Thursday, February 12, 2009

WADMigrator Premigration Checklist

Administrative Access:
Create a 2 way trust betwen each source and target domain.
Add both the source and targets Domain Admins group, the Enterprise Admins group to each domains Administrators group.

Create or select an account on the target domain and add it to Domain Admins, Enterprise Admins and Schema Admins Group.
Use the above account as the migration account to perform the migration as well as for the service account.
Enable this account to logon locally and run as a service on both the source and target PDC Emulator.

Domain Policy:
verify that IPFiltering is turned off on both domains
Verify that Windows Firewall is turned off as a group policy

DNS Configuration:
Once the target domain’s DNS server is configured and running, configure the DNS network card clients of the source domain computers to point to the new DNS Server and add the new domain to the domain suffix list.

Create a Domain Local Group:
Create a Domain Local group on both the source and target domain called DomainNetBiosName$$$ example: WINZERO$$$. Add 3 $ signs to the local group name. DO NOT add members to this group.

Enable Auditing:
Enable Account Management sucess and failure Auditing for both the domain and domain controller for both the source and target domain.
You will need to reboot the server for the auditing to take effect.

Register DLLs:
On the target domain PDC emulator register clonepr.dll.
Copy Clonepr.dll to the Windows directory from the WADMigrator working directory.
Open the command prompt
Type regsrv32 drive:\Windows\clonepr.dll to successfully register the dll.

Password Policies:
Check and verify that the source minimum domain password policy and restrictions less or equally restrictive to any target domain password policy. Passwords will not migrate if the password policy of the target domain is more restrictive then the password policy of the source domain.

After installation of WADMigrator Verify the following registry setting on both the target and sourec PDC emulators.

Registry Settings:
Check, add and verify the registry settings of the PDC or PDC emulator or FSMO server. (Usually the first installed domain controller in the source domain)

Key: AllowpasswordExport
Set to: 1

Key: RestrictAnonymous
Set to: 0

Key: TcpipClientSupport
Set to: 1

Key: MaxUserPort
Set to: 0x0000fffe (hex) or 65534 (decimal)


Mike said...

The Create a Domain Local Group: section seems vague. Should the Domain Local Group name be the NetBIOS name of source or target domain? In which domain? Both?


Winzero IT Hero said...

Create Domain Local Group - clarification.
In each domain, create a domain local group, using the netbios domain name followed by 3 $ signs.
Example in the source domain named DEV create a local group called DEV$$$ and in the target domain named ACME create a domain local group called ACME$$$