Moving away from CC4- Migrate network or simply shift OU's?
The College has decided to move away from CC4 to a vanilla network for reasons I won't go into here.
What we havenít decided on yet is how to achieve this. There are two methods we have discussed.
My preferred option is to build a clean network in the background, on virtual servers on itís own VLAN, and test heavily in the isolated environment, with help and input from the users. When the network is good and ready, during the summer holiday, turn the CC4 network off and move the vanilla network onto the main infrastructure.
Based on the CC4- CC4.3 migration that happened here, this would involve 1 week of complete downtime, 1 week of limited data whilst I restore it to the new domain, and from then on computers would need to be rebuilt, so staff would be restricted to where in the school they could work (not a massive issue in the summer holidays.)
There is a lot of work involved with this route, but on the whole the clean break from the upgraded CC4 network to the CC4.3 network has paid off massively, in that I am no longer fighting issues each week caused by the upgrade, some of them which were very long and drawn out. I am very keen to avoid fighting unknown issues for the next x amount of years.
My colleague's preferred method is to create new OUís in Active Directory, as much of the RM network group policy is contained in the establishments OU. In the new OUís, our own group policies can be set up and configured, and computer and user objects instead moved to there. The network in theory could be gradually migrated across, moving users/ computers into the OUís a few at a time. Also, there would be no issues with moving data or NTFS permissions (see below!) as all the groups SIDís will stay the same.
When we did the CC4> CC4.3 migration (which used method 1), the first 2 months of term were disruptive, and my colleague seems determined to avoid this at all costs. While I want as little disruption for the College as possible, I would rather see 2 months of teething issues than years of hidden faults that will be a nightmare to resolve. Those 2 months of disruption are nothing compared to the 3 years that followed our initial CC4 install.
The two big issues with the migration were self inflicted- we went from about 30 Windows 7 stations to the whole site as Windows 7, yet no-one had tested all of the remaining software for Windows 7 compatibility. I had also put 'check remaining NTFS permissions' on the gant chart I created and assigned the task to someone else, but this wasn't carried out properly, so when the users came back there were quite a few issues accessing shares. We have learnt from this and it wouldn't happen again.
I feel the second method of a gradual migration will cause issues further down the line, and lingering RM components still on the network could cause issues and making solving what would normally be a simple Windows network problem more difficult. However, I canít give technical details of what these issues might be. I have some incline as to what could go wrong, but as I donít know in as much detail as RM how CC4 works, and I only have 5 years networking experience under my belt. I feel Iím not best placed to answer these questions. Thereís also things I couldíve missed out. I would greatly appreciate the community's opinion on what could go wrong using the second method to move away from CC4 -or even if they think it would work well and I'm coming from it the wrong way
Some of my inclines as to what could cause issues include:
ē Settings that could still be in the Default Domain Policy, which is outside the Establishments OU
ē Changes RM have made to the active directory schema
ē The CC4 build process interfering with WDS
ē Does CC4 write anything into the user profiles that would be undesirable to carry forward onto a vanilla network (e.g: custom RM reg settings in the NTUSER.pol files?)
ē RM software components still running on the servers after we move the computers and users out of the OUís (e.g: the RM database)
ē What changes have RM made to the registry on the servers? Given how service host issues have caused issues with basic Windows features in the past (e.g; logons)
ē What happens if we move users into the new OUís and they roam between computers still on CC4 (where settings are applied by custom ADM templates that control the RM software) and non-CC4 stations?
ē How well will we be supported in this configuration? From our meeting with some RM guys, it seems that this has not been attempted before, it has always been a clean migration
The above list isnít meant to be exhaustive, itís just some thoughts that came to mind. I am really interested to know what you guys think that I've missed out/ am struggling to explain