Re: Kindly Advice - NT to Windows 2003 domain Upgrade
- From: "jx" <mc@xxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 11:39:25 -0500
"S" <S@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E2E01BEB-C9CC-4FE8-B0CB-1C91C7A0BD30@xxxxxxxxxxxxxxxx
Dear experts,You should consider also using a third party tool e.g. BindView or Quest for
We are proposing to Migrate from Windows NT to 2003 Active Directory.
Below
is a brief decription on the current Setup.
The client has operations in 2 locations which are networked through a
High
Bandwidth Lease Line... The campuses are primarily on Novell NDS
architecture. There are currently 2 Windows NT domains one each at
Locaqtion
A and Location B.These 2 domains have Member servers which host
applications
that use NTLM for authentication. There are close to 20 applications which
are set up and hosted between the 2 Windows NT domains. These applications
are Web apps and published on IIS 5.0 and above...(some of the member
servers
are Windows 2000) Domain trust is set up between the 2 NT domains. All
users
are first set up on the NDS and Novell Account Manger integrates the
Novell
NDS to the Windows NT domains. All directory information resides on the
NDS,
there is no separate Directory data on the NT domains because thats how
Novell Account manager works. An end user will be accessing IIS
applications
which can be located on either domains, hence NT domains trust each other.
When a user logs on to the network authenticating with the Novell Desktop
client, he/she is also signing on to the applications that are hosted in
the
Windows NT domain. This Single sign on feature is set up with the Novell
Account Manager. A major problem with the existing setup is that passwords
does not synchronize properly when it is changed on the NDS.
DNS servers are currently on Novell and even the NT domains use the DNS
which runs on Novell.
What we plan to do is as follows ...
Set up a Single forest and Domain at the top level and then create 2 child
domains for the 2 Locations. These 2 domains will be set up at the
separate
Sites itself.
account migration from Novel /NT.
In NDS the users are exisiting in 2 separate folders one for each
location.
We will then use Novell Identity manager DIRXML to set up the drivers for
Windows. The new DIRXML works differently when compared to Older Novell
Account Manager.
In Account manager, the NT domain controllers did not physically store the
directory information...with DIRXML this will change and the integration
will
push the directory data from Novell NDS to Windows AD.
Are you trying to sync and /or provision user account data from Novell to
the new AD forest? This will end up in the duplicate user accounts in your
NDS and AD forest. But the biggest challenge is resource access and
permissioning. If you do a migration of the users you will have the option
to migrate users with SID history which will enable legacy resource access
(applications, files, folders ..etc) for end users after they migrate to win
2003 forest. Also you will have the option to migrate the existing passwords
for the users as you migrate them.
What we are a bit worried is regarding the DNS placement. When we set up
the
1st DC , (DC at the Top which will also be the root of the Forest, it will
defenitly prompt to set up a DNS too...)
We assume this is mandatory to have atleast the top level Domain server
also
be the DNS server. The child domains can also be configured to run DNS on
itself and add Forwarders IPs of all other DNS servers including Novell...
As you set up your new forest (win 2003) you will need DNS resolution. As
you install the DC in the new environment make them DNS servers as well. You
can then use explicit forwarders towards you external DNS to resolve you
legacy environment.
Is this the right approach? Our ultimate aim is to move all the exisiting
Member servers from NT to the Child Domains in the new Active Directory...
Will we need to set up DNS at all on the Windows Domain controllers, if so
is
it okay if we install DNS only on the top level? What is the recommended
DNS
config in this case?
Thanks in advance...
Kind Regards
Sree
.
- Prev by Date: Re: Importing Data into Active Directory?
- Next by Date: Re: LDAPS
- Previous by thread: Re: LDAPS
- Next by thread: Re: ADAM - ERROR_DS_GENERIC (431) while adding a user to a group
- Index(es):
Relevant Pages
|
