How do you do....it? Thread, Move from CC3 to Vanilla in Technical; Hey guys,
If I have a large CC3 network 500ish XP clients and I want to move to a vanilla ...
12th October 2010, 10:48 PM #1
- Rep Power
Move from CC3 to Vanilla
If I have a large CC3 network 500ish XP clients and I want to move to a vanilla XP/7 network in 6 weeks how is best to go about it? My initial ideas are to:
1. Setup a brand new server 2008 R2 as a new DC for a brand new domain.
2. Some how try to migrate existing active directory over to new DC
3. Simular process for mail server etc
4. Run some script on the existing clients to join them to a new domain.
5. Test things are working
6. Gradually upgrade to 7 a classroom at a time and provide staff training to be relayed to students.
What do you think? Is this the best way to go about it or is there any kind of inplace upgrade path I can make?
12th October 2010, 10:56 PM #2
6 weeks isn't a very long time but if you have this time dedicated you should be fine.
I'd firstly tell you you won't be able to run any script to move them from a CC3 domain to your vanilla one without incurring problems with the RM Software so it's going to be a reinstallation of windows job which probably isn't a bad idea and your PC's will thank you for it. It does however mean you need to have a plan in place for your builds ... consider something like FOG (free opensource ghost) if you want to do it for free en-mass.
My personal view again from an RM perspective would be to build your domain on a separate network switch with a couple of workstations, get it up and working and sort out your policies etc to cover application deployment and all that other stuff CC3 does for you. Be aware that Windows 7 has different requirements for profiles (v2) than XP so it won't be a 'smooth' transition between these meaning everyone will end up with two profiles. Unless you go mandatory in which case it's less relevant, have you considered your profiles?
You're going to have a busy time ahead, do you have a 'deadline' of 6 weeks or is this a target on yourself?
There's a lot to be done but there's lots of helpful people on here to assist, how much downtime have you factored in?
12th October 2010, 11:30 PM #3
- Rep Power
Well we have the unofficial go ahead from SLT I was hopeing to implement over summer 2011 but if I could do it any sooner than that would be better. I haven't yet considered profiles as I will stay at XP until the CC to vanilla transition is complete.
I was planing on asking all of our staff to copy any documents that they cant bare to be without over the transition period onto a memory stick and leave there laptops alone over the holiday, so that they can do there work. This would mean though that after the holiday no staff laptops will be working which is a big problem.
After the CC to vanilla transition I hope to upgrade a classroom at a time (to start with) and ensure everythings working.
13th October 2010, 12:35 AM #4
Important question: What's the "mail server"? Exchange or something else? And do you have any other service kicking around on CC3 domain member servers?
I would recommend a new domain, but subject to what you've got now that might involve truckloads of icky migration work you could avoid by recycling the current one. It's not too hard to keep AD with the bits you want and ditch the RM stuff (apart from a few completely harmless attributes), but I wouldn't contemplate that if the system has had a rocky history. In either case you will need to rebuild all workstations/laptops with whatever tech you pick for your new system.
PS: Personally I'd either go to Win7 everywhere (which may kill some of your apps), or XP everywhere and leave Win7 as an incremental phase #2 when it's all settled down
PPS: Make an R2 VM and a couple for workstations and start designing/playing with file system structure, AD structure and GPOs (hint: especially GPPs) ASAP.
13th October 2010, 08:29 AM #5
Further to before what is the driving force behind switching (nobody need chip in here with RM bashing), cost? functionality? existing problems?
I think it's going to be a bit of a nightmare at this time of year and it may serve you better hanging fire until the summer or at the very least spending this time researching alternative functionality providers for the bits RM does.
Not trying to kill joy your plan but I think not long into the term it's a little bit wild to do this (unless there's some rationale behind it other than because it looks shiny) and don't rely on your users to back up their data, they will say they did but won't have and it will be a large problem to fix.
I do think getting this set up either virtualised or in its own isolated area will be a good start for you and will take a lot of the stress out of the situation when you go live.
I also completely echo everything PiqueABoo says above.
13th October 2010, 09:33 AM #6
This summer I completed a transition from CC3 to a vanilla network. My approach was different: I kept the existing domain. Having done it I can say it is absolutely feasible, and actually much less hassle in my opinion. The first step was simply to create new OUs with inheritance disabled in GPMC and then linked/created only the group policies I wanted that were not RM specific. In this way you can essentially set up a 'fresh' subsection of AD that isn't affected by any RM policies.
I chose this having done a domain migration once in the past, and knowing that moving user accounts and other AD objects from one AD to another is not a trivial process. File share permissions are also a hassle; if you are planning a slow transition, you have to allow for both domains to have access to the same set of user files at the same time as there is no guarantee a student wouldn't log on to a Windows 7 machine one lesson and then a CC3 machine the next.
As well as eliminating these hassles, my method also meant I could introduce Windows 7 clients without having a separate DC. I actually moved an entire quarter of our clients to Windows 7 while still running on the RM DCs. Only once it came to the 'big push' in the summer did I introduce new DCs and phase out the RM ones.
2 Thanks to AngryTechnician:
Butuz (13th October 2010), Oaktech (15th August 2013)
13th October 2010, 10:03 AM #7
I have to agree with kmount here. We are doing a CC4 > vanilla switch and had been asked if it would be possible to do it in the october half term. while this is possible it's not ideal so we've requested it be put off until summer when we will have time to do it and fix any errors that may arise, and also gives time for us to plan a best course of action.
if you could get a server in before the summer, you could then build it as a DC for the new domain, re-create active directory (i'd do that rather than migrate) and import users (from MIS) and you can then hook up a machine to test it with and see it works as expected.
if budget allows, buy in as many servers as possible if you can replace them to start rebuilding to vanilla. also try to take machines out of action now to build ghost images, which you can then archive and rebuild the machine to cc3 after.
we are implementing a hybrid system in october that will see us through to summer, PM me if you want more details as i'd rather not go into RM bashing here as kmount said, so a PM would be easier
13th October 2010, 10:04 AM #8
That sounds like a really good way of doing it AngryTechnician!!!! Any chance you could take a screenie of your new OU layout in AD U & C's?
13th October 2010, 10:06 AM #9
@AngryTechnician: Incredibly cheeky, but if you were to do a write up or have any documentation about the process you went through I would be hugely interested.
Thanks to TechMonkey from:
Butuz (13th October 2010)
13th October 2010, 04:40 PM #10
This is what ADUC looks like now at the top level:
OUs in red are ones I added.
- Clients contains all the Windows 7 computer accounts
- Groups contains all the non-CC3 groups I created
- People now houses all my user accounts
- Robots contains accounts used by automated tasks or devices that require an AD auth
- Servers contains all my non-CC3 member servers
Obviously you'll only have the Exchange one if you have onsite Exchange. Each of the OUs that contains accounts of some kind has Block Inheritance ticked in GPMC.
Most of the CC3 stuff is actually still sitting dormant inside Establishments... just haven't gotten around to clearing anything out yet except the Computer and User accounts. The OUs I use only have links to GPOs that I have created at this point.
Dealing with the user accounts is an interesting (but easily solved) problem since until you migrate everything away from CC3, you still need all the user accounts sitting under Establishments with all the RM GPOs applying. To get around trying to deal with RM user policies applying on a Windows 7 workstation, I attached my own user GPOs to the OUs with the computer accounts in, and used Loopback processing with replace. This means it will basically ignore the RM user policies whenever that user logged onto a Windows 7 machine, and use the settings I had defined instead.
3 Thanks to AngryTechnician:
Butuz (13th October 2010), PiqueABoo (13th October 2010), Tara (7th August 2013)
13th October 2010, 04:49 PM #11
I'm hoping to get the go ahead for this in the coming weeks. Hope to have 2 brand new servers arrive before the end of the year which I will configure on their own network, setting up accounts, permissions, services etc etc.
Also create images for machines, MSI's etc without affecting anyone. Was part of a team that did this at my old school in 8 days - because everything was done server side before the change over the hardest part was copying data across and imaging machines.
My plan is also for summer, but hoping to be completed within a couple of weeks if everything is configured correctly.
It was tough with 3 of us. Gonna be even harder on my own for a similar size network.
God loves a tryer!
Thanks to Hightower from:
Butuz (14th October 2010)
13th October 2010, 04:50 PM #12
The documentation I have for the final migration is basically just my internal checklist of things to do... some of it has links to documentation, but a lot of it is stuff that I already knew by heart so didn't write down how to do it (maybe lazy practice but how many of us document all of our one-time processes?)
Originally Posted by TechMonkey
If I have time (hah!) to clean it up at some point I will get back to you. It's also not a complete checklist as I'd been making gradual changes in advance for about a year with the eventual migration in mind...
2 Thanks to AngryTechnician:
Butuz (13th October 2010), TechMonkey (14th October 2010)
13th October 2010, 11:12 PM #13
Well I did allow for existing CC3 domain recycling in my earlier post It's a case of weighing up a variety of pros and cons for each approach and those are overwhelmingly site specific (to include local politics). I wouldn't want to do gradual at all, but as above an Exchange would give me pause for thought re. a new domain, as would any serious investment in account/group permissions in any network service or parts of the file system. Anyway since you're doing the recycle angle..
My approach was different: I kept the existing domain.
What I like best about a new domain is almost psychological in nature i.e. there seems to be a much better chance of folk using different, and one hopes better, approaches when they start with a blank slate. More pragmatically you know what *all* the deltas are i.e. you made all those changes to the OOTB defaults and know why you changed them.
Share/folder permissions wouldn't bother me simply because I wouldn't have very many shares. You can design it so you don't have a zillion per user shares, especially if it's Win7 & 2008 R2 where thanks to SMB2 you can get sensible numbers for folder quotas from sub-folders below shares. I would also want a script (or something) that resets user profile/home folder permissions regardless - one you might make to sort out permissions after copying lots of user folders from the CC3 domain can be reused later should for instance, an Admin need to start fling folder/files into user folders and subsequently need to get the permissions/ownership reset to the relevant users.
With either approach, I will always maintain that the most significant area in terms of time & effort is the GPOs/GPPs. CC3 has a lot of policy settings for generally good reasons and if you want a credibly comparable D-I-Y system you'll need a similar number .. and likely have to think quite hard about the best approach to more than a few of them.
Last edited by PiqueABoo; 13th October 2010 at 11:14 PM.
20th January 2011, 03:22 PM #14
- Rep Power
I did something similiar last summer hols, only we moved from a server 2003/XP network to a Server 2008/7 network. This involved new servers for domain controllers. We did as has been previously mentioned and built the DC before the hols and had a workstation setup to iron out all the GPO's (which we were building afresh), it also involved a new cab for all the switches which meant repatching.
I`m happy to say we did and all 80 workstations and 30 laptops were built and running and users could log in by the start of term, we did have to work an extra day at weekends here and there.
We did plan it like a military operation and has certain jobs to be complete by certain dates. What I also found really usefull while we were building we had flip chart paper on the walls of our ict suite (our base of work) detailing all the jobs and when they needed to be compled by, we simply put a cross through the ones we'd finished, this helped me keep track of where we were in the build.
It can be done, just it needs planning really well, and documenting well (cause u`ll forget what you'v decided).
One more thing take pictures of the work your doing so you can show staff, some of them think the fairies come over the hols while techies put thier feet up, and it shows them all how much work is involved in these types of projects.
20th January 2011, 04:06 PM #15
We've just gone from CC3 to vanilla xp (700)/7 (300) and 2008r2. However we spead the transition out over an entire year running two in parellel and trasitioned staff and their laptops before any students. During the year we nailed down student GPOs and software, images, duplicated packages and support systems before summer rebuild to new domain and just moved the file servers over and used scripts to correct any mistakes.
Biggest issue was exchange 2010 running on new domain and farming mail out to the old 2003 exchange servers, fiddly but possible.
Currently decommisioning the old RM servers with no clients now. Which brings a smile to my face.
Last edited by Theblacksheep; 20th January 2011 at 04:09 PM.
By mcnallyfc in forum How do you do....it?
Last Post: 8th October 2010, 11:39 AM
By mcnallyfc in forum Network and Classroom Management
Last Post: 30th July 2010, 10:52 AM
By Butuz in forum Network and Classroom Management
Last Post: 9th February 2010, 10:50 PM
By mikeglover in forum Windows
Last Post: 20th October 2009, 04:25 PM
By gybe78 in forum Network and Classroom Management
Last Post: 31st July 2008, 01:46 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)