Description
Profile location
Login Script location
Set the Home Drive ACL
Disable / Enable Target Users
Standardize Home Drive letters
Copy Logon hours
Copy RAS permissions
Ability to un-migrate the target accounts
Ability to append the Home Drive ACLs.
Ability to enable / disable migrated user
accounts.
Ability to track selected users throughout
the whole domain re-configuration
process.

Global Groups
Ability to select individual Global
Groups.
Ability to merge Global Group members.
Ability to add a prefix to the target Global
Groups.
Ability to pre-process the creation of the
Global Groups without effecting the
target state.
Ability to un-migrate the Global Groups
Ability to report on the status of each
stage of the process.

Local Groups
Ability to select servers to update Local
Groups
Ability to append migrated users and
Global Groups to the Local Groups.
Ability to confirm if the operator has
access to the source server.
Ability to pre-process the appending of
the migrated users and Global Groups
without effecting the target state.
Ability to report on the status of each
stage of the process.
Ability to execute the updating process

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 8

 separately from the main application.
Ability to run the updating process in
parallel.

ACLs
Ability to select servers to update the
ACLs.
Ability to update specific Shares.
Ability to update hidden Shares.
Ability to update root NTFS drive
volumes.
Ability to append the migrated users and
Global Groups to the NTFS File,
Directory and Share ACLs.
Ability to confirm if the operator has
access to the source NTFS volume
Ability to report on the status of each
stage of the updating process.
Ability to execute the updating process
separately from the main application.
Ability to run the updating process in
parallel.

User Rights
Ability to select servers to update the
User Rights.
Ability to append the migrated users and
Global Groups to the Server’s User
Rights.
Ability to confirm if the operator has
access to the source Server.
Ability to report to the display and text
file on the status of each stage of the
process.
Ability to execute the updating process
separately from the main application.
Ability to execute the updating process in
parallel.

Computer Accounts NA
Ability to select the source Computer NA
Accounts.
Ability to add the source Computer NA
Accounts to the target Domain.
Ability to report on the status of each NA
stage of the process.
Ability to enumerate the Workstations NA
and Member Servers into the target
Domain.
Ability to make the appropriate changes NA
to the Workstation and Member Servers
to enumerate to the target Domain,
centrally.
Ability to report on the status of each NA

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 9

 stage of the process.

Workstation Profiles
Ability to update only the migrated users.
Ability to update the Local Profiles on
NT Workstations.
Ability to update the Roaming Profiles on
NT Workstations.
Ability to update the Workstation’s
Registry ACLs,
Ability to have access to the Workstation
with either the source or target Domain
accounts.
Ability to maintain all Profile properties
with either NT account.
Ability to report on the status of each
stage of the process.

Update Exchange mailboxes

Ability to change the Primary account on
source Exchange mailbox.
Ability to preserve and append all
delegated entrees in a given mailbox.
Ability to update only the migrated users
mailboxes.
Ability to update the Exchange mailboxes
through a wizard GUI interface.
Ability to report to the status of each
stage of the process.

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 10

 Distribution Method
Ability to update NT Computer’s Local
Groups, ACLs, and User Rights in
parallel.
Ability to push the updating process to
execute only once.
Ability to pull scheduled Computers to
centrally update when additional project
migrations take place.
Ability to schedule the updating process
to selected Computers by the time of the
day.
Ability to update all Computers centrally.
Ability to monitor the updating process
centrally.
Ability to remove all project components
when removing the distribution service.

8. Preparing for the Pilot

The pilot location, will ______. The source domain will be ____ and the target domain will
be ______. The pilot will be executed from the target domain located in ______.

Once the MMT file is created it must be physically verified for accuracy. The user creation
process of the migration will be run using the MMT created for the project

_______________________________________________________________________
_________

_______________________________________________________________________
_________

User properties to copy over to the target domain.

User NT account Yes No

User Full Name Yes No
User Description Yes No
User’s NT password Yes No
User’s Profile Yes No
User’s Login Script Yes No
User Home drive Yes No
Account disable status Yes No
Home drive location Yes No
Logon Hours Yes No

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 11

 Logon on as Yes No
Account expire date Yes No
Account group Type (default is Global Group) Yes No
RAS Dial-in information Yes No

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Global groups required to be created in the target Domain:

________________________________________________________________________________

________________________________________________________________________________

________________________________________________________________________________

Appendix A – Winzero Migration Tools Transition Process

The process will identify a method of pulling the NT accounts and Global Groups to the new
Accounts Domain using Winzero Migration tools, giving them the same access to all of there
resources (Local Groups, ACLs & User Rights) in the source Domain.

Preliminary Activities

• Analysis
• Determine the expired accounts, locked accounts, disabled accounts and old accounts
that have not logged in over a certain length of time,
• Determine the service accounts because they will stay in Source Domain,
• Identify Duplicate accounts
• Identify users with dual accounts
• Identify Null passwords
• Check password policies
• Identify Workstations and user association in source domain… on going prior to
migration
• Identify all SQL servers in Source domain
• Identify field service
• Identify Radius Issues
• Identify any Citrix issues
• Identify terminal Server issues
• Identify any unique applications that are tied to the domain name or accounts
• Place All account used for migration into target Domain Admins Global Group;

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 12

• Place sourceDomain admins group in target Administrators group
• Place target Domain admins group in source domain Administrators group
• Ensure all trusts has been established;
• Run Adminchecker to determine you have Administrative access to all scheduled
workstations and Servers,
• Append the NETLOGON Share permissions on target Domain with the Migrator account
and grant Change access;
• Communicate the upcoming changes to all users (Ensure the communication includes:
Leave workstation on and Turn off Power save BIOS option)
• Verify or Install Winzero Tools in target domain

Global Changes to Network

(Assumption: Freeze source environment for one week)

• Transition source NT users to target Domain using the created MMT and HDR files;
• Transition global groups except the System Global groups (i.e. Domain Admin, Domain
Guest and Administrator) to the target Domain prefixed with CX;
• Update Local groups, ACLs, Profiles and User rights on NT Servers in the source
Domain,
• Using the Remote updater, update the NettApp servers – Local groups, ACLs profiles,
userrights in source domain
• Update the ACLs, profiles, local groups and userrights on the NT workstations in the
source Domain,
• Update Exchange severs in the source Domain,
• Update SQL severs in the source Domain
• Create laptop Updater
• Verify changes have taken in effect,
• Manually update laptops, off line workstations the were missed
• Verify changes have taken in effect,
• Enable all verfied users in target domain and diable source domain accounts run script
to enable users
• Run script to change default logon domain from source to target
• Randomly verify enduser migration with check list

Post Migration effort

(Caution: Work will be done after the network is stable)

• Cleanup Old ACLs in source domain

• Remove migrated users and global groups from source domain run script RemoveOldAcc.exe
• Then Synchronize the PDCs to force a SAM update to all DCs,
• Remove Two way trust from source and target Domain.

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 13

Appendix B - Transition Isssues, notes

1. SQL applications tied to NT acount references

2. Do not transition expired, disabled and locked NT user accounts to target Domain
3. Do not migrate NT Service accounts
4. Identify citrix issues
5. Identify in house application issues
6. Identify radius server issues

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 14

Appendix C - Pilot Testing Criteria

The purpose of this section is to outline the individual tests required for the lab and pilot
testing of the Winzero product. Each sub-section, identifies a number of processes
required to ensure that each component of the transition (i.e. including manual effort and
Winzero tools) will function properly.

The procedures have been broken out for each stage based on the Transition
Processes.

Global Changes
(Assumption: Freeze NT Account creation for 1 week)

User Transition

Test Procedure Yes No

1. You were able to create Mapping File?
2. Where you able to Pre-process the Users?
3. Were you able to Migrate the Users over to the Target Domain?
4. Using User Manager, were all the users moved over on the target
Domain?
5. Are all of the user properties migrated over to the target Domain?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Global Groups Transition except Domain Admin group

Test Procedure Yes No

1. Were you able to select the source Global Groups?
2. Were you able to Preprocess the Global Groups?
3. Were you able to Migrate the prefixed Global Groups?
4. Using User Manager, were all of the Global Groups migrated over to
the target Domain?
5. Using User Manager, were all of the members for the Global Group
migrated over to the target Domain?

Deficiencies: _________________________________________________________

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 15

 _________________________________________________________

Update Local Groups

on NT Servers & NT Workstations in Source Domain

Test Procedure Yes No

1. Were you able to select the servers to process?
2. Were you able to Preprocess the Local Groups?
3. Were you able to Update the Local Groups?
4. Using User Manager in the new Domain and user account’s have
been updated in the Local Groups?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update User Share, Directory and File ACLs

Test Procedure Yes No

1. Were you able to select the servers to process?
2. Were you able to select the shares on the servers selected?
3. Were you able to Preprocess the ACLs?
4. Were you able to Update the ACLs on the target servers?
5. Verify the NT share, Directory and File ACLs have been updated?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update User Rights

on NT Servers & NT Workstations

Test Procedure Yes No

1. Were you able to select the Mapping File?
2. Were you able to Preprocess the User Rights?
3. Were you able to Update the User Rights on the target servers?
4. Verify the User Rights have been updated?

Deficiencies: _________________________________________________________

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 16

 _________________________________________________________

Exchange Updater

Test Procedure Yes No

1. Export the account mapping file?
2. Did Exchange Updaterlogs produce errors?
3. Use Exchange Administrator to verify the NT account change?
4. Have an Exchange user log into exchange and confirm the users
mail and properties still exist?
5. Did the script change the primary NT account on the Mailbox and
the access permissions on the mailbox?
6. Was the user able to access their schedule Plus calendar (i.e. have
the permissions changed)?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

_________________________________________________________

Update NT Workstation Profiles

Test Procedure Yes No

1. Were you able to select the Mapping file?
2. Were you able to point to a specific workstation and update him
properly?
3. Login to the NT workstation with target test NT account and
validate all desktop settings, printers and UNC drive mappings are
preserved?

Deficiencies: _________________________________________________________

_________________________________________________________

Enabale User Accounts in target Domain

Test Procedure Yes No

1 Were you able to select the Mapping File?
2 Were you able to select the appropriate option?
3 Were you able to view the results on the screen?
4 Using User Manager, were all the new user accounts enabled?

Deficiencies: _________________________________________________________

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 17

 _________________________________________________________

Disable User Accounts in Source Domain

Test Procedure Yes No

1 Were you able to select the Mapping File?
2 Were you able to select the appropriate option?
3 Were you able to view the results on the screen?
4 Using User Manager, were all the old user accounts disabled?

Deficiencies: _________________________________________________________

_________________________________________________________

Conduct a Full Backup of all NT Servers

Test Procedure Yes No

1. Did you conduct a full backup on all NT servers?
2. Review the Backup logs, any issues arose?

Deficiencies: _________________________________________________________

_________________________________________________________

After all Transition Sites have been Completed

Clean-up old User Accounts and Global groups from Source Domain

Test Procedure Yes No

1. Were you able to select the Mapping File?
2. Were you able to view the results on the screen?
3. Using User Manager, were all the users and Global groups removed
from the Source Domain?
4. Using Server Manager, were the updates replicated throughout the
Domain(s)?
5. Using User Manager, have the two way trusts have been removed?

Deficiencies: _________________________________________________________

_________________________________________________________

_________________________________________________________

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 18

Winzero Canada. NT – W2K – W2K3 Migration Process Page: 19