If you administer a Windows NT environment, sooner or later you'll consider moving your infrastructure to Windows 2000. You must plan many details regarding the movement of users, groups, and resources before you can perform the migration. The most significant addition to Win2K is Active Directory (AD), and AD is the component that will require the most attention and planning before you migrate your environment.
Microsoft recommends that in addition to planning for AD, you clean up and flatten domains before moving to Win2K. This process requires a significant effort on your part. Four suites of migration tools have emerged to assist you. Aelita Software's Controlled Migration Suite 5.0, BindView's bv-Admin for Windows 2000 Migration 3.5 beta, FastLane Technologies' DM/Suite, and NetIQ's (formerly Mission Critical Software's) Domain Migration Administrator 6.10 offer NT-to-Win2K domain migration assistance.
The Domain Environment
To test each product, I set up a network for a fictional midsized company. My NT 4.0 network consisted of four account domains, CORPORATE, HRDOMAIN, PRODDOMAIN, and SALES-DOMAIN, which Figure 1 shows. Each domain controller ran NT Server 4.0, Enterprise Edition, with Service Pack 5 (SP5) and contained about 250 user accounts with home directories and roughly 1.3GB of shared files with NTFS permissions. I added a member server running Microsoft Exchange Server 5.5 to the CORPORATE domain and created mailboxes for all user accounts across my domains. I also included one resource domain, RES-DOMAIN, that had printer and file sharing on one domain controller. To verify connectivity during the various migration stages, I used clients running Win2K Professional, NT Workstation 4.0, and Windows 98.
Migration Goals
I planned my migration activities to accomplish five goals. First, I needed to migrate all user accounts to one AD domain, NTLAB.COM, which Figure 2, page 108, shows. (I planned to upgrade the server named Corp in the NT CORPORATE domain to Win2K Advanced Server. This upgrade would result in the NTLAB.COM AD Domain with a NetBIOS domain name of CORPORATE.) Second, I wanted to accomplish administrative distribution by placing current domain objects into appropriate organizational units (OUs) in the AD. Third, I planned to update the permissions on existing resources to provide concurrent access from the original account and the newly migrated account. Fourth, I wanted to relocate file shares from HRDOMAIN, PRODDOMAIN, and SALESDOMAIN to remaining servers, then remove the domain controllers for those domains. (The Win2K upgrade installation updated all the original accounts and objects in the NT CORPORATE domain.) Finally, I intended to clean up permissions to remove access to resources by original domain accounts while maintaining access by new accounts.
I used each product's built-in analysis and planning tools to determine how they assisted a real-world migration. After planning, I tested each product's user and group migration functionality. Following migration, I used the domain consolidation tool, when the product provided one. I used the distributed resource-updating tool from each product to repermission files and shares. I then used the computer migration capabilities to change the domain memberships of my clients. Throughout the migration steps, I verified that client computers provided users uninterrupted access to appropriate resources and maintained local user profiles. I also checked permissions, accounts, and other affected objects after each operation. Finally, I used each product's cleanup facilities to remove permis-sions on resources for original domain accounts.
The Verdict
These products offer trade-offs between flexibility and ease of use. Domain Migration Administrator was easy to use but might not provide the flexibility some large organizations need. DM/
Suite and bv-Admin for Windows 2000 Migration offered more options, but some of the options were distracting and redundant.
In my test environment, Controlled Migration Suite was the most robust product and the best equipped to perform the migration as planned. Controlled Migration Suite struck a balance between simplicity and flexibility.
In terms of value, if domain consolidation isn't currently a concern, Domain Migration Administrator's price-for-performance punch is powerful. However, Controlled Migration Suite delivers the knockout blow with great features at an attractive price.
Previous
Register
