NetWare Migration Preparation Details
Updated: September 15, 2010
Applies To: Windows Server 2008 R2
Planning Deployment Steps
After you gain an understanding of the data and infrastructure analysis factors covered earlier, you should assess those factors, determine which are relevant to your network environment and goals, and decide which MSDSS migration strategy is best.
The information in this section provides additional detail for the steps included in the migration checklist found later in this document. You can refer to the checklist for a quick guide to preparing and performing a migration. Refer to the following sections for more information about checklist items.
Use the checklist included in this document as a basis for developing your own list of tasks to be performed, noting what is to be delivered and when. Identify the primary and secondary areas of implementation, especially if you must meet a specific deadline. It is essential to understand the implications of features that you plan to deploy in the future to develop a directory architecture that is able to incorporate these features with minimal or no redesign. It is important to understand that your migration from NetWare to Active Directory might involve additional steps or requirements not covered in this document. For that reason, it is important to carefully assess your needs and your existing network before proceeding with a migration.
After you develop a list of tasks, sketch out the specific steps that you need to take to prepare for the migration. The following section provides a general outline of those preparatory steps.
Before You Start
This section summarizes the MSDSS deployment preparation issues covered in this document and translates them into a list of steps. This section also assumes that you are familiar with the information presented in the paper MSDSS Deployment: Understanding Synchronization and Migration. Although this paper was written for Windows 2000 environments, it is a highly useful resource for understanding MSDSS concepts.
Before you implement an MSDSS migration, decide which tasks you can do concurrently and which you must do sequentially (depending on your situation, the order in which you do these steps might or might not correspond to this list). Refer to the “NetWare to Windows Server 2008 R2 Migration Checklist” section at the end of this document for a listing of the following items in a checklist format:
Diagram the network including hardware and software. Diagram the network and all its components. Identify which servers are file and print servers, Internet servers, mail servers, and database servers. Document servers thoroughly, including NetWare versions, transport protocols, and directory versions (Bindery or NDS).
Identify all types of information stored on the network, including its owners, users, locations, and security. Identify all types of information stored on the NetWare network (not just NDS or Bindery information), where it is stored, who is responsible for which information, which subsets of users have access to which data, and what the associated security requirements are.
Identify all Novell-dependent software. Before the migration begins, decide whether to replace all Bindery-, NDS-, or NLM-dependent software (such as NDS-compliant DNS, DHCP, and ZENworks) with Active Directory–compatible software (leading to a direct migration, or whether you want to continue to use some or all of the Bindery- or NDS-integrated services or applications (leading to a phased or staged migration). Be sure to include the e-mail system in this list. See the “Mail Systems” section of this document for more information on e-mail migration.
Determine the systems to be migrated. Determine which systems to migrate or decommission. Determine the affected users, groups, objects, folders, files, databases, and e-mail systems (GroupWise or others).
Review WAN/LAN links and their available bandwidth. Decide whether you can use fewer Active Directory domains than there are Novell partitions in the existing network.
Plan for future hardware, software, and network bandwidth needs. Research what additional functionality your organization plans to implement in the future. Factor these features into your migration planning (for example, when you plan namespace design, WAN links, and application software needs).
*Analyze the current and future namespace design*. Familiarize yourself with the current Novell namespace design and with Active Directory namespace design principles.
Create a test lab for design and migration testing. Set up a test lab that includes a restored copy of the Bindery or NDS Server and a Windows Server 2003 R2 domain controller with the Novell Client for Windows and the latest version of MSDSS.
Include examples of current and planned client workstations in the lab.
Install any Novell-dependent applications in the test lab and test their compatibility with your migration plans.
Perform a test migration of accounts, groups, and files.
- - Configure and test printing in the lab. - Review and adjust your migration plans as appropriate. It is expected that problems will arise in the test lab. The test lab helps to mitigate risks from the real migration to the live network. - Repeat a test migration to hone the process until you are comfortable with the results.
Modify namespace design if necessary. Decide whether you want the new Active Directory namespace to be identical to or different from the existing Novell namespace. If necessary, use NetWare administrative tools to update NDS containers and use Windows Server 2008 R2 Active Directory Users and Computers to create Active Directory OUs. Evaluate your choices in the test lab.
Evaluate custom directory object mapping (optional). If you are using the MSDSS custom object-mapping feature to synchronize objects between NDS and Active Directory namespaces that are structured differently, decide how you want the relationships mapped. Evaluate your choices in the test lab. Keep in mind that custom object mapping is not supported for Bindery.
Acquire new hardware and software. If necessary, acquire any new needed hardware. Purchase a Windows Server 2003 R2 license to use for your domain controller, and purchase a Windows Server 2008 R2 license. Download the latest version of Services for NetWare version 5.x (http://go.microsoft.com/fwlink/?LinkId=194999) which includes MSDSS. Acquire any Active Directory–compliant software that is needed to replace the Novell services-dependent software. Obtain the latest version of the Novell NetWare Client for Windows from the Novell Web site.
Installation location for MSDSS. Install MSDSS and Novell NetWare Client for Windows on the Windows Server 2003 R2 domain controller, and determine whether to remotely administer MSDSS sessions.
Choose a direct or staged (phased) migration. Decide whether to perform an immediate, one-time migration, or a staged migration over time (synchronizing Active Directory and your Novell directory during the transitional period). Evaluate your choice in the test lab. If you choose a staged (phased) migration:
List migration priorities. List the departments or other groupings, the software, and the hardware that you must migrate immediately, and which resources can be migrated over time. List the order in which you want to accomplish each stage
Choose one-way or two-way synchronization. Decide whether one-way synchronization (using Active Directory to manage objects in both directories) or two-way synchronization (using either Active Directory or NDS to manage shared data) is appropriate to the situation. Take network traffic into account. Decide the timetable for replacing any of the Bindery- or NDS-dependent software with Active Directory–enabled counterparts.
Identify containers and servers to migrate or synchronize. Identify the containers that you want to migrate or synchronize and the Active Directory and NDS or Bindery servers between which you wish to establish those relationships. Evaluate your choice in the test lab.
Calculate the required number of migration sessions and servers. Calculate the number of sessions needed to synchronize the desired NDS or Bindery objects. You can specify only one NDS container or Bindery server per session. All objects within that OU or Bindery server are synchronized. You can have up to 50 simultaneous sessions running on one domain controller and each session can point to a different NDS or Bindery server source.
Identify and obtain administrator accounts with sufficient permissions to successfully complete the migration. If you use synchronization, ensure that you have the required accounts with permissions to extend the Active Directory schema (even though MSDSS does this automatically, you must have schema-extending administrative authority). If you use two-way synchronization, ensure that you have the necessary permissions to extend the NDS schema.
When you set up a two-way synchronization session, you must have full administrator privileges to the entire NDS container in which you are creating the session. Ensure that these privileges are maintained for the life of the session—if these privileges are changed, objects may be deleted from one or both of the directories.
Choose the migration administrators. Decide who to add as a member of the MSDSS Admins group that is created automatically when you install MSDSS. Choose the users to whom you plan to delegate specific MSDSS administrative tasks.
Recruit a pilot group. Unless your organization is small and you are sure you can implement migration or synchronization without help, recruit and train a group of technically oriented users willing to help test a pilot implementation and to support other users.
Educate users. Explain to the main body of users what to expect and schedule any necessary training. Ensure that they understand how passwords are handled. The preferred method for password management is to administer passwords from Active Directory only. This requires that clients log on to Active Directory. You can control passwords from Active Directory in both one-way and two-way synchronization.
Back up and test restore the NetWare system and user data. Back up and then perform a test restore to ensure that the backup media is functional if a system restore is required.
Install and configure a Windows Server 2003 R2 domain controller. This is the computer on which MSDSS is installed. After you install Windows Server 2003 R2, apply the latest Service Packs and hot fixes.
Create a second Windows Server 2008 R2 domain in a new forest, and set it up as a Windows Server 2003 functional domain. This makes it possible for you to join the Windows Server 2003 functional domain to the Windows 2008 R2 Server.
Install the Novell Client for Windows. Install the client on the Windows Server 2003 R2 domain controller. You can download the client from the Novell Web site. For detailed step-by-step installation instructions, including screen shots and screen-by-screen explanations for installation on the domain controller, see the “Installing Novell Client for Windows on an Active Directory Domain Controller” section of this document.
Install MSDSS. Install MSDSS on the same Windows Server 2003R2 Domain Controller on which Novell Client for Windows was installed. MSDSS can be found as part of the Service for NetWare 5.X download on the Services for NetWare version 5.x Web site (http://go.microsoft.com/fwlink/?LinkId=195015). For detailed step-by-step installation instructions, including screen shots and screen-by-screen explanations, see the “Installing MSDSS on an Active Directory Domain Controller” section of this document.
Change the functional level of the forest. After successfully migrating directory and file information from NetWare, remove the Windows Server 2003 R2 computer as the domain controller, and change the functional level of the forest to Windows Server 2008 R2.