| Author |
Message |
Matthias V.
Guest
|
 Posted:
Fri Jan 07, 2005 6:05 pm Post subject:
Combination of MSDSS & ADMT? |
|
|
We have to migrate from Novell NDS and NT4.0 with NDS4NT to Windows Server
2003 Active Directory.
Is it possible to combine the two tools MSDSS & ADMT for a User Migration
and Synchronization, using the following procedure?
1.) Migration with MSDSS of the Novell User Objects with their Attributes to
ADS
2.) Migration with ADMT of the same NT4.0 (NDS4NT) User Objects with their
Attributes (SID, Passwords, fix group membership) to the same ADS User Object
(Merge with existing User Objects)
3.) Remove User Account Control Flag that user must change their passwords
at next logon
4.) Forward Synchronization with MSDSS: As soon as user changes their
passwords in ADS, the password will be synchronized with NDS.
Thank you very much for reviewing this procedure and giving responce.
Best regards,
Matthias |
|
| Back to top |
|
 |
Rebecca Chen [MSFT]
Guest
|
|
| Back to top |
|
|
Matthias V.
Guest
|
| Posted:
Fri Jan 14, 2005 7:09 pm Post subject:
RE: Combination of MSDSS & ADMT? |
|
|
Dear Rebecca,
thank you very much for all the internet links. The documentation is only
with native NT4.0 Domains or native Novell Environment, not the Combination
of both, right?
We have the SAM Database of our NT4.0 Domain redirected to Novell NDS with
NDS4NT (Account Management 2.1), therefore we need to migrate the NT4.0
Attributes (Password, SID's, Group Memberships) as well as the NDS Attributes
(User Profile Path, User Attributes like Phone-Number and Department....) to
one and the same ADS User Object.
I already described the way I want to go. The questions was, if the
combination of MSDSS & ADMT is supported or usable. I do not want to go an
unsupported way, because we have to migrate altogether more than 8000 User
Objects to Active Directory. (In our testlab with a 1:1 copy it worked very
good by now)
The most important think for this project is to keep the passwords for the
users, we cannot give the users a new one, because we are an international
air line, and Crew-Members are distributed all over the world, with changing
destinations.
Thank your very much in advance for your answer.
Best regards,
Matthias
"Rebecca Chen [MSFT]" wrote:
|
|
| Back to top |
|
|
Rebecca Chen [MSFT]
Guest
|
| Posted:
Mon Jan 17, 2005 4:35 pm Post subject:
RE: Combination of MSDSS & ADMT? |
|
|
Based on my further research, we don't recommend you migrate the NT domain
account to 2003 using ADMT, and then using MSDSS to migrate the Novell part
to 2003. There is no mapping relationship between the accounts in 2003
which are moved using ADMT and NDS separately.
We recommend you use MSDSS to synchronize Novell accounts to NT4 domain,
and then use ADMT to migrate user account and the password.
Here are some additional information:
ADMT can migrate all user accounts as well as their password from NT to
2003. ADMT supports password migration
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deploy
guide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/de
ployguide/en-us/dssbg_rent_erud.asp
MSDSS
=====
1. MSDSS enables interoperability between the Microsoft Windows 2000/2003
AD and Novell Directory Service (NDS) and NetWare 3.x Binderies.
Administrators can use MSDSS to establish synchronization between the
Windows and Novell directories or to migrate directory objects from NDS or
Bindery to Active Directory. So MSDSS works on the NDS with Windows NT
enviroment.
2. Can MSDSS be used to synchronize already migrated accounts?
We can use Microsoft Directory Synchronization Services (MSDSS) to
synchronize user accounts between a NetWare Directory Services (NDS) tree
and Active Directory. You can take a look at the following URL:
316226 HOW TO: Configure Two-Way Account Synchronization with Microsoft
http://support.microsoft.com/?id=316226
However we cannot do it in your situation. Because you move the accounts to
2003 using the ADMT instead of using the MSDSS. Because there is no mapping
relationship between the accounts in 2003 which are moved ADMT and NDS.
3. There is limitations on synchronizing the password between Widnows 2003
AD and NDS. This is mainly caused by that we do not know how NetWare
encrypt their password. if you use MSDSS to synchronize NDS and Windows
2003 AD, the password changing on the Windows 2003 AD will reflect on NDS
(We will send the password to NDS with clear Text). However if you change
the Password in NDS, it will not reflect on the Windows 2003 AD because we
are not able to read the password from the NDS database without knowining
how it is encrypted.
Here is more information of Netware and Windows 2003, you can take a look
for more information:
Microsoft Windows Services for NetWare 5.02
http://www.microsoft.com/windowsserver2003/sfn/default.mspx
NetWare to Windows Server 2003 Migration Planning Guide
http://www.microsoft.com/windowsserver2003/techinfo/overview/sfnmig.mspx
Since this is a critical consolidation plan and require a bit more in
depth attention and may fall under the umbrella of Advisory Services. I
suggest you contact our Advisory support to get more information about
this plan.
For more information on Advisory Services, please see the following URL:
http://support.microsoft.com/default.aspx?id=fh;en-us;advisoryservice
HTH!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in