Resolving Migration Conflicts
Applies To: Windows Server 2008 R2, Windows Server 2012
Resolving migration conflicts
During migration, conflicts may occur when Server for NIS attempts to merge incoming user accounts, groups, and computer names into classes that already exist in Active Directory Domain Services (AD DS). Conflicts can also occur because Server for NIS allows one Network Information Service (NIS) domain to merge with another NIS domain that has already been migrated to Server for NIS.
For example, consider a passwd map source file being migrated to Server for NIS. A UNIX user name johnwood is in the map to be migrated. If there is no existing user with a user name of johnwood , migration of this user to Server for NIS is simple. If there is already a user with that user name previously migrated from another NIS domain, a conflict occurs.
When the NIS Data Migration wizard encounters a potential name conflict during migration, it resolves the conflict by prefixing the name being migrated. If the name being migrated is a user name, the prefix consists of the NIS domain name plus the characters _u_ . If the name being migrated is a group name, the prefix consists of the NIS domain plus the characters _g_ . This allows the migration to complete even if there is a conflict.
For example, if you are migrating a user named johnwood in an NIS domain named mktg , and a user with the same name was previously migrated from another NIS domain, then the user name of johnwood in the mktg domain is changed to mktg_u_johnwood during the migration.
When conflicts occur, examine the migration logs and determine how to handle each conflict. Consider whether the conflicting name represents the same user or group in both domains, or different users or groups. If not, it is recommended that you rename one or both users or groups. If they do represent the same user or group, then you will need to decide whether the user or group must be in both domains (in which case, at least one of them must be renamed) or whether you can delete the user or group in one of the domains.
Instead of correcting the conflict after the domain migration has occurred, you can prevent the conflict (such as by changing the name of a user or group in the NIS domain).
By default, the NIS Data Migration wizard performs a test migration. During this process, Server for NIS performs the steps required to migrate an NIS domain to AD DS, but does not actually modify AD DS. Server for NIS records expected migration results in a log file. If potential conflicts are found, you can resolve conflicts before performing an actual migration.
When identical names are detected during a test or actual migration, the conflict can be logged to a conflicts log file, which lists conflicts that occur during the migration of a map. If a conflict occurs, the conflicts log file lists the NIS entry to migrate, and the existing entry in AD DS. In the following example, the conflicts log file reports no conflicts in the migration of the passwd file.
-------------- ## Tue Jun 1 16:22:47 1999 : Conflicts between entries from map file 'passwd' and existing entries in Active Directory. ## -------------
In the next example, the conflicts log file reports a conflict in the migration of the map. It lists the existing entry in AD DS, and the new entry to migrate with which the existing entry has a conflict.
------------- ## Tue Jun 1 16:22:52 1999 : Conflicts between entries from map file 'aliases' and existing entries in Active Directory. ## EXISTS : having DN = 'CN=al1,CN=nisadmin,CN=DefaultMigrationContainer,DC=nis, DC=sfu,DC=nttest,DC=microsoft,DC=com' OLD : staff:wnj,mosher,sam NEW : staff:pradeep,peter,wjs -------------
According to the file, the staff map exists in AD DS. The entry in AD DS is different from the new entry to add. You can change the name of the alias staff either in AD DS or in the map source file; that is, the plain text file from which the NIS map database is compiled. You can also preserve or replace the existing entries by using settings in the NIS Data Migration wizard.
In addition to a conflicts file, you can specify a log file where all migration operations are logged. The following is sample output of a migration operations log file.
## Start of NIS to Active Directory migration of 'passwd' @ Tue Jun 1 16:26:21 1999 ## MESSAGE : Migrating 'passwd' entries from UNIX NIS domain 'nis01' to Active Directory domain 'CorpDomain.' SUCCESS : Migration of object 'nis0101' of class 'User' into 'LDAP://localhost/CN=Users,DC=nis,DC=sfu,DC=nttest,DC=microsoft,DC=com'. SUCCESS : Migration of object 'nis0102' of class 'User' into 'LDAP://localhost/CN=Users,DC=nis,DC=sfu,DC=nttest,DC=microsoft,DC=com'. ## Start of NIS to Active Directory migration of 'passwd' @ Tue Jun 1 16:41:46 1999 ## MESSAGE : Migrating 'passwd' entries from UNIX NIS domain 'conflicts' to Active Directory domain 'conflicts'. CONFLICT : Can't migrate 'nis0101' to 'LDAP://localhost/CN=Users,DC=nis,DC=sfu,DC=nttest,DC=microsoft,DC=com'. An object having same attributes(name/uidNumber/gidNumber) exists at 'CN=nis0101,CN=Users,DC=nis,DC=sfu,DC=nttest,DC=microsoft,DC=com'.