Active Directory Domain Migration Checklist

Before beginning an Active Directory migration, a number of mandatory requirements are needed to be in place in order to complete the migration successfully. These requirements are standards to meet both the requirements for Microsoft Windows migration and the ADUM Active Directory Migrator.

Download the Domain Migration Checklist

New Release: Winzero TakeControl

Winzero new product release: TakeControl allows administrators to gain administrative access to files, folders and shares without destroying the original permissions by appending the Administrators group SID to ACLs.

The Challenge
To gain access to files and folders, Administrators can take ownership and grant full access control permissions and rights to themselves if they want to modify, rename or delete these files or folders. During this process the original permissions are removed.

The Solution
Grant Administrators full control to files, folders or shares without taking ownership or destroying the original permission using Winzero TakeControl.

Avoid Take Ownership

Using standard Windows functions, if you must access a file or a folder that you do not have rights to, you must take ownership of that file or folder. When you do this, you replace the security permissions that were originally created for the file or folder.

Winzero TakeControl uses an append process to add the Administrators group with full control to each folder ACL and file ACL. without changing the original NTFS permission.

Download a fully functional trial version or learn more how TakeControl can help with profile migration and server migration projects.

Top 5 Interforest Active Directory Migration Tips

Migrating between Microsoft's Windows Active Directory forests can be an intimidating project. This article provides 5 Active Directory migration tips that are bound to save IT pros time and aspirin.

1. Plan, plan, plan

Planning is the best way to a smooth Active Directory migration.

The most common error is a lack of planning. Don't horribly underestimate the impact … an AD migration. Research the impact thoroughly and properly develop migration plans.

At the end of a thorough evaluation, IT pros will know their AD requirements for structure, security, bandwidth, hardware and timeline. AD is not forgiving, so it's easier to get it right the first time than try to clean up afterward.

2. Ask for help

Going it alone is a sure-fire way to blow it. Try not to reinvent the wheel.

Not asking for help before starting the project is asking for trouble and results in the same mistakes our experts have seen – and solved – many times.

3. Ensure redundancy

A lack of server redundancy can be the costliest of AD blunders. Except for single-server environments, a minimum of two domain controllers should be installed for load-balancing and failover.

4. Enlist expert support

Recruit a migration expert, as needed, at the start of the migration project to avoid pit falls. Keep the migration expert available, as required, during the begining phases of the project to help guide the success of the project.

5. Use advanced Migration tools.

There are 3 major migration software tools on the market from Quest software, netIQ and Winzero technologies.

Test the tools in a lab, compare cost to benefit and choose the tool that can more easily meet the challenges and issues what will be faced during the migration process.

WADMigrator Premigration Checklist

Administrative Access:
Create a 2 way trust betwen each source and target domain.
Add both the source and targets Domain Admins group, the Enterprise Admins group to each domains Administrators group.

Create or select an account on the target domain and add it to Domain Admins, Enterprise Admins and Schema Admins Group.
Use the above account as the migration account to perform the migration as well as for the service account.
Enable this account to logon locally and run as a service on both the source and target PDC Emulator.

Domain Policy:
verify that IPFiltering is turned off on both domains
Verify that Windows Firewall is turned off as a group policy

http://domainreconfigure.blogspot.com/search/label/Step%203%20Virtual%20Migration

DNS Configuration:
Once the target domain’s DNS server is configured and running, configure the DNS network card clients of the source domain computers to point to the new DNS Server and add the new domain to the domain suffix list.

Create a Domain Local Group:
Create a Domain Local group on both the source and target domain called DomainNetBiosName$$$ example: WINZERO$$$. Add 3 $ signs to the local group name. DO NOT add members to this group.

Enable Auditing:
Enable Account Management sucess and failure Auditing for both the domain and domain controller for both the source and target domain.
You will need to reboot the server for the auditing to take effect.

Register DLLs:
On the target domain PDC emulator register clonepr.dll.
Copy Clonepr.dll to the Windows directory from the WADMigrator working directory.
Open the command prompt
Type regsrv32 drive:\Windows\clonepr.dll to successfully register the dll.

Password Policies:
Check and verify that the source minimum domain password policy and restrictions less or equally restrictive to any target domain password policy. Passwords will not migrate if the password policy of the target domain is more restrictive then the password policy of the source domain.

After installation of WADMigrator Verify the following registry setting on both the target and sourec PDC emulators.

Registry Settings:
Check, add and verify the registry settings of the PDC or PDC emulator or FSMO server. (Usually the first installed domain controller in the source domain)

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: AllowpasswordExport
Type: DWORD
Set to: 1

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: RestrictAnonymous
Type: DWORD
Set to: 0

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Lsa
Key: TcpipClientSupport
Type: DWORD
Set to: 1

HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Key: MaxUserPort
Type: DWORD
Set to: 0x0000fffe (hex) or 65534 (decimal)

Winzero Releases WADMigrator

Winzero Releases the next solution in Active Directory Migration Challenges - Winzero Active Directory Migrator ensuring coexistence between migrated and un-migrated users, simplifing the migration processes with automated resource updating and continued support during and after the migration process.

Whether migrating to meet specific economic challenges or undergoing acquisition, mergers or divestitures, Winzero Active Directory Migrator provides the features necessary to meet your evolving needs and budget.