Monday, May 01, 2006

Pre-Migration III

Preparing the Source Domain

For the purposes of this document, the Source domain can be a Windows NT4, 2000 or 2003 domain.

Administrative Access:
Using Winzero AdminAccess verify that all computers including workstations, domain controllers and servers have the source domain’s Domain Admins Group as a member of the local domain Administrators Group. Install AdminAccess in the source domain verify or add the Domain Admin Group to every computer in the domain.

DNS Configuration:
Once the target domain’s DNS server is configured and running, configure the DNS network card clients of the source domain computers to point to the new DNS Server and add the new domain to the domain suffix list.

Install Winzero DNSReset in the source domain. Select all computers (servers, workstations and domain controllers and set the new DNS serve IP address as the primary DNS Server and set the domain suffix of the new domain as the first and primary domain suffix in the domain suffix list. The DNSReset change will over ride DHCP setting before the source computers are migrated to the target domain.

If the source domain is NT4 also add the IP Address of the NT4 WINS server to all computers in the source domain.

Create a Domain Local Group
Create a Domain Local group called DomainNetBiosName$$$ example: WINZERO$$$. Add 3 $ signs to the local group name. DO NOT add members to this group.

Password Policies
Check and verify that the minimum domain password policy and restrictions are greater or equally restrictive to any source domain password policy. Passwords will not migrate if the password policy of the target domain is more restrictive then the password policy of the source domain.

Registry Settings:
Check, add and verify the registry settings of the PDC or PDC emulator or FSMO server. (Usually the first installed domain controller in the source domain)

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: AllowpasswordExport
Type: DWORD
Set to: 1

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: RestrictAnonymous
Type: DWORD
Set to: 0

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: TcpipClientSupport
Type: DWORD
Set to: 1

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Key: MaxUserPort
Type: DWORD
Set to: 0x0000fffe (hex) or 65534 (decimal)

Posted by AMS at 2:32 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)