210 likes | 438 Vues
NT DOMAIN - ACTIVE DIRECTORY MIGRATION. Michel Jouvin LAL Orsay Jouvin@lalin2p3.fr. Outlines. Current domain infrastructure Migration options and requirements Server migration status and perspectives W2000 Pro upgrade. NT Domain Infrastructure. One domain : LAL 130 machines
E N D
NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay Jouvin@lalin2p3.fr NT Domain - AD Migration - JLab 2000
Outlines • Current domain infrastructure • Migration options and requirements • Server migration status and perspectives • W2000 Pro upgrade NT Domain - AD Migration - JLab 2000
NT Domain Infrastructure... • One domain : LAL • 130 machines • 300 user accounts • 7 servers • 1 PDC (NT) • 3 BDC (2 NT + 1 VMS) • 3 autonomous server (Samba/Unix + Axis CD server + NT Terminal Server) NT Domain - AD Migration - JLab 2000
… NT Domain Infrastructure • Home Directories and Experiments space on Samba • Served by main file server • Printing server on Unix • Access through LPR NT Domain - AD Migration - JLab 2000
Migration Options • Create a new domain with trusted relationship • + : No impact on running domain resources • - : 2 different domains for users • Migrate domain rather than create a new one • + : management easier, only 1 domain for users • - : impact in case of migration problem NT Domain - AD Migration - JLab 2000
Migration Requirements • Keep LAL as domain name • Put W2000 nodes in our main DNS domain (lal.in2p3.fr) • Also avoids double registration of host name • Keep Unix DNS as our master server for lal.in2p3.fr zone • Impossible to do with a new domain • Run in mixed mode until we can downgrade VMS to autonomous server NT Domain - AD Migration - JLab 2000
Migration Status • Migration of existing domain in progress • 2 NT machines already migrated, last NT soon • No interoperability problem with NT stations • Main problem : VMS Pathworks • Need to be at least a BDC • Had major interoperability problem with 7.2A (SAM replication failure) • Has minor problems with last patches NT Domain - AD Migration - JLab 2000
DNS integration... • AD internal information in sub-zones of AD domain DNS zone • mainly service location (SVR records) • Sub-zone names start with _ • Need to create required sub-zones manually • lal.in2p3.fr DNS master is a secondary for AD sub-zones • Bind v8.2 on Unix • W2000 is mastering AD sub-zones NT Domain - AD Migration - JLab 2000
… DNS integration • DNS dynamic updates not (yet?) activated for host names (main zone) • Tested and seems to work • Error messages logged on master DNS • AD server acting as a proxy for updates • Need to upgrade our DNS management tools • Use comments in DNS database lost during dynamic updates NT Domain - AD Migration - JLab 2000
What Next ? • DFS • File naming independent of location • Kerberos • Tru64 (v5.1) has a single logon capability • LDAP integration ? • Currently 2 LDAP servers : • 1 for ou=people,ou=lal,o=in2p3,c=fr • 1 for o=lal,dc=in2p3,dc=fr NT Domain - AD Migration - JLab 2000
W2000 Pro Upgrade Status • No plan for a wide upgrade • Some hardware don’t fulfill min requirements • Some software missing or have problems • Ex : AFS client, Netscape • New PCs : W2000 since last summer • Group policies configured for deployment of all supported applications • Some apps already upgraded through GPs • Ex: Exceed v6 -> v7 NT Domain - AD Migration - JLab 2000
W2000 Pro Upgrade Strategies • Upgrade through SMS : evaluation phase • Should not be a problem for the OS • Impact of group policies on installed applications • Applications will be reinstalled • What happens if newer version (Office, Exceed) • Reinstallation from scratch • No ‘previous state’ problem • Preferred when there is not too much local data NT Domain - AD Migration - JLab 2000