31/10/2000 NT Domain - AD Migration - JLab 2000

NT DOMAIN - ACTIVE DIRECTORY MIGRATION

Michel Jouvin

LAL Orsay

Jouvin@lalin2p3.fr

31/10/2000 NT Domain - AD Migration - JLab 2000

Outlines

• Current domain infrastructure

• Migration options and requirements

• Server migration status and perspectives

• W2000 Pro upgrade

31/10/2000 NT Domain - AD Migration - JLab 2000

NT Domain Infrastructure...

• One domain : LAL– 130 machines– 300 user accounts

• 7 servers– 1 PDC (NT)– 3 BDC (2 NT + 1 VMS)– 3 autonomous server (Samba/Unix + Axis CD

server + NT Terminal Server)

31/10/2000 NT Domain - AD Migration - JLab 2000

… NT Domain Infrastructure

• Home Directories and Experiments space on Samba– Served by main file server

• Printing server on Unix– Access through LPR

31/10/2000 NT Domain - AD Migration - JLab 2000

Migration Options

• Create a new domain with trusted relationship– + : No impact on running domain resources– - : 2 different domains for users

• Migrate domain rather than create a new one– + : management easier, only 1 domain for users– - : impact in case of migration problem

31/10/2000 NT Domain - AD Migration - JLab 2000

Migration Requirements

• Keep LAL as domain name– Put W2000 nodes in our main DNS domain

(lal.in2p3.fr)• Also avoids double registration of host name

– Keep Unix DNS as our master server for lal.in2p3.fr zone

– Impossible to do with a new domain

• Run in mixed mode until we can downgrade VMS to autonomous server

31/10/2000 NT Domain - AD Migration - JLab 2000

Migration Status

• Migration of existing domain in progress– 2 NT machines already migrated, last NT soon

• No interoperability problem with NT stations

• Main problem : VMS Pathworks– Need to be at least a BDC– Had major interoperability problem with 7.2A

(SAM replication failure)– Has minor problems with last patches

31/10/2000 NT Domain - AD Migration - JLab 2000

DNS integration...

• AD internal information in sub-zones of AD domain DNS zone– mainly service location (SVR records)– Sub-zone names start with _

• Need to create required sub-zones manually– lal.in2p3.fr DNS master is a secondary for AD sub-

zones• Bind v8.2 on Unix

– W2000 is mastering AD sub-zones

31/10/2000 NT Domain - AD Migration - JLab 2000

… DNS integration

• DNS dynamic updates not (yet?) activated for host names (main zone)– Tested and seems to work

• Error messages logged on master DNS

• AD server acting as a proxy for updates

– Need to upgrade our DNS management tools• Use comments in DNS database lost during

dynamic updates

31/10/2000 NT Domain - AD Migration - JLab 2000

What Next ?

• DFS– File naming independent of location

• Kerberos– Tru64 (v5.1) has a single logon capability

• LDAP integration ?– Currently 2 LDAP servers :

• 1 for ou=people,ou=lal,o=in2p3,c=fr

• 1 for o=lal,dc=in2p3,dc=fr

31/10/2000 NT Domain - AD Migration - JLab 2000

W2000 Pro Upgrade Status

• No plan for a wide upgrade– Some hardware don’t fulfill min requirements– Some software missing or have problems

• Ex : AFS client, Netscape

• New PCs : W2000 since last summer– Group policies configured for deployment of all

supported applications– Some apps already upgraded through GPs

• Ex: Exceed v6 -> v7

31/10/2000 NT Domain - AD Migration - JLab 2000

W2000 Pro Upgrade Strategies

• Upgrade through SMS : evaluation phase– Should not be a problem for the OS– Impact of group policies on installed applications

• Applications will be reinstalled• What happens if newer version (Office, Exceed)

• Reinstallation from scratch– No ‘previous state’ problem– Preferred when there is not too much local data