Windows Thread, New domain data migration in Technical; Having been discussing virtualisation projects with a number of suppliers recently another idea has got into my head that might ...
2nd December 2010, 04:08 PM #1
New domain data migration
Having been discussing virtualisation projects with a number of suppliers recently another idea has got into my head that might be easier... rebuild from scratch rather than migrating the old domain onto a virtual infrastructure.
We've currently got two networks and I'm weighing up whether the ease of management of a unified teaching \ admin network outweighs the security of separation by wire.
If we went down the new domain route the main issue is how to seamlessly move department \ home drives over as well as Exchange.
Part of the issue would be that the current group names \ setup is really out of date now and would be an ideal opportunity to rebuild so a rough idea in my head would be something like...
- backup \ restore the shared drives to new network
- create new security groups as appropriate
- replace security permissions on restored folders to propagate all the way down with new groupings
- ownership... the owner on the files wouldn't match up to anything on a new domain so would it just be better to replace all with administrators group on the file server?
User folders would be a real pain as they're set up as one share per user at the moment (legacy setup not me!) so would have to somehow change that to the standard single share \ subfolder per user standard method... via script somehow I guess?
Exchange... could do the trick we did when migrating from 2003 to a fresh 2007 install and run an export command to send each mailbox to an archive in firstname.surname.pst format, which it then imports back in providing there's a user with the same name in the new AD it can match up to.
There's also an Exchange cross forest migration tool I've spotted but not sure how much work it would need for the old and new domains to be able to talk to each other?
The users could be done with an AD migration tool but then again it could well just be easier to get a list of current staff from personnel and recreate the accounts from CSV or equivalent. That way no legacy info from the old AD would get carried over.
Would be interested to hear from anyone who's gone down the rebuild route as now is probably our best chance to do it with new, virtual servers and shiny new OS
IDG Tech News
2nd December 2010, 10:52 PM #2
We did just that this summer.
Brand new LAN with new Virtualised Servers, new Client OS the works. You need a long summer to get it done, 10 pairs of hands and about 3x as much time as you actually think you do is the instant advice.
We built the new servers up outside the old LAN (on top of a filing cabinet in my office) and setup them as much as we could, then joined a couple of App boxes from the old LAN to the new LAN and then built workstation images etc from that point onwards.
Home areas were on a SAN connected to the old LAN so that was disconnect from AD and that LAN and reconnect to the new LAN and new AD, used various tools from Wisesoft for making new Users and doing the Home Drive permissions as well as the stuff built into the SAN (Sun / Oracle 7110) and it worked well.
Exchange was not too bad, well having to make a second 2010 box to allow an export and another new one to allow an import was a pain in the backside but got done ok and just added about a day to the migration. We did the export to PST and re-import from PST to the system and it was fine, no-one reported loss of emails or anything.
Users were all added back in from exports from the MIS, this cleared a lot of the clutter of old left staff and students, if your not in the MIS you didn't get an account to start with, and Wisesoft tools were used to turn the CSVs from the MIS into usernames (along with various clever formulae functions in excel). Profiles were all new from scratch so no-carry forth. Staff were asked to submit to the helpdesk if they wanted favourites carrying forth and they were manually done for them, but no ticket submitted = completely new from scratch.
Looking back now its been a great thing to do, and I wouldn't change my mind on doing it, BUT I would change the fact I did it in a short summer holiday, I also combined it with moving to Windows 7 on the clients, fitting 2 new IT rooms, refurbishing 3 more, moving to a new Database in the MIS (to remove various big issues in the old database), supporting Exams with the downloads of results etc... All of which made for a rather stressful 4 week summer! You want a full 6 weeks to do it and 2 or 3 of you to do it as a minimum and preferably as a main job for the summer / holiday and stick to it and just do that and not as many other things as we did.
This coming summer we are hoping for a fairly quiet one of re-image most of the PCs to give them a freshen up, and then things like housekeeping, tidying and all the things you say you will do when you get a quiet moment. By no means have we not got anything to do, but it will be nice to take it easy, we have all new Servers, fairly new workstations in many rooms, will have SmartBoards in all classrooms by that point (I hope!) so it should be a summer of maintenance and simple small updates and all the annoying jobs you put off doing.
(oh wait what is that in the sky, no its not snow its a pig flying.....)
Happy to answer any questions you may have that are specific just post here or drop me a PM and I can send you my details
2nd December 2010, 11:29 PM #3
Nice one and I know you are happy with what you have done.
We will be doing this in February next year over a period of 9 days 2 x weekends plus 5 holiday days (school holiday of 1 week) so hope everything goes well for us, we did have it set for September just gone but after discussions with SLT it was agreed because of the impending Ofsted we would hold off.
I do agree with you John in that the migration a new platform is always precarious and fraught with challenges even after careful planning but has been under proof of concept model for some time now and will be ready to drop into place.
All user accounts will be brand new and their work from the old network will be transferred along with the shared data stores.
Looking forward to it.
3rd December 2010, 12:15 AM #4
Do you think the AD with Exchange in it is broken in some way? Keeping the domain + users + Exchange, whilst doing whatever you want re. unwanted group memberships, OU structure/policy, file system structure etc. has got to be easier surely?
3rd December 2010, 10:42 AM #5
Would've been nice to start a clean slate rather than building on top of what's now quite an old domain (I think built on a Win 2000 base then upgraded over time) but the aggro of trying to remap all the file permissions is enough to make me prefer the tidy up route!
I've already got a new structure prepared side by side in AD, users in OUs that map to our current staff structure and workstations by room ID number so if we can get some new security groups set up, sort out the folder redirection & roaming profiles it will make a huge difference
3rd December 2010, 07:09 PM #6
Have you looked at the Wisesoft free tools, NTFSFix in particular, that was amazing for all my permissions it really isn't as bad as it sounds when you actually think a lot of its groups and quick to do and that tool helped me greatly.
Originally Posted by gshaw
6th December 2010, 09:41 AM #7
Its pretty easy to consolidate domains and create a new structure in active directory while everything is still running. I don't see the need for an entirely new domain.
This would take little over a morning to complete assuming your admin domain is pretty small. Ours was about 30 users so I just created them all new accounts on the curriculum domain and copied the data over beforehand. If you have a separate exchange server do the same process but use exmerge to output some psts and just create them new mailboxes and attach the data file.
Once your done with that just virtualize your current servers (again a very easy job) and then upgrade any active directory(a simple dcpromo job) or exchange boxes(run them in parallel or go with live@edu/gmail).
There's no point virtualizing the file servers so leave them how they are.
By duxbuz in forum How do you do....it?
Last Post: 26th February 2010, 11:01 AM
By pete in forum Windows Server 2008
Last Post: 6th November 2009, 05:18 PM
By adamf in forum Windows Server 2000/2003
Last Post: 3rd March 2009, 10:06 AM
By hmd01 in forum MIS Systems
Last Post: 10th December 2007, 06:02 PM
Last Post: 20th December 2006, 02:06 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)