Difference between revisions of "Active Directory/Documentation/Computer Migration Instructions"

From WolfTech
Jump to navigation Jump to search
m
 
(4 intermediate revisions by 3 users not shown)
Line 22: Line 22:
 
#* If it completes successfully, the number of computers finished will be equal to the number examined and there will be zero errors.
 
#* If it completes successfully, the number of computers finished will be equal to the number examined and there will be zero errors.
 
#* If there are errors, view the log for details.<BR>[[Image:admt-cpu11.jpg]]<BR><BR>
 
#* If there are errors, view the log for details.<BR>[[Image:admt-cpu11.jpg]]<BR><BR>
 +
# Open the Active Directory Users and Computers console.  Add the computer to the necessary groups before proceeding.
 
# In the <b>Active Directory Migration Tool Agent Dialog</b>, click <b>Start</b> to run the pre-check.<br>[[Image:admt-cpu12.jpg]]<BR><BR>
 
# In the <b>Active Directory Migration Tool Agent Dialog</b>, click <b>Start</b> to run the pre-check.<br>[[Image:admt-cpu12.jpg]]<BR><BR>
 
# If the pre-check passed, choose <b>Run pre-check and agent operation</b>, and click <b>Start</b>.
 
# If the pre-check passed, choose <b>Run pre-check and agent operation</b>, and click <b>Start</b>.
Line 50: Line 51:
 
# Once the migration wizard completes, make sure <b>Agent Operation</b> shows <b>Successful</b>. Click <b>Close</b> to exit the Computer Migration Wizard.
 
# Once the migration wizard completes, make sure <b>Agent Operation</b> shows <b>Successful</b>. Click <b>Close</b> to exit the Computer Migration Wizard.
 
#* If there were any errors, click View Migration Log for details.<BR>[[Image:admt-sid9.jpg]]<BR><BR>
 
#* If there were any errors, click View Migration Log for details.<BR>[[Image:admt-sid9.jpg]]<BR><BR>
 +
 +
==FAQs==
 +
'''NOTE:'''  Be very careful when making changes to the Windows Registry, and do not delete keys unless you are certain.  Do NOT make changes to Windows Registry unless you are comfortable doing so.  Ask Patrick or Brian for assistance.
 +
 +
# If a user logs in with their WOLFTECH account before SID translation is complete, do this:
 +
#* Delete the profile directory under C:\Documents and Settings (usually username.WOLFTECH).
 +
#* Delete the registry key for the user under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList.  The key to delete is the users WOLFTECH SID.<br><br>
 +
# After translation is complete, log in to the machine and remove any softwares that were installed manually.  Also uninstall pdfFactory Pro 2.25 if it is on the machine, since this package does not uninstall properly when done automatically.<br><br>
 +
# If any assigned softwares do not install, gpupdate and reboot.  If they still do not install, or if they do not install properly, you will need to:
 +
#* Go into Control Panel -> Add/Remove Programs, and remove the offending program from the list if it is there.
 +
#* Open Registry Editor and navigate to HKEY_CLASSES_ROOT/Installer/Products.  Search through the keys under Products and find the key associated with the offending program (look for the program name under the string ProductName) and delete it.
 +
#* Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and start a search (CTRL+F).  Search for the name of the GPO associated with the offending program and delete any keys that match.  An easy search to perform is the name of the program preceded by a dash, for example, "-Wolfcall".
 +
#* Close Registry Editor, gpupdate, and reboot.
 +
#Where do you get your version of ECEW2K-SIDs.txt from?
 +
#*If you have a two-way trust and you know that the source accounts all match Unity IDs, you can simply do this: <SRC DOM>\<unityid>,WOLFTECH\<unityid>
 +
#*Exporting a list of userids from the source domain should be easy with your favorite LDAP client.
 +
#*If you have a one-way trust, you'll need to use the SIDs for the source accounts.  This is also easy to do with LDAP Browser.  Just export a list of sAMAccountName and objectSID.

Latest revision as of 09:03, 13 May 2008

The following is the procedure to migrate a computer from the ECEW2K domain to the WOLFTECH domain.

Computer Migration

The Computer Migration Wizard allows you to remotely migrate computers between domains. The following instructions explain how to use the Computer Migration Wizard to migrate computers from ECEW2K to WOLFTECH.

  1. Use RemoteDesktop to log in to the migration server (migration.ece.ncsu.edu). Log in using an account that is a member of the WOLFTECH\Computer Migrators group.

  2. The Active Directory Migration Tool will startup automatically.

  3. Right click Active Directory Migration Tool, and choose Computer Migration Wizard.
    Admt.jpg

  4. You should see the Computer Migration Wizard. Click Next.
    Admt-cpu1.jpg

  5. Choose the source and target domains as shown and click Next.
    Admt-cpu2.jpg

  6. Choose Select computers from domain and click Next.
    Admt-cpu3.jpg

  7. Choose the computer(s) to migrate and click Next.
    Admt-cpu4.jpg

  8. Choose the target OU to migrate the computer(s) to and click Next.
    Admt-cpu5.jpg

  9. Uncheck all the checkboxes and click Next.
    • Note: This only translates intra-forest SIDs, so it's no help to us.
      Admt-cpu6.jpg

  10. Choose the number of minutes to wait before rebooting the migrated computer and click Next.
    Admt-cpu7.jpg

  11. Keep the defaults and click Next.
    Admt-cpu8.jpg

  12. Keep the defaults and click Next.
    Admt-cpu9.jpg

  13. Click Finish.
    Admt-cpu10.jpg

  14. The Compute Migration Wizard will now migrate the computer account(s). When it finishes, click Close.
    • If it completes successfully, the number of computers finished will be equal to the number examined and there will be zero errors.
    • If there are errors, view the log for details.
      Admt-cpu11.jpg

  15. Open the Active Directory Users and Computers console. Add the computer to the necessary groups before proceeding.
  16. In the Active Directory Migration Tool Agent Dialog, click Start to run the pre-check.
    Admt-cpu12.jpg

  17. If the pre-check passed, choose Run pre-check and agent operation, and click Start.
    • If the pre-check failed, click View Migration Log for details.
    • Common problems:
      • Make sure the firewall is configured correctly.
      • Make sure WOLFTECH\Computer Migrators is a member of the computer's local Administrators group.
        Admt-cpu13.jpg

  18. Once the migration wizard completes, make sure Agent Operation shows Successful and Post-check shows Passed. Click Close to exit the Computer Migration Wizard.
    • If there were any errors, click View Migration Log for details.
      Admt-cpu14.jpg

SID Translation

The Security Translation Wizard allows you to update the SIDs from the source domain to the SIDs of the target domain in the ACLs. This allows you to migrate user profiles and permissions from the user's source domain account to the user's target domain account.

  1. Right click Active Directory Migration Tool, and choose Security Translation Wizard.
    Admt.jpg

  2. You should see the Security Translation Wizard. Click Next.
    Admt-sid1.jpg

  3. Choose Other objects specified in file. Click Browse and find ECEW2K-SIDs.txt located on the Desktop. Click Next.
    Admt-sid2.jpg

  4. Choose the computer(s) you wish to translate security on and click Next.
    Admt-sid3.jpg

  5. Check all the checkboxes and click Next.
    Admt-sid4.jpg

  6. Select Add and click Next.
    Admt-sid5.jpg

  7. Click Finish.
    Admt-sid6.jpg

  8. You should now see the Active Directory Migration Tool Agent Dialog. Click Start to run a pre-check.
    Admt-sid7.jpg

  9. If the pre-check passed, choose Run pre-check and agent operation, and click Start.
    • If the pre-check failed, click View Migration Log for details.
    • Common problems:
      • Make sure the firewall is configured correctly.
      • Make sure WOLFTECH\Computer Migrators is a member of the computer's local Administrators group.
        Admt-sid8.jpg

  10. Once the migration wizard completes, make sure Agent Operation shows Successful. Click Close to exit the Computer Migration Wizard.
    • If there were any errors, click View Migration Log for details.
      Admt-sid9.jpg

FAQs

NOTE: Be very careful when making changes to the Windows Registry, and do not delete keys unless you are certain. Do NOT make changes to Windows Registry unless you are comfortable doing so. Ask Patrick or Brian for assistance.

  1. If a user logs in with their WOLFTECH account before SID translation is complete, do this:
    • Delete the profile directory under C:\Documents and Settings (usually username.WOLFTECH).
    • Delete the registry key for the user under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. The key to delete is the users WOLFTECH SID.

  2. After translation is complete, log in to the machine and remove any softwares that were installed manually. Also uninstall pdfFactory Pro 2.25 if it is on the machine, since this package does not uninstall properly when done automatically.

  3. If any assigned softwares do not install, gpupdate and reboot. If they still do not install, or if they do not install properly, you will need to:
    • Go into Control Panel -> Add/Remove Programs, and remove the offending program from the list if it is there.
    • Open Registry Editor and navigate to HKEY_CLASSES_ROOT/Installer/Products. Search through the keys under Products and find the key associated with the offending program (look for the program name under the string ProductName) and delete it.
    • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft and start a search (CTRL+F). Search for the name of the GPO associated with the offending program and delete any keys that match. An easy search to perform is the name of the program preceded by a dash, for example, "-Wolfcall".
    • Close Registry Editor, gpupdate, and reboot.
  4. Where do you get your version of ECEW2K-SIDs.txt from?
    • If you have a two-way trust and you know that the source accounts all match Unity IDs, you can simply do this: <SRC DOM>\<unityid>,WOLFTECH\<unityid>
    • Exporting a list of userids from the source domain should be easy with your favorite LDAP client.
    • If you have a one-way trust, you'll need to use the SIDs for the source accounts. This is also easy to do with LDAP Browser. Just export a list of sAMAccountName and objectSID.