Migrating NT4 and 2000 Servers to new 2003 Active Directory Domain

Discussion in 'Server Migration' started by Kimberly Pace, May 20, 2005.

  1. I have successfully migrated most all of our 3000 users and workstations to
    our new domain structure and am getting read to migrate approximately 75
    servers. To help prep for this I am having a meeting with our developers and
    dba's to learn more about each server's environment.

    I was wondering if you might have any suggestions on questions I should ask
    them or have insight to known troubleshooting issues. I am concerned about
    the system accounts SQL runs on -- some are local and some are domain
    account. Also, when I migrated workstations with a personal SQL server,
    often times, SQL had to be reinstalled as it did not recognize the user and
    the one who installed it originally. Will this happen on the servers? I also
    encountered this issue with Palm Desktop installs and sometime MS Office.

    If they used integrated windows authentication with the old domain global
    groups, will that automatically translate to the migrated globabl group, or
    will the dba's have to change it manually? If they translate, will I
    encounter a problem once I turn off SID history?

    I can't really create this environment in a lab. Many of these systems
    support our county hospital and clinics and don't tolerate downtime very well.

    Thank you.
    Kimberly
     
    Kimberly Pace, May 20, 2005
    #1
    1. Advertisements

  2. Hello,

    Thanks for your post.

    In your post, you mentioned that you have successfully migrated most all of
    your 3000 users and workstations to our new domain structure. I want to
    know how do you achieve the goal. Do you fullfill this by using ADMT?

    In the mean time, based on your post, I understand you have two concerns as
    following:

    Q1: I am concerned about the system accounts SQL runs on -- some are local
    and some are domain account.

    We know SQL has two types accounts and the migration method should be
    different from which account you use on different SQL Servers. It would be
    better that the DBA manually change the account to startup the service.
    However, this is a SQL Server related question, please post this question
    to SQL newsgroup since the SQL server experts will provide more accurate
    information on this:

    Microsoft.public.sqlserver

    With regards to migrating the computer local account, I have searched in
    Google and found a third-party application called Member Server Migrator
    can fulfill this goal:

    Member Server Migrator (MSVR-Migrator)
    http://www.winzero.ca/MSVR-Migrator.htm

    Winzero MSVR-Migrator makes it simple to seamlessly migrate local users,
    passwords, local groups, folders and shares from Windows member server to
    member server while keeping security and rights intact.

    Note: The third-party product discussed is manufactured by a vendor
    independent of Microsoft; we make no warranty, implied or otherwise,
    regarding this product's performance or reliability.

    Q2: If they used integrated windows authentication with the old domain
    global groups, will that automatically translate to the migrated global
    group, or will the dba's have to change it manually? If they translate,
    will I encounter a problem once I turn off SID history?

    I would like to confirm do you mean you want to migrate the old domain
    global groups to the new domain or the old domain global groups in SQL
    Server?
    If you plan to migrate the old domain global groups to the new domain, it
    is possible that some built-in groups cannot be migrated to the new domain,
    you can use ADMT Group Account Migration Wizard to migrate Global Groups.
    Please take a look at the following article to see if it addresses your
    concerns:

    Migrate Global Groups
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
    t/ceb758de-f2ed-4d74-88f5-77638383a6ee.mspx

    Related to problem if you turn off SID history during migration, please
    refer to the following article:

    Migrating Accounts Without Using SID History
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
    t/cea85aee-f4bb-4b2d-b457-97cb118da725.mspx

    For more references related to SID history migration:

    How to Troubleshoot Inter-Forest sIDHistory Migration with ADMTv2
    http://support.microsoft.com/default.aspx?scid=kb;en-us;322970

    For more reference related to ADMT:

    Active Directory Migration Tool Overview
    http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt.
    asp

    326480:How to Use Active Directory Migration Tool Version 2
    http://support.microsoft.com/?id=326480

    HTH!

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
     
    Amanda Wang [MSFT], May 23, 2005
    #2
    1. Advertisements

  3. Thanks for the response. I will check with the SQL group as well. I also
    think getting DBA's involved is my best bet. I will also look into that 3rd
    party migration tool -- although I have been very happy with ADMT so far.
    Out of 3000 workstations/users, I only had 3 computers that wouldn't
    cooperate and had to manually be brought into the new domain.

    es, I used ADMT for our migration. I migrated all domain global groups
    first. Then, migrated users and their corresponding workstations based on
    location. Now I am getting ready to migrate the servers.

     
    Kimberly Pace, May 25, 2005
    #3
  4. Hello,

    Thanks for your update and let me know the process on your side.

    Anything update, please keep in touch. I'm very glad to help you.

    Thanks & Regards

    Amanda Wang [MSFT]

    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    ====================================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================================

    --------------------
     
    Amanda Wang [MSFT], May 26, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.