VPRC Domain Migration - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

VPRC Domain Migration

Description:

VPRC Domain Migration Migrating resources from the VPRC domain to the ASURITE domain. Initial Plan VPRC Domain: Windows NT 4.0 multi-master domain with a PDC (a ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 11
Provided by: TroyAntho
Learn more at: http://www.asu.edu
Category:
Tags: vprc | domain | migration

less

Transcript and Presenter's Notes

Title: VPRC Domain Migration


1
VPRC Domain Migration
  • Migrating resources from the VPRC domain to the
    ASURITE domain.

2
Initial Plan
  • VPRC Domain Windows NT 4.0 multi-master domain
    with a PDC (a), resource servers (b), computer
    accounts (c), and user accounts (d).
    (VPRC.ASU.EDU)
  • Trust Relationship Explicit one-way trust
    established to allow the ASURITE domain to access
    resources in the VPRC domain.
  • ASURITE Domain Windows 2000 domain running in
    Native Mode. (ASURITE.AD.ASU.EDU) All ASURITE
    user accounts reside in this domain and will be
    accessed from here.
  • M.OVPR - organizational unit for the OVPR (e).
    Starts out empty but will eventually contain all
    of our computer accounts, security groups, etc..
  • Transitive Two-Way Trust (f). Built-in trust
    between empty root (AD.ASU.EDU) and down level
    domain (ASURITE.AD.ASU.EDU).
  • AD Forest Root Domain (g). Containing Forest
    Schema and Domain Naming Master FSMO's, Schema
    and Enterprise Admins. No user accounts or
    computers.

1
3
VPRC Domain
ASURITE Domain
AD Domain
g
M.OVPR
2
f
a
b
c
d
e
3
Step One
  • VPRC Domain Windows NT 4.0 multi-master domain
    with a PDC (a), resource servers (b), and
    computer accounts (c). User accounts from this
    domain will no longer be utilized.
    (VPRC.ASU.EDU)
  • Trust Relationship Explicit one-way trust
    established to allow the ASURITE domain to access
    resources in the VPRC domain.
  • ASURITE Domain This step will be performed
    simultaneously with step two. All user accounts
    will be pulled from the ASURITE domain (d). New
    global security groups will be created in
    M.OVPR.Groups containing the ASURITE IDs of our
    users. New local security groups will be created
    on the resource servers containing the global
    security groups from M.OVPR.Groups. This will
    allow users still in the ASURITE domain to access
    resources still contained within the VPRC domain.
  • M.OVPR - organizational unit for the OVPR (e).
    This will start out empty but will eventually
    contain all of our computer accounts, security
    groups, etc..

1
3
VPRC Domain
ASURITE Domain
AD Domain
d
2
M.OVPR
a
b
c
e
4
Step Two
  • VPRC Domain Windows NT 4.0 multi-master domain
    with a PDC (a) and resource servers (b). User
    accounts from this domain will no longer be
    utilized and all computer accounts have been
    migrated to the ASURITE domain.
  • Trust Relationship Explicit one-way trust
    established to allow the ASURITE domain to access
    resources in the VPRC domain.
  • ASURITE Domain All ASURITE user accounts will be
    pulled from the ASURITE domain (d).
  • M.OVPR - organizational unit for the OVPR (e).
    All computer accounts (c) now reside in the
    computer sub-OU (M.OVPR.Computers). These are
    workstations only. When migration takes place,
    users local profile folder is renamed from
    username to username_old. User logs in to
    create new profile (for the ASURITE domain). All
    files except NTUSER.INI, NTUSER.DAT, and
    NTUSER.DAT.LOG are copied into the new local
    profile folder and permissions are reset to give
    the user the appropriate permissions. This will
    retain all application settings except for the
    Exchange profile.

1
3
VPRC Domain
ASURITE Domain
AD Domain
d
2
M.OVPR
c
a
b
e
5
Step Three
  • VPRC Domain Windows NT 4.0 multi-master domain
    with a PDC (a). User accounts from this domain
    will no longer be utilized and all
    computer/server accounts have been migrated to
    the ASURITE domain.
  • Trust Relationship Explicit one-way trust
    established to allow the ASURITE domain to access
    resources in the VPRC domain.
  • ASURITE Domain All ASURITE user accounts will be
    pulled from the ASURITE domain (d).
  • M.OVPR - organizational unit for the OVPR (e).
    All resource servers (b) have been migrated. All
    computer accounts (c)now reside in the computer
    sub-OU (M.OVPR.Computers).

1
3
VPRC Domain
ASURITE Domain
AD Domain
d
2
M.OVPR
c
b
a
e
6
Where We Are Now
  • Remote Installation Server (RIS) was first in
    ASURITE domain.
  • Two production IIS servers and one development
    IIS server have been migrated.
  • About half of our users have been migrated.
  • Any time we touch a computer for maintenance or
    install a new one we bring it up in ASURITE.

7
What We Did Different
  • Initial Plan
  • Place all workstations in a single OU
    (M.OVPR.Computers).
  • Actual Implementation
  • Created multiple OUs to reflect our departmental
    structure and placed workstations where
    appropriate. This eases administrative tasks and
    allows us to implement workstation changes on a
    granular level. This will be of great benefit to
    us as we develop more complex GPOs, security
    policies, and as we begin to use Intellimirror.

8
Current OU Structure
  • Allows us to monitor where workstations are.
  • Absolute control over GPOs and where they are
    applied.
  • Will allow us to give limited administrative
    control to those departments that desire it.

9
Next Steps
  • Finish migration.
  • Migrate remaining users/workstations into
    ASURITE.
  • Move file and print servers into ASURITE.
  • Shut down NT 4 domain (VPRC).
  • Begin testing of new technologies such as
    Intellimirror and advanced GPO use in TASURITE.

10
Somewhere in between
Write a Comment
User Comments (0)
About PowerShow.com