If you manage a large Windows NT environment with multiple domains, you're familiar with the problems associated with reconfiguring a domain structure. Moving users or groups and their associated files and access control list (ACL) permissions from one domain to another is time-consuming, regardless of how diligent you are. Phoenix Domain Reconfiguration Tool for Windows NT, from FastLane Technologies, can help minimize these problems by automatically managing your reconfigurations.
In an NT domain reconfiguration, each user, group, and computer (i.e., resource) has a unique security ID (SID). If you move one of these resources to a new domain, NT automatically assigns it a new SID. Subsequently, the resource loses the first SID and the security permissions to the network resources it originally had access to. For example, if a user exists on the Engineering domain, that user has access to the Engineering network files and printers. When you move the user to the Marketing domain, that person will receive a new SID and lose access to the Engineering network files and printers.
Installing Phoenix is fairly simple, although I ran into some difficulty because the software arrived on a recordable CD-ROM that my drive had difficulty reading. I opted to download and install the trial version available on the Web. After downloading this 4MB file, I zipped the distribution into a temporary directory and ran the setup.exe program.
Putting Phoenix to the Test
With Phoenix, a domain reconfiguration requires six steps. Screen 1 provides a view of the software's launch screen, from which you access these steps.
In steps 1 and 2, you mirror your source domain users and global groups, respectively, to the destination domain. The administrator then assigns new SIDs to the destination users. Typically, when you consolidate one or more domains, you run the risk of having the reconfiguration process combine users from these domains into one common group (e.g., one consolidated Secretaries group). Phoenix lets you avoid this problem by prefixing group names with identifiers.
In steps 3 and 4, Phoenix appends destination account SIDs to the source SIDs of local groups and ACLs, respectively. This way, users have access to the same network resources (e.g., shares and files) under both their old and new accounts.
In step 5, you can determine whether users have the same rights (e.g., Change the System Time and Log On Locally) in their new account that they had in their old account, and update those rights if necessary. Finally, in step 6, you can re-create computer accounts in the new domain.
The End Result
As a restructuring tool, Phoenix offers several benefits. As part of the migration process, Phoenix creates report files (e.g., the user migration report) that let you review the actions the software takes and any errors that might have occurred during processing. Phoenix also has a very reasonable price, especially when compared to the cost of having an NT administrator perform these tasks manually. If you plan to perform any domain restructuring in the near future, you'd be wise to take a closer look at Phoenix.
|Phoenix Domain Reconfiguration Tool for Windows NT|
| Contact: FastLane Technologies 902-421-5353 or 800-947-6752 |
Price: $12 per user account
System Requirements: Windows NT Server 3.51 or 4.0, 16MB of RAM (32MB recommended), 10MB of hard disk space