Solution For Migrating From Novell Netware To Windows Server 2003

Solution for Migrating File, Print, and Directory Services
from Novell NetWare to Windows Server 2003

Microsoft Corporation
Published: November 2004
Abstract
Tis guide demonstrates te first stage of a Novell NetWare migration !ro"ect# migrating directory, file, and !rint
services to Microsoft
$
Windows Server% 2003 &ctive Directory
$
directory services' Tis stage (uilds te
infrastructure on wic you will migrate te directory and file and !rint services' Wit an &ctive Directory
infrastructure in !lace, you can ten define future stages suc as moving mail and oter a!!lications or adding
&ctive Directory features' )ou will learn ow to !lan your !ro"ect, develo! te solution for te new environment,
determine te (est migration strategy for your environment, and migrate directory and file and !rint services to
te new environment'
2004 Microsoft Corporation. This wor is licensed under the Creative Commons !ttribution"NonCommercial #icense. To view a cop$ of this license%
visit http:&&creativecommons.or'&licenses&b$"nc&2.(& or send a letter to Creative Commons% (4) *oward +treet% (th ,loor% +an ,rancisco% California%
-4.0(% /+!.
Contents
Preface'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' *
+verview'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' *
,ntended &udiences''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' *
Sco!e'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 2
-ow to .se Tis Migration /uide'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 2
,ntroduction''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0
Tecnology +verview''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0
1nvisioning )our Novell to Windows Migration Pro"ect''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''**
,ntroduction and /oals''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' **
Setting .! te 2ore Pro"ect Team for a Novell to Windows Migration Pro"ect'''''''''''''''''''''''*3
2reating te 3ision'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' *4
2reating te Solution 2once!t''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' *5
Defining te Sco!e of te Pro"ect'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 20
Pro"ect Timeline''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 2*
&ssessing Pro"ect 6is7s'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 2*
Planning )our Novell8to8Windows Migration Pro"ect''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''23
,ntroduction and /oals''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 23
1valuating te 19isting 1nvironment''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 24
Develo!ing te Solution Design and &rcitecture''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''25
Migration Planning''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 30
2reating te Functional S!ecification'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 3:
Develo!ing te Pro"ect Scedule''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 3:
Test Planning''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 3:
Migrating# Prototy!ing te Migration to Windows Server 2003''''''''''''''''''''''''''''''''''''''''''''''''''43
3alidating Test ;a( 2om!onents''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 43
Testing te Design and Migration Process''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 44
Sta(ili<ing te Novell to Windows Server 2003 Migration Solution'''''''''''''''''''''''''''''''''''''''''''0*
,ntroduction and /oals''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0*
2onducting te Pilot''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 02
Migration Pilot'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 02
De!loying te Novell to Windows Server 2003 Migration Solution''''''''''''''''''''''''''''''''''''''''''''0:
,ntroduction and /oals''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0:
De!loyment Pre!arations'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0=
De!loying''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 0=
+!erating )our Windows Server 2003 1nvironment'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''53
Managing Windows Server 2003''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 53
&uditing te 1nvironment''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 54
>ee!ing u! wit Service Pac7s and .!dates''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''55
Maintaining Windows Server 2003'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 55
6eferences and ?i(liogra!y'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' :*
&((reviations'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' :3
2ontri(utors
Writer
>ati -onegger @2onvergent 2om!utingA
Editors
Trelawney /oodell @3oltA
Tomas +lsen @3oltA
Program Manager
Pa(lo ?Brcenas ,(inarriaga @Microsoft 2or!orationA
Project Manager
6ic Dorfman @2onvergent 2om!utingA
Reviewers
Fred &ntro(us @19cell Data 2or!orationA
2risto!er West!oint @Microsoft 2or!orationA
i
Preface
Overview
6egardless of te si<e of your environment, migrating your entire e9isting environment to
a new o!erating system can (e a daunting tas7' Tis guide demonstrates ow to (rea7
te !rocess into stages to sim!lify your migration' Te first stage, migrating directory, file,
and !rint services, is outlined in tis guide' Tis stage (uilds te infrastructure on wic
you will migrate te directory and file and !rint services' &fter you ave a solid Microsoft
$

Windows Server% 2003 &ctive Directory
$
infrastructure in !lace, you can define future
stages suc as moving mail and oter a!!lications or adding &ctive Directory features'
,n tis guide, you will learn ow to !lan your !ro"ect, develo! te solution for te new
environment, determine te (est migration strategy for your environment, and migrate
directory and file and !rint services to te new environment'
Te following to!ics are covered in tis guide#
C Ma"or migration !lanning decisions
C Migration tools and services
C Migration o!tions
C Migration !rocedures
C +!erations guidelines for te new environment

Tis guide !resumes tat you ave eiter already decided to migrate from NetWare to
Windows Server 2003 or you are currently considering migration and you need to
evaluate te availa(le migration strategies (efore ma7ing a final decision'
Intended Audiences
Tis guide is intended for ,T !rofessionals wor7ing in a networ7 environment tat includes
NovellDs NetWare o!erating system wit Novell Directory Service @NDSA, eDirectory, or
?indery directory services' ,t is s!ecifically targeted at information tecnology @,TA
!rofessionals res!onsi(le for designing and im!lementing directory and file services in an
enter!rise environment#
C ,T tecnical decision ma7ers
C ,T arcitects
C ,T su!!ort !ersonnel
C ,nfrastructureESystems managers
C System integrators
C 2onsultants

Knowledge Prerequisites
Tis guide assumes tat te reader as an understanding of te Microsoft
$
file server
tecnologies for Windows Server 2003 and &ctive Directory services' Te reader is also
e9!ected to ave a wor7ing 7nowledge of te following#
C Novell File Services and trustee !ermissions
*
C 18DirectoryENDS conce!ts
C 2entrali<ed storage and (ac7u! conce!ts
C Storage tecnologies, suc as networ78attaced storage @N&SA and storage area
networ7 @S&NA
C Networ7ing and connectivity
C Service o!erations

For lin7s to in8de!t information a(out Windows Server 2003 &ctive Directory, Novell
NDS and ?indery, Novell File and Print, and oter related to!ics, see te
F?i(liogra!yE6eferencesF section in &!!endi9 &'
Scoe
Te sco!e of tis guide is to !rovide guidance on te !rocess for migrating Novell
versions 3'9 to 5'0 to Windows Server 2003 and &ctive Directory' Te !rocess includes
envisioning and !lanning te migration !ro"ect and guidance on im!lementing te
solution using Microsoft and oter vendorsG tools @if reHuiredA' &dditional areas tat are in
sco!e include#
C /uidance on migrating Novell networ7 directory and file and !rint services for te
!roduct versions mentioned
C /uidance on migrating Novell client wor7station to (e serviced (y Microsoft
Windows 2003 Servers

&reas tat are not included in te sco!e of tis guide are#
C Microsoft Windows NT
$
or Microsoft Windows 2000 to Windows 2003 migration in
te case of mi9ed environments
C NonIWindows Server 2003 or Windows Storage Server 2003 environments
C &!!lications or services (eyond Jout of te (o9K directory, file and !rint services'
Tis includes a!!lications suc as /rou!Wise and L1Nwor7s
!ow to "se #$is Migration %uide
Te organi<ation of tis guide is (ased on te industry8!roven need to manage ,T
!ro"ects according to a disci!lined !rocess tat im!roves te odds of !ro"ect success'
Tis Novell migration guide !rovides !rescri!tive guidance for successfully carrying out a
migration from Novell NetWare to Windows Server 2003 from its ince!tion troug its
com!letion' ,t is designed to (e used wit a com!anion guide, te /N01 Mi'ration Pro2ect
3uide @.MP/A' Wile tis Novell migration guide contains te tecnical and solution8
s!ecific information needed for te !ro"ect, te .MP/ !rovides te disci!lined !rocess
ste!s for using tis information in te conte9t of a migration !ro"ect and a team
organi<ation model @F!eo!le and !rocessF guidanceA'
To facilitate teir side8(y8side use, (ot guides use !ro"ect !ases as an organi<ational
device' S!ecifically, tey follow te structure of te Microsoft Solutions Framewor7 @MSFA,
wic defines five distinct !ases for ,T !ro"ects#
C 1nvisioning
C Planning
C Develo!ing @or Migrating in te case of migration !ro"ectsA
C Sta(ili<ing
2
C De!loying

1ac guide !resents te information @!rocess or tecnicalA needed for a !ase witin
ca!ters named for tat !ase' For e9am!le, in te solution guide, (usiness and
tecnical information needed for te initial decision8ma7ing is in te 1nvisioning ca!ter,
detailed !rocedures and scri!ts are in te Migrating ca!ters, and so onA'
Te .MP/ is essentially FMSF a!!lied to migration !ro"ects'F ,t (egins wit an overview
of MSF and ten descri(es te !rocesses tat (elong to eac !ase and te team roles
res!onsi(le for temM it is not% owever% meant to serve as a com!reensive introduction
to MSF' ,n8de!t information a(out MSF is availa(le to interested readers on te
Microsoft Solutions Framewor7s We( site at tt!#EEwww'microsoft'comEmsf'
Te reason for se!arating te !rocess guidance from tecnical and !ro"ect8s!ecific
guidance is to 7ee! tis guide as lean as !ossi(le' Some readers will need to focus
narrowly on !ro"ect tas7s, wile !ersons wit !ro"ect management and team lead
res!onsi(ilities need to digest te .MP/ guidance and a!!ly it to te !ro"ect'
?ecause organi<ational !ersonnel and !ro"ect team mem(ers tend to ave different
levels of involvement during different !ases, te division of content according to !ro"ect
!ase also su!!orts te ca!a(ility to focus on te material tat is most relevant to a
!articular res!onsi(ility' Te following list identifies li7ely readers (y !ase#
%uide Section or
Project P$ase
Organi&ational Roles o'
(i)el* Audiences
Project #eam Roles o'
(i)el* Audiences
,ntroduction ?usiness decision ma7ers,
tecnical decision ma7ers,
arcitects
&ll team leads
1nvisioning ?usiness decision ma7ers,
arcitects
Product Management, Program
Management, all team leads
Planning ?usiness decision ma7ers,
arcitects
Product Management, Program
Develo!ingEMigrating Develo!ers, +!erations team Test, Develo!ment, 6elease
Sta(ili<ing Develo!ers, +!erations team Test, Develo!ment, 6elease
De!loying +!erations team 6elease Management, all team
leads
+!erations +!erations team 6elease Management
+ote, &ltoug te two guides are designed to (e used togeter, it is not necessary to
follow te MSF !rocesses and team guidance descri(ed in te .MP/ if te
organi<ation as an alternative !ro"ect metodology in !lace' ,n tat case, te .MP/
would (e used merely to ma! te MSF !ases and team structure to te elements of
te organi<ationGs metodology' We recommend you read at least te overview of MSF
in te .MP/ to (ecome familiar wit te MSF Process Model, te MSF Team Model,
and MSF terminology'
3
Organi&ation o' C$aters
Following an introductory ca!ter, tis guide is divided into four sections, Plan, ?uild,
De!loy, and +!erate, tat cover te entire s!an of te ,T solution life cycle' Te five
Microsoft Solutions Framewor7 !ases fall into te first tree sections, and te Microsoft
+!erations Framewor7 is te reference framewor7 for te final section'
C Introduction- Te ,ntroduction ca!ter defines te !ro"ect, !rovides an overview of
te tecnologies discussed in tis guide, and introduces migration o!tions and
tools'
C Plan- Te Plan section is divided into two ca!ters, 1nvisioning and Planning'
Tese ca!ters corres!ond wit te first two MSF !ases' ,n te 1nvisioning
Pase te team and s!onsor agree on te ig8level reHuirements and goals of te
!ro"ect' Te Planning Pase is were te team defines wat to (uild and de!loy
along wit ow and wen to (uild it'
C .uild- Te ?uild section is divided into two ca!ters, Migrating and Sta(ili<ing,
wic corres!ond to te MSF Develo!ing and Sta(ili<ing !ases' Te Migrating
ca!ter outlines te Develo!ing Pase were te team (uilds and tests te
solution and te migration !rocess in an isolated la( environment' ,n te Sta(ili<ing
Pase te new Windows environment is (uilt in te !roduction environment and a
limited num(er of !ilot users are migrated'
C /elo*- Te De!loy section consists of a single ca!ter tat covers te final MSF
!ro"ect !ase, De!loying' Te De!loying Pase ca!ter outlines te ste!s reHuired
to fully migrate te e9isting NetWare environment to te new FliveF !roduction
environment'
C Oerate- Te +!erate section consists of a single ca!ter wit ig level
guidelines for o!erating and maintaining your new environment'
#erminolog*
Tis guide uses te term FmigrationF to refer to#
C S!ecific activities tat a!!en in te Develo!ing @or MigratingA Pase
C Te entire solution !rocess
4
*
,ntroduction
Tis document is a guide to migrate a Novell NetWare environment to te
Windows Server 2003 o!erating system and &ctive Directory'
#ec$nolog* Overview
Tis section !rovides a (rief overview of te tecnologies addressed in tis guide' For
lin7s to more information on any of tese tecnologies, see te
+ovell +etWare
Novell NetWare is a (ase o!erating system' Novell NetWare sould not (e confused wit
eDirectory or NDS, wic are te directories tat run on to! of NetWare' NetWare as
evolved from NetWare =5, 2=5, 3=5, 2'9, 3'*, 3'2, 4'0, 4'*, 4'*2, 4'2, 0'0, 0'*, and 5' Te
current version is te NetWare 5 !roductM owever, most organi<ations are still running a
version of NetWare 4 or 0'
Te ma"or version cange came (etween NetWare 3 and NetWare 4' NetWare 3 was te
last J(inderyK directory version of NetWare tat was re!laced (y NetWare 4 and te first
version of te NDS Jreal directoryK version in te early *NN0s' Many organi<ations tat
ad NetWare 3'9 migrated to Windows NT 4'0 over te years as te migration from
NetWare 3'9 to 4'9 was relatively com!licated'
+rgani<ations tat ave migrated to NetWare 4 or 0 (ut did not migrate furter are good
candidates for Windows migrations, (ecause tey will need to migrate to NetWare 5 to
gain access to any of te future Novell versions, and NetWare 4'9 will reac end of life
Marc 2000' +rgani<ations still using NetWare 3'9 will also find tat te migration !at to
Windows Server 2003 is eHually as easy'
,n te ne9t version of Novell, te o!erating system will no longer (e NetWareM it will (e
Novell on to! of ;inu9' &s a result, organi<ations wit e9isting versions of Novell will not
(e a(le to easily u!grade to te ne9t versionM tey will ave to (uild te ;inu9
infrastructure and ten migrate to te new version' Wile tis is similar to te !rocess to
move to Windows, tools for migrating from NetWare to Windows, suc as Microsoft
Services for NetWare @SfNA and Ouest NDS Migrator, ave (een develo!ed and !roven
in countless real world environments'
Wit te cange to te (ase Novell o!erating system, u!grading will reHuire
organi<ations to su!!ort tree o!erating systems# Novell, ;inu9, and Windows' @Pure
Novell environments are rare' ,ncreasingly Windows NT or Windows 2000 as already
(een introduced into Novell environments to ost a!!lications and services'A Maintaining
0
Novell and ;inu9 along wit Windows increases administrative and training reHuirements'
,n addition, resource availa(ility (ecomes an issue, as it is difficult to find engineers tat
are well versed in all tree o!erating systems'
Windows Server 0112
Te Windows Server 2003 !roduct is a com!reensive networ7 o!erating system tat
can serve many roles suc as a file and !rint server, We( server, an a!!lication server,
and a Windows 'N1T a!!lication ost' Windows Server 2003 comes wit several
!rograms and tools to !rovide networ7ing functionality' Some of te a!!lication server
functions include domain controller, glo(al catalog server, DNS server, D-2P server,
cluster server, terminal services server, remote access server, We( server, media server,
and Distri(uted File System @DFSA server'
During te design and !lanning !rocess an organi<ation needs to coose ow to (est
im!lement Windows Server 2003 and te various networ7ing features tat can (e
im!lemented to meet your (usiness needs'
+ne of te ma"or additions to te networ7 o!erating system, introduced wit te release
of te Windows 2000 o!erating system, was &ctive Directory' &ctive Directory creates an
enter!rise8wide ;igtweigt Directory &ccess Protocol @;D&PA directory tat is scala(le
and e9tensi(le' ?ecause &ctive Directory aderes to o!en standards suc as ;D&P, it
facilitates communication wit ;D&P8aware !rograms and oter directory services' &ctive
Directory !rovides for centrali<ed account management and allows distri(uted resource
control' Windows Server 2003 e9tends te ca!a(ilities of &ctive Directory (y !roviding
(etter management tools, !rovides for more ro(ust directory re!lication across a glo(al
enter!rise, and allows for (etter scala(ility and redundancy to im!rove directory
o!erations'
Te logical structure of &ctive Directory ena(les it to scale from small offices to large
multinational organi<ations' 2ore com!onents of &ctive Directory include forests,
domains, scema, organi<ational units, and grou!s' 1ac of tese com!onents must (e
addressed wen im!lementing &ctive Directory'
Windows Storage Server 0112
Microsoft
$
Windows
$
Storage Server 2003 is a networ7 attaced storage @N&SA o!erating
system tat ena(les original eHui!ment manufacturers to (uild a!!liances tat !rovide
dedicated file serving ca!a(ilities and storage on te networ7' Windows
Storage Server 2003 is (uilt on to! of Microsoft Windows Server 2003, wic ensures
tat N&S devices (uilt u!on te Windows Storage Server o!erating system ave all te
!erformance and scala(ility (enefits associated wit Windows Server 2003'
& N&S Windows Storage Server 2003 is designed to !erform witout reHuiring a monitor,
7ey(oard and mouse' ,nstead, tis JeadlessK a!!liance is remotely managed troug a
We(8(ased user interface for te minimal configuration tas7s reHuired for setu!' .nli7e
a!!lication servers wic reHuire !ro!er !lanning to im!lement well, N&S devices (uilt
wit Windows Storage Server 2003 are designed to (e de!loyed in under *0 minutes,
and can (e attaced directly to te com!any local area networ7 @;&NA wit no
interru!tion to services' &fter tey are !lugged in, tese N&S devices reHuire minimal
maintenance'
Windows Storage Server 2003 does not reHuire !ro!rietary ardware, as it wor7s wit
standard ardware from multi!le original eHui!ment manufacturers @+1MsA' Tis gives
(usinesses ma9imum fle9i(ility in coosing among vendors wit te ardware solution
tat (est meets teir needs'
5
&fter te Windows Server 2003 environment is esta(lised, Windows Storage Server
2003 !rovides you wit an additional storage o!tion for file service'
For additional information a(out Windows Storage Server and N&S de!loyment
scenarios see Windows Servers in a Storage &rea Networ7 1nvironment
tt!#EEwww'microsoft'comEwindowsserversystemEwss2003EtecinfoE!lande!loyEmssans'm
s!9'
:
Part *# P;&N
N
2
1nvisioning )our Novell to
Windows Migration Pro"ect
Introduction and %oals
Tis ca!ter !rovides te (ac7ground and tecnical information reHuired to com!lete te
first !ase of a Novell to Windows migration !ro"ect, te 1nvisioning Pase, wic
re!resents an early form of !lanning' Te !ur!ose of tis initial wor7 is to get te !ro"ect
started (y acieving a (asic agreement (etween (usiness sta7eolders and ,T, as
re!resented (y te !ro"ect team, on te goals for te !ro"ect as well as its constraints'
Te guide ma7es te following (asic assum!tions a(out te state of te organi<ation at
te (eginning of 1nvisioning'
C & decision to investigate te !ro"ect as (een made (y an ,T manager wo as
sufficient (udgetary autority to fund te investigation @1nvisioning and Planning
!asesA, and wo may or may not ave sufficient (udgetary autority to a!!rove
te entire !ro"ect'
C 6oug estimates indicate tat !ro"ect (enefits will e9ceed its costs, (ut detailed
return on investment @6+,A calculations cannot (e made until te !ro"ect sco!e is
defined'
C Weter te team tat underta7es te !ro"ect is made u! of in8ouse staff or of
consultants @wose involvement in ,T for te organi<ation can range from te
underta7ing of a single !ro"ect to an ongoing advisory relationsi!A, te wor7 of
1nvisioning and Planning remains te same'

**
Major #as)s and /eliverables
?y te end of te !ase, te team and all ma"or sta7eolders for te !ro"ect sould ave
agreed u!on te following conce!tual areas and documented teir understanding in a
visionEsco!e document#
C & vision for te solution
C Defines te (usiness o!!ortunities or !ro(lems tat te solution is e9!ected to
address, including ma"or (usiness and user reHuirements'
C Descri(es te current state of te environment @at a ig levelA wit res!ect to
te tecnology (eing considered'
C Descri(es te desired future state of te organi<ationGs environment from an
un(ounded view!oint'
C & solution conce!t
C Descri(es at a ig level ow te solution will solve te (usiness !ro(lem in
terms of te a!!roaces it will ta7e to (uild and deliver te solution'
C Documents (usiness goals, design goals and te reHuired functionality of te
solution
C 2alls out assum!tions and constraints tat a!!ly to te solution
C Defines te success criteria for te !ro"ect'
C Te sco!e of te !ro"ect
C Defines te !ro"ect sco!e (y listing wic desired features and functions te
!ro"ect will !rovide, solution tradeoffs, and out8of8sco!e items'
C Distinguises (etween te sco!e of te solution and te sco!e of te !ro"ect in
cases were te solution will (e im!lemented in stages or will reHuire discrete
!ro"ects to (e run in !arallel'
C &n assessment of ris7s
C ,dentifies ris7s (elonging to te !ro"ect'
C &ttem!ts to Hualify and !rioriti<e tese ris7s'
C & roug estimate of te !ro"ect time frame and duration

Togeter, tese conce!tual areas com!rise a ig8level descri!tion of te !ro"ect tat will
form te (asis for furter !lanning' Tey re!resent a (aseline and may need to (e
revised as !lanning !rogresses and new information dictatesPtus te visionEsco!e
document sould (e viewed as a livin' document tat will cange, su("ect to cange
control'
&dditionally, during tis !ase, you will#
C ,dentify and organi<e a core !ro"ect team' &dditional mem(ers can (e added later'
C 2reate a !ro"ect structure document tat#
C Documents te team organi<ation
C 1sta(lises communication and meeting logistics
C Sets te ground rules for team res!onsi(ilities

6efer to te /N01 Mi'ration Pro2ect 3uide for more detailed discussions of ow tese
tas7s and delivera(les can (e a!!roaced and res!onsi(ility assigned for tem'
*2
Envisioning P$ase Major Milestone, 3ision4Scoe
Aroved
Te 1nvisioning Pase ends wen te team, te customer @(usiness s!onsorA, and ma"or
!ro"ect sta7eolders @oter mem(ers of te organi<ation wo will (e affected (y te
!ro"ectA review te visionEsco!e document and formally signify teir agreement wit its
terms' Securing tis agreement indicates acievement of a ma"or !ro"ect milestone,
3isionESco!e &!!roved, wic is reHuired to !roceed to te ne9t !ase' &t tis !oint, te
various (usiness and ,T sta7eolders sould ave a clear idea of te goals for te !ro"ect
and te !ro"ect team can (egin to ma7e s!ecific !lans for ow to acieve tem'
+ote, Te !ro"ect sco!e is te definition of successM it tells you wen you are done' ,f you
do not reac a true Fmeeting of te mindsF amongst te sta7eolders and !ro"ect staff,
significant time or cost overruns, or even !ro"ect failure, will occur' See te .MP/ for
more details'
Setting " t$e Core Project #eam 'or a +ovell to
Windows Migration Project
Te num(er of !ro"ect team mem(ers for a Novell to Windows Server 2003 migration will
vary (ased u!on te si<e of your organi<ation' ,n small organi<ations, a !ro"ect team may
only consist of a manager and a develo!er' ,n contrast, a large organi<ation may ave
multi!le !artici!ants from any num(er of de!artments' ,n fact, te entire team may not (e
set u! until te 1nvisioning Pase is well under way' Te .MP/ defines a clear !rocess
for setting u! a team'
Team mem(ers sould ave a clear understanding of te Microsoft file server
tecnologies for Windows Server 2003 and Microsoft &ctive Directory services' Team
mem(ers are also e9!ected to ave a wor7ing 7nowledge of your environment in te
following areas#
C Novell File Services and trustee !ermissions
C 18DirectoryENDS conce!ts
C 2entrali<ed storage and (ac7u! conce!ts
C Storage tecnologies, suc as networ78attaced storage and storage area networ7
@S&NA @if a!!lica(le in your environmentA
C Networ7ing and connectivity
C Service o!erations

*3
Creating t$e 3ision
?efore you can migrate to a new Windows Server 2003 &ctive Directory environment you
must first determine wat tat environment will loo7 li7e and ten develo! a migration
strategy for ow to get tere'
A 3ision 'or t$e Solution
Te vision starts wit a (usiness !ro(lem' Tis !ro(lem sould (e te driving factor in
your investigating migration to Windows Server 2003'
Some common (usiness drivers for migrating from Novell NetWare to
Windows Server 2003 include#
C Discontinued su!!ort for Novell NetWare' ,n te ne9t version of Novell, te
o!erating systems will no longer (e NetWareM it will (e Novell on to! of ;inu9'
C Difficulty of u!grade to new Novell NetWare version' +rgani<ations wit e9isting
versions of Novell will ave to (uild te ;inu9 infrastructure and ten migrate to te
new version'
C Multi!le o!erating systems in one environmentI Pure Novell environments are
rare' ,ncreasingly Windows NT or Windows 2000 as already (een introduced into
Novell environments to ost a!!lications and services' Wit te cange to te (ase
Novell o!erating system, maintaining Novell and ;inu9 along wit Windows
increases administrative and training reHuirements' ,n addition, resource
availa(ility (ecomes an issue, as it is difficult to find engineers tat are well versed
in all tree o!erating systems'
/e'ining t$e %oals
Te following discussions cover s!ecific (usiness and tecnical issues tat you sould
consider for a Novell NetWare to Windows migration !ro"ect wen you are answering te
Huestions tat need to (e addressed in te visionEsco!e document'
.usiness %oals
?usiness goals are esta(lised eiter to ta7e advantage of an o!!ortunity or to solve a
!ro(lem in your current (usiness environment' Te team (egins defining its !ro"ect (y
identifying te (usiness goals, and ten derives !ro"ect goals and o("ectives from tose
(usiness goals'
Ty!ical (usiness goals for a migration from Novell to Windows include (ut are not limited
to#
C 6educing te total cost of ownersi! @T2+A
T2+ of a new o!erating system includes not only te !rice of !urcasing software
and ardware (ut also te cost of training staff as well as su!!orting and
maintaining te system' Terefore, wile identifying te T2+ of te migration to a
new o!erating system, you sould e9!lore Huestions suc as#
C Wat is te cost of your ardwareQ
C Wat is te cost of your o!erating systemQ
C Wat is te relia(ility of te systemQ ,f te system fails or crases often, te
su!!ort cost for suc a system would increase'
*4
C Wat is te cost of a!!lication downtime to your (usinessQ
C Wat is te cost of system maintenanceQ -ow many !eo!le would you need to
maintain te systemQ
C Wat is te cost of su!!ortQ

C ,ncreasing te usa(ility of te system
Te a!!lications on te system sould (e easy to develo! and use' Systems tat
offer integrated security and develo!ment environments for a!!lications are
o!timal'
C Providing ease of managea(ility
Te system sould !rovide easy, secure, relia(le, and scala(le ways for te
administrators to install, manage, and maintain te o!erating system, new
software, e9isting software, and !atces'
C Providing ease of scala(ility
Te system sould (e scala(le to meet te ever8increasing !erformance
reHuirements of a!!lications' Scala(ility of te system includes te ca!a(ility to
scale u! (y adding more !rocessors to te e9isting system or scale out (y adding
more com!uters and faster interconnects' ,t is im!ortant to understand te
scala(ility of te initial system configuration and ow well it can (e u!graded in te
future as wor7loads and data volumes increase over time'
C -aving a system tat is fully su!!orted
C ;imiting te num(er of o!erating systems
C Minimi<ing te im!act of any migration !rocess on te daily (usiness
C Meeting regulatory reHuirements suc as Sar(anes8+9ley, /ramm8;eac ?liley,
-,P&&, and oters

#ec$nical %oals
?usiness goals are often intertwined wit tecnical goals for te new environment' Some
common tecnical goals include#
C Su!!ort for ,nternet standards
Native ;D&P im!lementation wit integrated DNS names!ace su!!ort
C ,ntero!era(ility
Su!!orts multi!le syncroni<ation, connector, and meta8directory tecnologies and
!u(lises all services using ;D&P
C &dvanced !rotocol and media su!!ort
C Su!!ort for a multilanguage develo!ment environment
C &dvanced !latform services
Su!!ort for tin client access, 3oice8over8,P tele!ony, and streaming media
services
C ?road, industry8wide a!!lication su!!ort
C Ta7ing advantage of te features of Windows Server 2003 &ctive Directory
C Sim!lified administration wit advanced tools, delegated administration
ca!a(ilities, and integrated des7to! management ca!a(ilities troug te use
of /rou! Policy +("ects @/P+sA'
C 1nanced security troug te use of integrated 3irtual Private Networ7 @3PNA
su!!ort, >er(eros autentication, 1ncry!ted ,PSec communications, and
Pu(lic >ey ,nfrastructure @P>,A su!!ort'
*0
C ,ncreased relia(ility wit su!!ort for integrated file and storage services suc
as remova(le and ierarcical storage management, dynamic volume
management, file re!lication and distri(uted file system @DFSA'
C /reater availa(ility wit su!!ort for integrated ig availa(ility services suc as
clustering, load (alancing and file re!lication services for file servers

Assessing t$e Current .usiness Situation
)ou must identify te ga!s (etween te current and desired states of your (usiness to
create a solution tat fulfills te (usiness goals' Performing a ga! analysis el!s you
identify !ro(lems in te current (usiness environment and develo! a !at to te desired
state of te (usiness' Different ty!es of (usiness issues tat you need to assess may
include#
C ?usiness !olicies
C ?usiness o!erations
C 19isting system !erformance, including downtime im!act

3ision Statement E5amles
?ased on te (usiness !ro(lem e9am!les at te (eginning of tis section, ere are some
sam!le vision statements#
C To ave file, !rint, and directory services running smootly and efficiently in a
Windows environment'
C To ave file, !rint, and directory services running smootly and efficiently in a
com(ined Novell and Windows environment'
Te vision statement sould always address 7ey (usiness !ro(lems in te organi<ation'
,t defines te e9!ected end result of te !ro"ect' >ee! in mind tat te vision statement
covers wat te system will loo7 li7e wen you com!lete te !ro"ect, not ow you get to
tat end state'
Creating t$e Solution Concet
Te solution conce!t descri(es at a ig level ow te solution will solve te (usiness
!ro(lem in terms of a!!roaces it will ta7e to (uild and deliver solutions' Tis is te
earliest version of te functional s!ecification and !lans tat you will develo! in te
Planning Pase'
Te !ur!ose of te solution conce!t is to !rovide teams wit limited (ut sufficient detail
to#
C Prove te solution to (e com!lete and correct
C Perform several ty!es of analyses, including feasi(ility studies, ris7 analysis,
usa(ility studies, and !erformance analysis tat will el! te team develo! te
solution in more detail during te Planning Pase'
C 2ommunicate te !ro!osed solution to te customer and oter 7ey sta7eolders'
Te foremost Huestion to answer at tis stage is weter you sould migrate over time
@!ased migrationA or all at once @direct migrationA'
*5
P$ased vs- /irect Migration
)ou need to evaluate te different levels of im!act a !ased or a direct migration migt
ave on your organi<ation' )ou sould consider te cost and te ris7 associated wit te
two ty!es of migration and, correlatively, evaluate te networ7 management structure'
,n a !ased migration, (ot directories remain in !lace for te duration of te entire
migration effort and directory syncroni<ation must (e esta(lised' ,f tis is not feasi(le or
if you do not want to maintain multi!le networ7 o!erating system directories, te (est
coice is migrate Huic7ly and com!letely to a Windows Server 2003 environment'
Te cost of te slower, !ased migration tends to (e iger for two reasons# first, te
wor7 is carried out over a longer !eriod of timeM second, you must manage and su!!ort
two different infrastructure systems simultaneously' -owever, te ris7 is lower (ecause
roll(ac7 can (e done easily and !ro(lems can (e resolved during te migration !ro"ect
wit less im!act to te !roduction system'
,n contrast, te Huic7er, direct migration as a lower cost (ut te ris7 is iger' Te cost is
lower in terms of (ot te amount of time needed to ma7e te switc and te lower
su!!ort im!act on te system' -owever, te ris7 is iger (ecause any tecnical
!ro(lems tat arise can create greater disru!tion to !roduction !rocesses'
P$ased Migration
,f you want to maintain an environment tat contains (ot &ctive Directory and
?inderyENDS directory services, you can !erform a !ased migration and run te two
systems in !arallel' Tis allows you to !erform additional migration tas7s @oter tan
syncroni<ing te two directory servicesA, suc as re!lacing a!!lications tat are
de!endent on Novell services wit &ctive Directory8com!ati(le a!!lications'
&dditionally, large migration !ro"ects are usually !ased migrations' For scenarios were
direct migration is a!!ro!riate, see te JDirect MigrationK section'
& !ased migration reduces te ris7 of data loss (ecause you can migrate in managed
stages and you can reverse te !rocess if necessary' -owever, maintaining two se!arate
directory services can, over time, add additional administrative costs to te migration'
,f you !lan to !erform a !ased migration, you will need to consider syncroni<ation' For
more information on syncroni<ation, see te JSyncroni<ationK section in te Planning
ca!ter'
/irect Migration
& direct migration is suita(le for small to medium8si<ed organi<ations tat ave not
de!loyed NDS8de!endent a!!lications' Migration in tese cases can normally (e
accom!lised in a sort amount of time wit minimal im!act to (usiness o!erations' &
direct migration is also feasi(le if you are setting u! a large num(er of new des7to!s or
you ave an older ?indery or NDS networ7 and need to move to a more so!isticated
o!erating system' For e9am!le, environments tat only !rovide limited services suc as
account information and file and !rint services are relatively sim!le migration !ro"ects'
Direct migration is e9actly wat it sounds li7e# a single !rocess to migrate te e9isting
directory and all file and !rint data, followed immediately (y te migration of te !rinters
and finally te wor7stations'
*:
Tis !rocess can only (e !erformed if tere are no reHuirements to maintain legacy
Novell systems and your environment is small enoug or you ave enoug resources to
migrate all of te wor7stations in te environment' ,n addition, all a!!lications must (e
fully tested (efore migration to verify tat tere is no longer a reHuirement for a Novell
server'
+etwor) S*stems and Services Migration
Wen you reac te Planning Pase, you will (e a(le to !lan more effectively if you 7now
wic services can (e easily migrated from a given NetWare environment to
Windows Server 2003 and wic tools you can use to !erform a given migration tas7'
Part of your solution conce!t will (e wat version you are currently using and wat your
end environment will (e# a Windows environment or a mi9ed Windows and Novell
environment' Tis section summari<es Netware environments and te corres!onding
o!tions for migration to el! you ma7e te necessary decisions'
+etWare 2-5 Environments
NetWare 3'9 services ty!ically include file, !rint, and limited ,nternet services' NetWare
3'9 environments use (inderies to store user account and oter resource information' Te
(inderies are maintained on eac server in te networ7, (ut re!lication of account
information is not !rovided (etween servers' ,ndividual im!lementations of (indery
services normally include file and !rint servicesM owever, older versions of messaging,
a!!lications, and data(ases migt also (e !resent tat rely on NetWare 3'9 services'
C Migrating to Windows Server 0112
Migration of NetWare ?indery environments is sim!ler tan migration of oter
Novell environments, (ecause only a small num(er of services are su("ect to
migration' Furter, migration from NetWare ?indery to Windows Server 2003 &ctive
Directory is almost always desira(le unless some s!ecific a!!lication or service,
suc as Novell /rou!Wise, !revents te migration'
C Maintaining +etWare and Windows Server 0112
,f migration is not an o!tion, you can im!lement intero!era(ility easily at several
levels' Te Windows Server 2003 o!erating system includes su!!ort for
connecting to NetWare ?indery servers or for using Microsoft Directory
Syncroni<ation Services @MSDSSA, a tool included wit Services for Netware, to
syncroni<e accounts wit te Windows Server 2003 &ctive Directory'
+etWare 6-57 8-57 and 9-5 Environments
Te later versions of NetWare include a new directory !latform named NetWare Directory
Services @NDSA' NDS acts as a centrali<ed directory service for NetWare users and
reHuires more !lanning tan a ?indery migration'
C Migrating to Windows Server 0112
Migration of a NetWare 4'9, 0'9, or 5'9 environment to Windows Server 2003 is
more com!le9 tan a 3'9 migration, as te NDS directory sould normally (e
migrated' Tis !resents its own uniHue callenges, as users and grou!s in NDS
must (e created and syncroni<ed wit &ctive Directory users' File data on NDS
servers must ten (e migrated and security !ermissions re8a!!lied troug
s!eciali<ed tools, suc as te Services for NetWare or Ouest NDS Migrator tools'
C Maintaining +etWare and Windows Server 0112
&ctive Directory and NDS !rovide a certain level of intero!era(ility (ecause of a
common im!lementation of standards' -owever, names!ace management and
oter networ7 standards are andled differently (y NDS and &ctive Directory'
*=
+/S +amesace Maing
)ou can ma! te NDS ierarcical directory names!ace to te names!ace used in
Windows Server 2003 &ctive Directory' -owever, in most circumstances, te o!timum
&ctive Directory names!ace will not (e te one used (y NDS' Tis dis"ointed ma!!ing is
(ecause of differences (etween te (asic metods of !artitioning and re!lication'
NDS names!ace ma!!ings tat are similar to an o!timal &ctive Directory names!ace
migt occur if a geogra!ic names!ace model is used for &ctive Directory' ,t is common
for NDS im!lementations to follow tis model to accommodate !artitioning at te
organi<ational unit @+.A level'
Similarities and /i''erences .etween +/S and Active /irector*
Tere is an e9cellent wite !a!er, F2om!aring Microsoft &ctive Directory to Novell NDS
version =F @tt!#EEmsdn'microsoft'comEli(raryEdefault'as!QurlREli(raryEen8
usEdnactdirEtmlEmsdnSactivedirvsnds'as!A, wic details te contrasts (etween te
conce!ts and mecanics of NDS and Windows 2000 &ctive Directory' &ltoug tis !a!er
was written !rimarily for Windows 2000 environments, it is a igly useful resource'
>ee! te following similarities and differences in mind wen you design your new
environment and determine wic services will (e migrated to Windows Server 2003#
: Relication' NDS and &ctive Directory (ot !rovide re!lication services for te
directory witin eac !artition'
: /+S4/!CP' NDS !rovides su!!ort for (asic DNS services wile
Windows Server 2003 !rovides enanced DNS Services including dynamic
u!dates' Windows Server 2003Te DNS offering in Windows Server 2003 is
e9tremely ro(ust and !rovides greater unification of name services and Microsoft
Windows service offerings' Des!ite te differences, (ot DNS im!lementations are
ca!a(le of intero!erating troug standard <one transfers'
: /!CP' ?ot NDS and Windows Server 2003 su!!ort te Dynamic -ost
2onfiguration Protocol @D-2PA, wic allows for te automatic and controlled
distri(ution of client ,P addresses on a networ7' Te !rimary difference (etween
NetWare and Windows Server 2003 D-2P as to do wit teir ca!a(ility to
integrate wit te DNS dynamic u!date !rotocol'
: (/AP Services' ?ot NDS and &ctive Directory are com!liant wit ;D&P version
3' Wile te im!lementations are intero!era(le, it is im!ortant to test a!!lications
and services tat ta7e advantage of ;D&P loo7u!s (efore migrating tose services
from NetWare to &ctive Directory'
: Internet Services' From a ig level, (ot NetWare and Windows Server 2003
!rovide similar ,nternet services, suc as We( services' -owever, tere are
significant differences in te way tat Novell We( a!!lications are written and
!rocessed' Wen !orting We( a!!lications from one !latform to te ne9t, it is
im!ortant to !erform e9tensive testing'
: Aut$entication' Te !roducts use com!letely different metods and !rotocols for
autenticating clients' Windows Server 2003 uses >er(eros autentication over ,P
only' NDS autenticates using NetWare 2ore Protocol over eiter ,P @for NetWare
0'9 and later versionsA or more commonly ,PT'
*N
: +etwor) Securit*' From a ig level, NetWare 0'9 and later versions !rovide a set
of networ7 services tat is similar to &ctive Directory' Tese include su!!ort for
secure soc7ets layer @SS;A, T'00N digital certificates, and security !olicies' ,f
intero!era(ility (etween security im!lementations is desired, you sould focus on
te use of SS; and !u(lic 7ey infrastructure @P>,A to ensure a good level of
intero!era(ility' ?ot !latforms su!!ort many similar security !olicies suc as
account loc7out, access control, !assword !olicies, etc'
: +etwor) Partitions' Wit very few e9ce!tions, do not attem!t to ma7e a direct
correlation (etween NDS !artitions @wic are disassociated wit names!aceA and
!artitions in &ctive Directory tat ma! to DNS domains and names!ace'
/e'ining t$e Scoe o' t$e Project
Te sco!e of te !ro"ect starts to ta7e sa!e after te (usiness goals ave (een defined'
For e9am!le, many organi<ations coose to limit te sco!e of teir migration !ro"ect to
te first ste!, essentially (uilding te future Windows &ctive Directory environment, to
focus on creating te foundation for future growt' Tis a!!roac (uilds te infrastructure
on wic you will migrate te directory and file and !rint services' &fter you ave a solid
Windows &ctive Directory infrastructure in !lace, you are ready for future !ases or
!ro"ects, suc as mail and a!!lication migration' ?y effectively limiting te initial sco!e of
te migration, you ave less to worry a(out, !articularly in te areas of a!!lication
com!ati(ility, des7to!s, scri!ts, etc' Te sco!e of your !ro"ect will de!end on your
(usiness goals and teir relative !riority'
To el! define te sco!e, you need to answer tese Huestions#
C -ow many servers will need to (e migratedQ
C Were are tese servers currently locatedQ
C Wat services are currently !rovided (y te legacy !latform tat will need to (e
migratedQ
C Will data (e consolidatedQ
C Do all a!!lications need to (e tested or "ust s!ecific (usiness8critical a!!licationsQ
&s a result, wat core (usiness a!!lications will need to (e u!graded or re!lacedQ
C Wat additional a!!lications and devices need to (e u!graded or modified to
su!!ort te new servers and a!!licationsQ
C -ow will tis migration affect te des7to! configurations and a!!licationsQ

Te answers may not (e o(vious at tis !oint in te !rocess' ?ut as7ing te Huestions
and engaging in Fwat ifF discussions and s!eculations can identify te !rimary !ieces of
te !u<<le' ?ased on te goals and o("ectives for te !ro"ect and te answers to tese
ty!es of Huestions, te ig8level sco!e of te wor7 (egins to ta7e sa!e' -ere are some
general rules to consider#
C >ee! it as sim!le as !ossi(le'
C ?rea7 u! te !ro"ect into logical segments'
C DonGt forget tat te staff and user community will need to learn new s7ills to (e
!roductive'

20
Project #imeline
& final tas7 to accom!lis (efore te end of te 1nvisioning Pase is to !re!are an
estimate of te time frame for te !ro"ect' ,t is common for te goals of te !ro"ect to
dictate te timeline, as a migration can affect oter critical (usiness !ro"ect
de!endencies' &ll timeline decisions are !reliminary at tis !oint, (ut tis early timeline
will (e im!ortant as a (asis for te !ro"ect scedule you will !re!are during te Planning
Pase'
+ne a!!roac to s7etcing out te timeline is to start (y setting a com!letion date and
ten wor7ing (ac7ward' Tis el!s to develo! a range of time tat is availa(le for eac
!ase of te !rocess' 1ven wen te deadline for te com!letion of te !ro"ect is te
infamous F(y yesterday,F time sould (e allocated for te Planning and Sta(ili<ing
Pases' ,f a migration (egins witout !lanning or a clear understanding of te desired
results, te result will often (e flawed'
Wen migrating directory and file and !rint services, de!ending on te sco!e of te
!ro"ect, a time frame of two to four monts is considered to (e a sort time frame, wit
four to si9 monts offering a more comforta(le window @te lengt of te de!loyment in a
!ased migration will (e (ased u!on your (usiness needsA' Witin tis time frame,
several wee7s are availa(le for !lanning, a similar amount of time is availa(le for te
develo!ment and testing !rocess, and ten te de!loyment can !roceed' Te si<e and
num(er of o("ects to (e migrated will determine te actual lengt of te de!loyment'
6emem(er tat cange will (ring wit it a learning curve for (ot te user communities
and te administrative staff' Te greater te amount of cange tat em!loyees need to
ad"ust to, te more su!!ort and training will (e reHuired to ensure teir !roductivity wen
te new !latform is rolled out' ?e sure tat te necessary training will occur (efore te
date tat te users need to (e fully !roductive on te new system'
+ote, -ardware and software !rocurement can also cause delays, so for sorter time
frames, tey sould (e !rocured as soon as !ossi(le after te ideal configuration as
(een defined'
Assessing Project Ris)s
6is7 is a !art of every migration' 6is7 management involves antici!ating, addressing,
mitigating, and !reventing ris7s' Prioriti<ing ris7s ena(les te team to address ig8ris7
items early' 6efer to te .MP/ for guidance in te ris7 management !rocess' &fter you
come to some agreement a(out a vision, sco!e, and solution conce!t, you will (e a(le to
consider te ris7s your !ro"ect faces and come u! wit a !reliminary ris7 assessment, as
one of te final tas7s of te 1nvisioning Pase'
Some of te common ris7 conditions in a migration !ro"ect include#
C 19isting directory !ro(lems, suc as corru!tion
C &!!lication com!ati(ility issues
C Time framePa sort timeline tat often reHuires cutting corners in te testing
!rocess
C ?andwidtP W&N or ;&N connectivity issues
2*
C ?udget constraints
C ;ac7 of in8ouse e9!ertise and resources for te !ro"ect
C JPoliticalK issues
C ;ac7 of ardware and software availa(ility
22
3
Planning )our Novell8to8
Windows Migration Pro"ect
Te Planning Pase of a !ro"ect is te time wen te initial vision is translated into
!ractical !lans for ow to acieve it' Most of te activity during te Planning Pase
involves ma7ing decisions and documenting tem' Te full !ro"ect team sould (e
engaged at tis !oint' 6eaders sould consult te .MP/ for guidance on organi<ing te
team and !rocesses to accom!lis te wor7 of te Planning Pase'
Te focus of te Planning Pase, te second !ase of te migration !lanning
metodology, is on furter understanding te e9isting environment, develo!ing te details
of te rigt solution @selecting a migration strategy and !rocessA, esta(lising a scedule
for te migration, and finally (uilding a la( to test te migration'
Te information !rovided in tis section will guide you on te considerations to 7ee! in
mind as you ma7e decisions' For e9am!le, designing te !ysical arcitecture is !artially
determined (y te amount of !erformance tat is needed, as well as oter !roduction and
o!erational reHuirements'
Te following set of delivera(les and activities will need to (e com!leted during tis
!ase' Tis wor7 may involve several iterations of eac delivera(le, (ecause tey
re!resent te documentation of some com!le9 decisions tat must ta7e several tecnical
factors and organi<ational needs into consideration'
C Te functional s!ecifications document, wic summari<es te 7ey decisions made
during te !lanning !rocess, sould include#
C >ey design goals
C Summary of te e9isting environment
C Sco!e summary
C ?ac7ground information tat !laces te solution in a (usiness conte9t
C Te solution design and arcitecture, from te conce!tual, logical, and !ysical
!oints of view
23
C Features and services tat define te functionality of te solution
C 2om!onent s!ecifications tat define te !roducts tat will (e used to deliver
reHuired features and services
C De!endencies on oter !ro"ects or resources outside te !ro"ect teamGs control

C Te master !ro"ect !lan and scedule, wic descri(es wen eac !iece of te
wor7 will (e done and sows ow te wor7 will (e coordinated, ta7ing
de!endencies into account'
C &n u!dated ris7 assessment wit management !lans for to! ris7s'
Planning P$ase Major Milestone, Project Plans Aroved
Te !ase concludes wen te !ro"ect team agrees tat te !lans are sufficiently well8
defined to !roceed wit develo!ment and testing, and te team, (usiness s!onsor, and
7ey sta7eolders a!!rove te design and te master !ro"ect !lan and scedule, usually
at a milestone meeting' Te formal conclusion is mar7ed (y te second ma"or !ro"ect
milestone, Pro"ect Plans &!!roved'
Evaluating t$e E5isting Environment
,t is critical to fully understand te current environment (efore designing te environment
to wic you !lan to u!grade' &llow time in te Planning Pase to continue te
assessment wor7 tat you did in te 1nvisioning Pase (y collecting more detailed
information a(out te e9isting environment and evaluating tat information to determine
te a!!ro!riate ne9t ste!s'
Te evaluation !rocess can sed ligt on constraints to te im!lementation !rocess tat
werenGt considered !reviously, suc as time restrictions tat would affect te window of
o!!ortunity for cange' Tese restrictions can include seasonal (usinesses, com!any
(udgeting cycles, or even vacation scedules'
.ltimately, wile te amount of time s!ent in te assessment and evaluation !rocess will
vary greatly, te goals are te same# to understand te tecnology infrastructure in !lace
and te ris7s involved in te !ro"ect to limit te sur!rises tat may occur during te
Migrating and De!loying !ases'
,n !re!aration for develo!ment of te functional s!ecifications document, te following
assessment tas7s sould (e !erformed#
: /iagram t$e networ) including $ardware and so'tware- 2reate a diagram of
te NetWare networ7 and all of its com!onents' ,dentify wic servers are file and
!rint servers, We( servers, mail servers, and data(ase servers' Torougly
document all servers, including NetWare versions, trans!ort !rotocols, NDS
!artitioning, and directory versions @?indery or NDSA'
C /ocument an* rinters t$at need to be relaced' 2ec7 !rinters to ensure tat
tey can (e !rinted to using !rotocols oter tan ,PT @ideally T2PE,PA' ,nclude any
!rinters tat need to (e re!laced in (udget and timeline estimates'
: Identi'* all t*es o' in'ormation stored on t$e networ)- ,dentify all ty!es of
information stored on te NetWare networ7 @not "ust NDS or ?indery informationA,
were it is stored, wo is res!onsi(le for wic information, wic su(sets of users
ave access to wic data, and wat te associated security reHuirements are'
: Identi'* all +ovell;deendent so'tware- &mong te software in te diagram,
identify all software tat is de!endent on Novell'
24
: Review WA+4(A+ lin)s7 and t$eir available bandwidt$- Determine te availa(le
(andwidt for W&N and ;&N lin7s' Tis will el! you decide ow you can
effectively design te &ctive Directory to!ology in res!ect to te current Novell
!ortioning on te e9isting networ7'
: Anal*&e t$e current namesace design- Familiari<e yourself wit te current
Novell names!ace design'
C Review user environment comonents involved in t$e migration- 6eview user
environment com!onents, !rimarily login scri!ts and grou!Esystem !olicies'
: Per'orm a director* $ealt$ c$ec)' /o troug te Novell NDS or eDirectory to
determine if te directory is wor7ing !ro!erly' ,n addition, if tere is already an
&ctive Directory infrastructure in !lace, verify tat it is wor7ing !ro!erly' Te ealt
cec7 ensures tat te o("ects sceduled for migration are a!!ro!riate and tat
tey can (e migrated to te new environment'
Tere are a num(er of different ways to !erform an eDirectory ealt cec7' Ste!8
(y8ste! !rocedures for verifying te DS versions, time syncroni<ation using
DS61P&,6, and ma7ing sure tat all of te servers are in sync, using DST6&21 to
verify tat te servers ave re!licated !ro!erly, can (e found in te Novell wite
!a!er T,D U*00*2=0='
&dditional tests covered in te Novell wite !a!er tat may (e useful include#
C 6e!lica Syncroni<ation @DS61P&,6A
C 19ternal 6eferences @DS61P&,6A' Ma7e sure tat te e9ternal references are
u!dated' Tere are references to several oter wite !a!ers tat discuss tools
you can use (ased on weter you are using NetWare 0'* or 4'9
C 6e!lica State @DS61P&,6A
C 6emote Server ,Ds @DS61P&,6A
C 6e!lica 6ing @DS61P&,6A
C Scema @DST6&21A' Turn off DST6&21 and ten you are ready to conduct
te migration !rocess'
C 6e!air local data(ase @DS61P&,6A
C ?ac7 u! te data(ase @DS61P&,6A
+ote, During migration !lanning, sould you decide to use te tird8!arty tool, Ouest
NDS Migrator, te assessment !rocess can (e enanced wit te NDS Ouest 6e!orter
tool' Migration tool selection is covered in te FMigration ProcessF section of tis
ca!ter' For additional information regarding NDS Ouest 6e!orter, see te
&fter you ave finised te assessment and evaluation tas7s, do te following#
: /ecide $ow to $andle +ovell;deendent so'tware- ?efore te migration (egins,
decide weter you will re!lace all ?indery8, NDS8, or N;M8de!endent software
@suc as NDS8com!liant DNS, D-2P, L1Nwor7s, etc'A wit &ctive Directory8
com!ati(le software @leading to a direct migration, or weter you want to continue
to use some or all of te ?indery8 or NDS8integrated services or a!!lications
@leading to a !ased migrationA' ?e sure to include te e8mail system in tis list'
: /etermine t$e s*stems to be migrated- Determine wic systems will (e
migrated or decommissioned' Determine te affected users, grou!s, o("ects,
folders, files, data(ases, and e8mail systems @/rou!Wise or otersA'
20
: Plan 'or 'uture $ardware7 so'tware7 and networ) bandwidt$ needs- 6esearc
wat additional functionality your organi<ation !lans to im!lement in te future'
Factor tese features into your migration !lanning @for e9am!le, wen you !lan
names!ace design, W&N lin7s, a!!lication software needs, etc'A'
: Anal*&e 'uture namesace design- Familiari<e yourself wit &ctive Directory
names!ace design !rinci!les and consider future names!ace design' 6efer to te
current Novell names!ace design'

/eveloing t$e Solution /esign and Arc$itecture
2reating te solution design and arcitecture involves a systematic !rogression from
a(stract conce!ts to s!ecific tecnical detail' Designing can (e divided into tree
seHuential (ut overla!!ing ste!s, wic re!resent tree ways of descri(ing te solution'
C 2once!tual design, wic analy<es and !rioriti<es (usinesses, user, system, and
o!erational reHuirements and descri(es in nontecnical language ow te solution
will meet tem'
C ;ogical design, wic descri(es te solution in terms of te organi<ation, structure,
and interaction of its !arts in tecnical language'
C Pysical design, wic identifies te detailed instantiation of te solution wic will
(e (uilt, for e9am!le software arcitecture, communication !rotocols, !ysical
infrastructure arcitecture, and to!ology'
Tis section will !rovide you wit an overview of te areas you sould focus on wen
designing your new Windows environment' For detailed information on designing a
Windows Server 2003 &ctive Directory environment, see Windows Server 2003
De!loyment >it# Designing and De!loying Directory and Security Services
tt!#EEwww'microsoft'comEdownloadsEdetails'as!9QFamily,DR52D1511:80DF*843N48
N21D82*4:23&N1??1Vdis!laylangRenUfilelist' ?efore reading tis document, you may
want to familiari<e yourself wit Windows Server terminology, (ecause some 7ey
conce!ts li7e organi<ational unit are used differently tan in te Novell conte9t'
&s !reviously stated, te focus of tis guide is to !rovide you wit information on ow to
migrate your e9isting Novell environment to Windows' -owever, (efore you can migrate
to a new Windows environment, you must first determine wat tat environment will loo7
li7e' Pro!er design of your new Windows Server 2003 &ctive Directory structure is a
critical com!onent in te successful de!loyment of te tecnology' Mista7es made in te
!lanning !ortion of &ctive Directory can !rove to (e costly and difficult to correct' ,n te
!lanning !rocess you and your team sould determine wat te new environment will
loo7 li7e @te designA and ow you will get tere @te migration !lanA' .se te information
tat follows to el! te team ma7e te necessary decisions'
Areas o' <ocus 'or t$e Solution /esign
Tere are a num(er of Microsoft documents tat detail te !rocess of designing a
Windows Server 2003 &ctive Directory' Te !ur!ose of tis section is to identify te 7ey
areas tat you need to consider (efore migrating from a Novell environment to
Windows Server 2003 &ctive Directory'
25
Windows Server 0112 /esign
Determine te software version and te ardware configuration tat will (e used' ,n
addition, (efore de!loying te servers in a test environment, consider te use of tird8
!arty a!!lications to !rotect data on te servers and ma7e a!!ro!riate decisions' Te
design of te system and te servers sould ta7e into account any data !rotection
software @(ac7u!, antivirus, etc'A tat you decide to use'
Active /irector* /esign
&ctive Directory is a necessary and fundamental com!onent of any
Windows Server 2003 im!lementation' )ou can use (uilt8in tools to set u! &ctive
Directory, in addition to Windows Server 2003, as long as you consider a few
straigtforward design !arameters (efore de!loyment#
Arc$itecture
C <orest and /omain /esign' Determine te Forest and Domain Model' +!tions
include a Single ForestESingle Domain Model, a Single ForestEMulti!le Domain
Model, a Multi!le Forest Model, or a com(ination environment'
C <unctional (evels in Windows Server 0112 Active /irector*' Determine te
Windows functionality tat will (e reHuired' Tis decision is (ased on te needs of
your organi<ation, suc as weter or not you ave Windows 2000 or
Windows NT 4'0 domain controller and weter tere is a reHuirement to retain
Windows NT 4'0 domain controllers'
C +amesace' Will tere (e any Names!ace issuesQ Wen sares are migrated
from a source server to te target server, te .N2 !ats of te migrated files are
canged' Tis may affect any a!!lication or user tat references te .N2 !at, for
e9am!le a!!lication lin7s, logon scri!ts, networ7 !laces, and sortcuts'
&!!lications and users generally reference files in one of te following ways#
C Ma!!ed drive letters
C .N2 !ats
C DFS

+etwor)ing Services
Windows Server 2003 introduces several functional im!rovements to networ7 services'
Tese im!rovements allow for increased administrative functionality, greater relia(ility,
and an overall increase in value for an organi<ationDs networ7 infrastructure'
: /+S- Te first ste! in te actual design of te &ctive Directory structure is deciding
on a common Domain Name System @DNSA names!ace tat &ctive Directory will
occu!y' &ctive Directory revolves around and is inse!ara(le from DNS, as suc,
tis decision is one of te most im!ortant ones to ma7e' Te names!ace cosen
can (e as straigtforward as microsoft'com, for e9am!le, or it can (e more
com!le9' ?efore you can ma7e tis decision, you need to consider multi!le factors'
,s it (etter to register an &ctive Directory names!ace on te ,nternet and !otentially
e9!ose it to intruders, or is it (etter to coose an unregistered internal names!aceQ
,s it necessary to tie multi!le names!aces into te same forestQ Tese Huestions
must (e answered (efore te design !rocess can !roceed'
: WI+S- Many modern networ7s include com!onents tat rely on W,NS, including
down8level @!re8Windows 2000A clients, legacy a!!lications, and even some
Microsoft services suc as Distri(uted File System @DFSA tat use Net?,+S
resolution (y default' 2onseHuently, it is often necessary to 7ee! using W,NS in
Windows networ7s, unless it can (e definitively !roven tat it is no longer
necessary'
2:
: /!CP' D-2P can (e configured to allow for te Server service to u!date te
Dynamic DNS record for te client if tat client is una(le to !erform te u!date
itself' Tis o!tion can (e turned on and off at te server level, troug te D-2P
Manager MM2' &dditional design considerations regarding D-2P include#
C Migrating e9isting D-2P sco!es or recreating te sco!es
C Placement of D-2P services
Con'iguration

C Active /irector* Site and Relication #oolog* (a*out' For !ur!oses of
re!lication, &ctive Directory logically organi<es grou!s of servers into JsitesK'
Ty!ically, a single site sould (e com!osed of servers tat are connected to eac
oter troug T* or iger8s!eed connections' Te im!ortant factors to consider
wile identifying a site for consolidation include#
C Networ7 availa(ility, (andwidt, and latency
C 19isting or future service level agreements @S;&sA
C &!!lication reHuirements
C Pysical condition of te location
C .ser !erce!tion of !erformance
C /omain Controllers' Determine te !lacement of domain controllers in
Windows Server 2003 as it is te critical factor to im!roving te communication
res!onse time from an &ctive Directory Huery'
C (A+ and WA+ lin)s' +ne factor to consider wen you !lan directory
syncroni<ation is ow server locations affect networ7 traffic' ,f &ctive Directory
and NetWare information e9ists on servers in te same location, syncroni<ation
traffic will (e inconseHuential' ,f te &ctive Directory and NetWare servers are
!ysically se!arated across a low (andwidt or non!ersistent W&N connection,
re!lication traffic will (e more im!actful' )ou must also !lan for any additional
networ7 (andwidt reHuirements tat migt arise from te introduction of !eriodic
directory syncroni<ation (etween &ctive Directory and NDS or ?indery' &ltoug
eac environment is uniHue, it is im!ortant to understand tat te following factors
affect directory syncroni<ation traffic#
C Num(er of o("ects in &ctive Directory
C +("ect si<e
C Num(er of canges
C FreHuency of syncroni<ation
C +ne8way or two8way syncroni<ation configuration

2=
Management
C %rou Policies' Wile /rou! Policy +("ects @/P+sA are a system introduced wit
&ctive Directory, !redecessors to /P+s and com!onents of /P+s are availa(le
witout te use of &ctive Directory' System !olicies were introduced wit Windows
N0 and Windows NT 4'0 and were used to manage various as!ects of tose
o!erating systems in a Wor7grou! or Domain environment' ;ocal !olicies are
availa(le for Windows 2000, Windows Server 2003, and Windows TP com!uters
tat are not mem(ers of an &ctive Directory forest'
?ecause of te !otential !resence of oter !olicy (ased system for systems
management, it is im!ortant to review te current use of !olicies in your
organi<ation and create a !lan for eiter re!licating te e9isting !olicy set using
/P+s or modifying te e9isting reHuirements and im!lementing te new set of
reHuirements
: (ogin Scrits' ;ogins scri!ts are used e9tensively to control various as!ects of
te user e9!erience in a NetWare environment' -owever, (ecause NetWare uses
a !ro!rietary scri!ting language and system to !rovide login scri!ts, migration to
(atc file8(ased &ctive Directory login scri!ts reHuires careful !lanning' Tis is an
e9cellent o!!ortunity to review current login scri!ts for accuracy and relevance
(efore design' ?ecause of te ierarcical nature of NDS, login scri!ts in an NDS
environment can (e !resent at many levels of te directory and are all !rocessed
seHuentially' 2onseHuently, tey sould all (e ta7en into account during design' ,n
addition to te (atc file !rocessing ca!a(ility natively !resent in &ctive Directory,
ca!a(ilities of /P+s, Windows Scri!ting -ost, and various 6esource >it Tools
!rovide a !owerful toolset for te creation of login scri!ts'
: Securit*' Determine te security reHuirements tat must (e re!licated in te new
environment and te tools or features necessary to accom!lis te reHuired level
of security'
Wor)stations
Tere are (asically four different o!tions for configuring te clients#
C Pysically wal7 to every single des7to!, uninstall te Novell 2lient32, and
rema! to te Windows client' Tis is a manual !rocess tat ta7es
a!!ro9imately *08*0 minutes !er wor7station' ,f you donDt ave a lot of
com!uters in te environment, tis may (e te easiest a!!roac'
C 2reate a scri!t' Te scri!t uninstalls and ten installs in one !rocess' ,t can (e
im!lemented manually troug a (atc file or a login scri!t'
C ;aunc a scri!t troug /rou! Policy' )ou can create a scri!t tat will uninstall
te 2lient32 and install Windows remotely'
C 6etire 2lient32 during a !ased des7to! refres' ?efore te client is removed,
te 2lient32 software remains on te des7to!, (ut all of te ma!!ings are
removed' ?asically you remove te login scri!t from te Novell system and you
use /rou! Policy and &ctive Directory to do all of te drive ma!!ings' &t tis
!oint te 2lient32 is effectively unused, (ut is still !resent' Wile te refres is
in !rogress, you will still need to maintain a NetWare autentication
mecanism in !lace so te user can login, (ut oterwise &ctive Directory will
ta7e over te networ7 login functions'
Many organi<ations are coosing tis fourt o!tion'

2N
Migration Planning
&fter you ave determined wat your new environment will loo7 li7e, you are ready to
determine ow you will migrate your e9isting environment to te new environment' Tere
are tree com!onents to !lanning te migration from Netware to Windows Server 2003#
(uilding te new environment, determining your migration strategy, and determining your
migration !rocess for moving your e9isting users and data to te new environment'
.uilding Active /irector*
?efore you can migrate you must first (uild te new Windows &ctive Directory
environment' Tis section !rovides an overview of te o!tions for (uilding &ctive
Directory' For detailed information regarding (uilding &ctive Directory, see te
Windows Server 2003 De!loyment >it# Designing and De!loying Directory and Security
Services @tt!#EEwww'microsoft'comEdownloadsEdetails'as!9QFamily,DR52D1511:80DF*8
43N48N21D82*4:23&N1??1Vdis!laylangRenUfilelistA'
Te &ctive Directory de!loyment strategy tat you a!!ly will vary according to your
e9isting networ7 configuration' For e9am!le, if your organi<ation is !urely a Novell
NetWare environment, you will ave to design and (uild te &ctive Directory from scratc'
-owever, if your organi<ation currently runs Windows NT 4'0, you can !erform an in8
!lace u!grade of te e9isting environment' ,f your organi<ation currently runs
Windows 2000 &ctive Directory, you can u!grade te domain to Windows Server 2003
functional levels troug a se!arate migration !rocess'
Tere are two strategies to (uilding an &ctive Directory#
C ?uild &ctive Directory from scratc
C .!grade @in8!laceA Migration of an 19isting Windows NT 4'0 Domain or
Windows 2000 environment

.uilding Active /irector* 'rom Scratc$
,f your organi<ation only as NetWare servers and as never installed a Windows NT
networ7 in te environment, you can (uild te new &ctive Directory from scratc' Wit
tis !rocess, a new, clean &ctive Directory is (uilt, o("ects are created from scratc, and
using migration tools, information suc as user accounts and grou!s is !ulled out of NDS
and ten moved across to &ctive Directory'
Te advantage of creating an &ctive Directory from scratc is tat it is clean and !rovides
te o!!ortunity to create a clear design' +ne of te disadvantages is tat every com!uter
must (e touced' 2om!uters tat were mem(ers of a Wor7grou! ave to now "oin te
new domain' &noter disadvantage is tat you ave to recreate or manually create user
!rofiles' Tings li7e user favorites, screen savers, icons, registry settings, and drive
ma!!ings are attaced to te wor7grou!' Wen te com!uter is "oined to te domain
tese !references are lost' Fortunately, tere are automated tools descri(ed in tis
document tat will allow you to ca!ture tis information and recreate it in te new
environment'
"grade =In;lace> Migration o' an E5isting Windows +# 6-1 /omain
or Windows 0111 Environment
Te in8!lace domain u!grade !rocess is a direct u!grade of te e9isting !roduction
Windows NT 4'0 Server @o!erating system and domainA to Windows Server 2003 and
&ctive Directory' .se te Windows Server 2003 Setu! Wi<ard included on te
Windows Server 2003 2D to !erform te u!grade' For more information on u!grading
30
e9isting Windows NT 4'0 domains, see .!grading Windows NT 4'0 Domains to
Windows Server 2003 &ctive Directory
@tt!#EEwww'microsoft'comEresourcesEdocumentationEWindowsServE2003EallEde!loyguideE
en8usEDefault'as!QurlREresourcesEdocumentationEWindowsServE2003EallEde!loyguideEen8
usEdss((SoverSdnrr'as!A'
.!grading your Windows 2000 domains to Windows Server 2003 domains is an efficient,
straigtforward way to ta7e advantage of additional Windows Server 2003 features and
functionality' .!grading from Windows 2000 to Windows Server 2003 reHuires minimal
networ7 configuration and as little im!act on user o!erations' For more information on
u!grading e9isting Windows 2000 domains, see Windows Server 2003.!grading
Windows 2000 Domains to Windows Server 2003 Domains
en8usEDefault'as!QurlREresourcesEdocumentationEWindowsServE2003EallEde!loyguideEen8
usEdss((SoverSdnrr'as!A'
/etermining ?our Migration Strateg*
Wen develo!ing a migration strategy tere are a num(er of decisions tat you must
ma7e#
C Plan a direct or $ased migration' Plan an immediate, one8time migration, or a
!ased migration over time @syncroni<ing &ctive Directory and your NDS directory
during te transitional !eriodA' Detailed information for !lanning your !ased or
direct migration is covered in te following section'

: Identi'* containers and servers to migrate or s*nc$roni&e- ,dentify te
containers tat you want to migrate or syncroni<e and te &ctive Directory and
NDS or ?indery servers (etween wic you want to esta(lis tose relationsi!s'
: Identi'* and obtain administrator accounts wit$ su''icient ermissions to
success'ull* comlete t$e migration- ,f you will use syncroni<ation, ensure tat
you ave te reHuired accounts wit !ermissions to e9tend te &ctive Directory
scema @even toug te Services for NetWare 0'03 tool, Microsoft Directory
Syncroni<ation Service @MSDSSA, does tis automatically, you must ave
scema8e9tending administrative autorityA' ,f you will use two8way
syncroni<ation, ensure tat you ave te necessary !ermissions to e9tend te
NDS scema'

Imortant, Wen you set u! a two8way syncroni<ation session wit MSDSS, you
must ave full administrator !rivileges to te entire NDS container in wic you are
creating te session' 1nsure tat tese !rivileges are maintained for te life of te
sessionPif tese !rivileges are canged, o("ects may (e deleted from one or (ot
of te directories'
: C$oose t$e migration administrators- Decide wo you will add as a mem(er of
te MSDSS &dmins grou! tat is created automatically wen you install MSDSS'
2oose te users to wom you will delegate s!ecific MSDSS administrative tas7s'
: /etermine t$e aroriate migration rocess- Determine if you will !erform te
migration manually or you em!loy migration tools and services' For details on
selecting migration tools see te Migration Tools section of tis ca!ter'
3*
A P$ased or /irect Migration@
,n te 1nvisioning Pase, you determined wic ty!e of migration will wor7 (est for your
organi<ation' .se te sections tat follow to !lan te a!!ro!riate migration'
P$ased Migration
,n a !ased migration, you use MSDSS to co!y all ?indery or NDS user accounts,
grou!s, and distri(ution lists, and @for NDS onlyA +rgani<ational .nits and organi<ations
to &ctive Directory' &t te same time, tese o("ects are maintained in NDS or ?indery'
Wile you gradually move resources to te Windows Server 20038(ased environment,
te MSDSS8!rovided directory syncroni<ation ena(les users to continue to access
tose resources tat remain on NetWare servers' &s te cangeover continues, users
(egin to access resources on Windows Server 20038(ased servers wit teir new
accounts and associated migrated !ermissions'
&fter you ave moved all resources to Windows Server 2003, converted all Novell
services and a!!lications to &ctive Directory8(ased counter!arts, and moved o("ect
security !ermissions and o("ects tat MSDSS does not migrate @suc as com!uter
accounts, !rinter o("ects, and a!!lication o("ectsA, syncroni<ation (etween te two
directory services migt no longer (e necessary' Tis will allow you to delete te
syncroni<ation sessions and decommission remaining NetWare servers'
,f you coose a !ased migration#
C (ist migration riorities- ;ist te de!artments or oter grou!ings, te software,
and te ardware tat you must migrate immediately, and wic resources can (e
migrated over time' ;ist te order in wic you want to accom!lis eac stage
C C$oose one; or two;wa* s*nc$roni&ation- Decide weter one8way
syncroni<ation @using &ctive Directory to manage o("ects in (ot directoriesA or
two8way syncroni<ation @using eiter &ctive Directory or NDS to manage sared
dataA is a!!ro!riate to te situation' Ta7e networ7 traffic into account' Decide te
timeta(le for re!lacing any of te ?indery8 or NDS8de!endent software wit &ctive
Directory8ena(led counter!arts' For more information, see te JSyncroni<ationK
section in tis ca!ter'

/irect Migration
>ee! in mind tat tis !rocess can only (e !erformed if tere are no reHuirements to
maintain legacy Novell systems and your environment is small enoug or you ave
enoug resources to migrate all of te wor7stations in te environment'
Tis !rocess sould (e fully tested in te test environment to identify any issues and
verify tat tere are no a!!lication reHuirements for Novell servers' &fter Novell servers
are retired, te client will no longer (e a(le to communicate wit a server until it as (een
migrated to te Windows environment'
S*nc$roni&ation
Syncroni<ation allows users to wor7 on (ot systems witout losing data or aving
versioning !ro(lems' )ou will need to !lan for syncroni<ation if you are doing a !ased
migration or if your direct migration !ro"ect lasts long enoug to reHuire tat you su!!ort
users on (ot systems'
Te administration of multi!le directory services often leads to time8consuming and
redundant management' 1sta(lising a !eriodic syncroni<ation of (ot directories, using
MSDSS or a tird8!arty tool suc as Ouest NDS Migrator, will el! you reduce te time
you s!end on directory management'
32
Wen you introduce Windows Server 2003 and &ctive Directory into an e9isting Novell
networ7, you can facilitate directory management and im!rove data availa(ility (y
esta(lising directory intero!era(ility' 2entral to intero!era(ility is te ca!a(ility to
syncroni<e te information stored in &ctive Directory wit te Novell directory
information witin your organi<ation' Microsoft Directory Syncroni<ation Services
@MSDSSA, included wit Services for NetWare 0'03, ma7es &ctive Directory
syncroni<ation wit NDS and NetWare 3'9 (inderies !ossi(le'
?y default, MSDSS syncroni<ation du!licates te ?indery or NDS structure in &ctive
Directory' &lso li7e migration, syncroni<ation ma!s Novell user, grou!, and distri(ution
list o("ects to &ctive Directory user, grou!, and distri(ution list o("ects, and @for NDS onlyA
it ma!s Novell +.s and organi<ations to &ctive Directory +.s' ,n addition, MSDSS
syncroni<ation o!tionally !rovides custom o("ect ma!!ing @for NDS onlyA tat ena(les
you to ma! o("ects in dissimilar directory structures to eac oter'
Syncroni<ation and &ctive Directory are easy to set u! troug te MSDSS
management interface' MSDSS !rovides two o!tions for managing syncroni<ation as
!art of a migration strategy#
C One;wa* s*nc$roni&ation- Tis o!tion ena(les you to manage o("ects in (ot
directories from &ctive Directory' 6easons to select one8way syncroni<ation
include#
C )ou want to centrali<e directory administration from &ctive Directory'
C Te networ7 is !redominantly Windows8(ased @wit some NDS8(ased
com!utersA, or te networ7 is currently NDS8(ased (ut you !lan to reduce te
num(er of directories over time'
C )ou want to administer and u!date NDS user account !asswords to su!!ort a
single set of logon credentials tat ena(le users to log on to (ot a Windows8
(ased and a Novell8(ased networ7'
C )ou are !re!aring to migrate an NDS8(ased directory environment to &ctive
Directory'

C #wo;wa* s*nc$roni&ation- Tis o!tion ena(les you to manage sared data, suc
as user account information, from eiter directory' 6easons to select two8way
syncroni<ation include#
C )ou want two sets of networ7 administrators to administer (ot &ctive
Directory and NDS'
C Te networ7 environment contains NDS as te !rimary directory, and you ave
no !lans to consolidate te num(er of directory !latforms'
C )ou are !lanning to maintain and actively administer (ot directory
environments for an e9tended !eriod of time @several monts or longerA'

For more information on syncroni<ation strategies see te Net4are to
4indows +erver 200) Mi'ration Plannin' 3uide
@tt!#EEwww'microsoft'comEwindowsserver2003EtecinfoEoverviewEsfnmig'ms!9A'
Migration Process
Te ne9t com!onent of te Planning Pase is determining your migration !rocess' Tere
are two o!tions for te migration !rocess# manual migration or automated migration using
tools'
Te reasons to use migration tools are relatively clear and include te ca!a(ility to
automate te migration of information wile using e9isting NetWare investments and
settings to decrease te time s!ent on te migration'
33
Migration tools !rovide te ca!a(ility to automate te migration of information (y using
e9isting NetWare settings to decrease te time s!ent on te migration' .sing migration
tools, owever, and factoring in teir sometimes significant cost, may not always (e
necessary, !articularly in situations were#
C Tere is little configuration investment in access control lists @&2;sA or user
account information in te Novell environment
C Te information stored in te Novell environment is not accurate or current
C Te num(er of o("ects or files is so small tat it is not wort te time to install,
learn, and use te migration tools

,f one of more of tese situations descri(es your networ7 environment, consider a manual
migration'
-owever, if you ave a significant configuration investment, your Novell environment is
u!8to8date, and you ave a large num(er of o("ects and files to migrate, migration tools
may (e el!ful in te migration !rocess'
Manual Migration
,f you coose manual migration, you will need to re8enter user account information andEor
reset file !ermissions manually'
Automated Migration
Tis guide focuses on two migration tools# Services for NetWare 0'03 and Ouest NDS
Migrator' For many organi<ations, Services for NetWare 0'03 !rovides for a ro(ust
syncroni<ation and migration strategy tat is cost8effective and easy to de!loy' +ter
organi<ations ave effectively used te advanced control, logging, and ris78management
ca!a(ilities of Ouest NDS Migrator to control teir migration strategy' 1iter o!tion is
valua(le, and it is recommended tat you test (ot solutions as !art of a !rototy!e
environment to determine wic tools !rovide te (est fit for your migration strategy' )ou
sould ma7e a decision (y te end of te !rototy!e'
Migration #ools
Wile tere are a num(er of tools availa(le to assist wit te migration, tis guide
focuses on Microsoft Services for NetWare 0'03 @SfNA and a tird8!arty tool, Ouest NDS
Migrator'
Services 'or +etWare
Services for NetWare 0'03 @SfNA and Windows Server 2003 !rovide !rotocols and
services tat ena(le migration, syncroni<ation, and limited intero!era(ility wit Novell
NetWare networ7s' Tese !rotocols and services ena(le networ7 managers and
tecnical staff to integrate com!uters running Windows Server 2003 into a NetWare
networ7 to facilitate migration andEor coe9istence' To enance intero!era(ility wit
NetWare networ7s, Services for NetWare 0'03 includes Directory Syncroni<ation
Services @MSDSSA and te File Migration .tility @FM.A#
34
C Microso't /irector* S*nc$roni&ation Services' Microsoft Directory
Syncroni<ation Services @MSDSSA is a tool used for two8way syncroni<ation of
directory information stored in te &ctive Directory and NDS' MSDSS also
syncroni<es directory information stored in &ctive Directory wit all versions of
NetWare 3'9 (indery services on a one8way (asis'
MSDSS is te cornerstone of any NDSE?indery to &ctive Directory migration
strategy' MSDSS also !lays a critical role in long8term coe9istence strategies (y
allowing NetWare customers to de!loy &ctive Directory services witout aving to
re!lace e9isting directories or (ear te cost of managing two se!arate directories'
&s a result, customers ave te fle9i(ility to consolidate networ7 management
wen multi!le directories are reHuired, manage accounts from eiter directory, and
use directory8ena(led a!!lications, devices, and services (ased on &ctive
Directory'
C <ile Migration "tilit*' Te File Migration .tility @FM.A is a utility tat !rovides a
central management console to automatically manage te migration of files from
NetWare file and !rint servers to Windows 2003 servers' Te File Migration .tility
el!s customers migrate teir NetWare files to a Windows 2003 server (y#
C &ccelerating te migration !rocess troug automation'
C Preserving file security information'
C Sim!lifying migration management'

Te File Migration .tility reduces te time and cost of migration (y co!ying multi!le
NetWare files and teir associated !ermissions to one or more Windows 2003
servers automatically' ,t !reserves te !ermissions and &2;s associated wit eac
file it co!ies' Troug granular ma!!ing su!!ort and integration wit MSDSS, files
and te rigts tey ave inerited or (een assigned in NetWare are calculated and
maintained in te Windows 20038(ased networ7, !reserving security and
minimi<ing te time8consuming !rocess of reassigning file rigts and !ermissions'
Te File Migration .tility migrates files easily, wit s!eed and security, (y !roviding
a central !oint of administration for migration management' &s suc, administrators
can monitor wic files ave (een migrated and wic avenGt in a detailed status
re!ort' ,ncremental migration su!!ort also allows customers to !erform a gradual
migration' Finally, FM. su!!orts (ot te T2PE,P and ,PTESPT !rotocols to allow
te migration of NetWare files and teir !ermissions'

Ta(le *'0 !rovides a summary of te NetWare8(ased elements tat can (e migrated
automatically from te ma"or versions of NetWare to te Windows 2003 Server using te
!reviously descri(ed tools and services'
30
#able A-1, Summar* o' Services 'or +etWare Migration Services
NetWare
Element
NetWare
Versions
Microsoft
Migration Tool
Available?
Tool Name
Files NetWare 3.x Yes FMU
NetWare 4.x Yes FMU
NetWare 5.x Yes FMU
Directories NetWare 3.x Yes MSDSS
NetWare 4.x Yes MSDSS
NetWare 5.x Yes MSDSS
NDS 8 Yes MSDSS

,n addition to te tools outlined, Services for NetWare 0'03 !rovides trou(lesooting
su!!ort tat ena(les you to trou(lesoot connectivity !ro(lems, login scri!ts, and
!assword syncroni<ation' Services for NetWare 0'03 also !rovides tools for monitoring
networ7 traffic'
Buest +/S Migrator
Ouest NDS Migrator is a com!reensive tird8!arty solution tat accelerates and
sim!lifies migrations from Novell Directory Services @NDSA to &ctive Directory' Ouest
NDS Migrator offers a !ro"ect8(ased ste!8(y8ste! a!!roac for migrating NDS and
?indery systems to Windows Server 2003 &ctive Directory' Ouest NDS Migrator is a
com!reensive tool tat is recommended for large environment migrations' -owever,
(efore deciding weter to use tis tool, your organi<ation sould evaluate te cost of te
tool and te resources reHuired to su!!ort it'
Ouest NDS Migrator wor7s well in large environments, (ecause it ta7es into account te
fact tat most NDS to &ctive Directory migrations are not sim!ly one massive o("ect
co!ying !rocess' Ouest NDS Migrator allows o("ect migration activities to (e (ro7en
down into managea(le o("ect grou!ings'
Te Ouest NDS Migrator solution is com!rised of several com!onents including Ouest
NDS 6e!orter and Ouest NDS Migrator#
C Buest +/S Reorter- Ouest NDS 6e!orter allows you to collect information a(out
your Novell environment (efore you (egin te migration' Tere are a num(er of
re!orts tat !rovide you wit information regarding grou!s, users, and file servers'
For more information a(out Ouest NDS 6e!orter see te
C Buest +/S Migrator- Ouest NDS Migrator !rovides all te tools you reHuire to
migrate o("ects and data to &ctive Directory from a central console' Te console
allows you to access all of te Ouest migration o!tions, (ot !re8 and !ost8
migration, and to scedule te data migration from Novell file servers to Microsoft
file servers' ,n addition, Ouest NDS Migrator !rovides a native view of (ot your
NDS and &ctive Directory tree, allowing you to visuali<e te tree structure and
(etter !lan te migration of o("ects'
35
Creating t$e <unctional Seci'ication
2ollect all of your decisions in te areas tat you ave tougt a(out and documented
during te 1nvisioning and Planning Pases' ?e sure tat te s!ecifications are clear
enoug so tat everyone can understand weter any !articular s!ecification as (een
met' Te initial document is a (aseline' )ou will want to cec7 it in and do version control
on it so tat you can control te design tat youDre actually going to (uild' Te
documentation tat you ave created u! to tis !oint will (e included or summari<ed in
tis definitive document'
/eveloing t$e Project Sc$edule

& !ro"ect !lan com!lements te functional s!ecifications document' ,t gra!ically
illustrates te !rocess of (uilding and testing te tecnologies reHuired and !rovides an
outline of wo is doing wat during te !ro"ect'
?y using a !roduct suc as Microsoft Pro"ect 2003, you can organi<e te ste!s in a
logical, linear !rocess' Te ig8level tas7s sould (e esta(lised first' Ty!ically, tey are
te !ases or ig8level tas7s involved in te !ro"ect, suc as 1nvisioning, Planning,
Migrating, Sta(ili<ing, and De!loying' Ten te main tas7s of tese !ases can (e
added'
)ou sould include dates and durations in te !ro"ect !lan, using te (asic conce!t of
starting wit te end date wen everyting needs to (e u! and running, and ten wor7ing
(ac7ward' ,tGs im!ortant to include 7ey milestones, suc as acHuiring new software and
ardware, sending administrative resources to training classes, and !rovisioning new
data circuits'
To 7ee! momentum going and to identify !otential delays, milestones sould (e set for
te com!letion of eac !ase' ,n most cases, !ro"ects witout !eriodic dates set as
interim milestone !oints will not meet te e9!ected com!letion date' Pro"ects tat e9tend
too far (eyond te allotted time frame add costs and ris7s suc as em!loyee turnover,
canging (usiness conditions, and new revisions of ardware and software !roducts'
,nclude slac7 time for une9!ected events or stum(ling (loc7s tat te team may
encounter' 1ac !ase of te !ro"ect needs to (e outlined and ten e9!anded' & good
rule of tum( is to ave eac line re!resent several ours or days of wor7 instead of
trying to list every tas7 tat needs to ta7e !lace during te !ase' ,f te !ro"ect !lan
includes too muc detail, it Huic7ly (ecomes unmanagea(le'
Te !lan sould also assign resources to te tas7s and start to define te teams tat will
wor7 on te different com!onents of te !ro"ect' ,f an outside organi<ation is going to
assist in te !rocess, include it at te a!!ro!riate !oints in te !ro"ect'
#est Planning
/eveloing a #est Plan
Te final com!onent in te Planning Pase is to develo! a test !lan' Te test !lan
defines te o("ectives and sco!e of te testing effort and identifies te metodology tat
your team will use to conduct tests' ,t also identifies te ardware, software, and tools
reHuired for testing and te features and functions tat will (e tested' & well8rounded test
!lan notes any ris7 factors tat "eo!ardi<e testing and includes a testing scedule'
3:
)our test !lan sould include#
C Testing sco!e and o("ectives
C Testing metodology
C 6eHuired resources
C ,dentification of te features and functions tat are to (e tested
C Testing scedule

For detailed information on develo!ing a test !lan, see te 2reating a Test Plan section of
te Windows Server 2003 De!loyment >it
en8usEDefault'as!QurlREresourcesEdocumentationEwindowsservE2003EallEde!loyguideEen8
usE!d!(cStestSatds'as!A'
Setting " t$e #est Environment
Set u! a test la( tat includes a restored co!y of te ?indery or NDS Server and a
Windows Server 2003 domain controller wit te Novell 2lient for Windows and te latest
version of MSDSS'
C ,nclude e9am!les of current and !lanned client wor7stations in te la('
C ,nclude a co!y of te !roduction NDS structure in te la('
C ,nclude co!ies of as many source Novell fileE!rint servers as !ossi(le' ?e sure to
!reserve security settings'
C ,nclude any oter com!onents tat affect user e9!erience in te la(, for e9am!le,
system !olicies'
C ,nstall any Novell8de!endent a!!lications in te test la( and test teir com!ati(ility
wit your migration !lans'

/eveloing #est (ab %uidelines and Procedures
.sers of te test la( need to 7now wen tey can !erform teir tests, weter teir
testing will disru!t oter tests, and wat te current state of te la( is' )our la( manager
or an assigned team mem(er sould esta(lis a communication system to disseminate
information a(out te availa(ility and state of te test la( and sould esta(lis guidelines
for la( use'
/uidelines sould (e easy to follow and sould address#
: Roles and resonsibilities' ,dentify wo is res!onsi(le for tas7s suc as
sceduling test la( use and !erforming (ac7u!s'
: <acilities and guidelines 'or secial t*es o' tests' ,dentify te domains and
configurations team mem(ers sould use for testing te migration !rocess'
: #est lab c$ange control rocedures' ,dentify wo is allowed to ma7e
configuration canges and define te a!!roval !rocess for cange reHuests' For
e9am!le, identify wo can ma7e scema canges and wo sould (e notified
wen a cange is made' Descri(e ow canges to te la( sould (e made and
identify wo is res!onsi(le for documenting tese canges'
3=
: Server initiali&ation rocedures' Document te ste!s for installing, configuring,
and !o!ulating domain controllers and mem(er servers' ,nclude DNS settings if
you do not !lan to use te DNS Server service in Windows Server 2003'
: #est lab restore rocedures 'or testing t$e rollout' Document te ste!s for
restoring domain controllers to teir original state and for refresing user account
data' Document all server configurations' Test te refres !rocess (efore you
(egin migration testing'
: Client comuter restore rocedures- ,f you !lan to re(uild client com!uters
freHuently to test various configurations, document te tools reHuired to Huic7ly
restore te com!uters to a 7nown state' For e9am!le, if you use 6,S, note tis in
your guidelines'

&s !art of te la( guidelines and !rocedures, te la( manager or an a!!ointed team
mem(er also sould develo! an escalation !lan and an incident8trac7ing system'
3N
Part 2# ?.,;D
4*
4
Migrating# Prototy!ing te
Migration to
Windows Server 2003
Te !ur!ose of te Develo!ing Pase @or Migrating Pase in tis documentA is to (uild,
validate, and test te design and migration !rocess in an isolated non!roduction
environment' Tis !ase is a critical ste! in an effective migration strategy, as te
ma"ority of !ro(lems can (e uncovered wen testing te migration !rocess' ,t is muc
(etter to uncover issues in tis !ase tan wen tey affect !roduction users and
(usiness !rocesses'
Te Develo!ing Pase tas7s tat are relevant to migration !ro"ects are#
C Testing te design and migration !rocess
C 6esolving issues tat are identified during te testing !rocess

Te content of tis section !rovides te tecnical information needed to ena(le teams to
accom!lis tese tas7s' 6efer to te .MP/ for general !ro"ect guidance on ow team
mem(ers and wor7 !rocesses sould (e organi<ed to com!lete tis !ase'

Migrating P$ase Major Milestone, Scoe Comlete
Te !ase formally ends wit te Sco!e 2om!lete Milestone' &t tis ma"or milestone, te
team gains formal a!!roval from te s!onsor andEor 7ey sta7eolders tat all solution
elements are (uilt and te solution features and functionality are com!lete according to
te functional s!ecifications agreed u!on during Planning'
3alidating #est (ab Comonents
,n te Planning Pase te la( was set u! to include re!licas of e9isting environment
infrastructure suc as NDS servers and files and &ctive Directory com!onents !er te
information from te design' ,n te Migrating Pase, te la( is (uilt u! (ased u!on (ot
te e9isting environment and te new environment' Wen te com!lete la( as (een
esta(lised, te migration !rocess can (e tested'
43
#esting t$e /esign and Migration Process
,n te Planning Pase, te team develo!ed a design, migration strategy, and a test !lan'
Te Migrating Pase uses te !arameters outlined te Test Plan to test and validate te
design configuration and migration !rocesses in te isolated test environment'
3alidation testing sould include te following ste!s#
C Syncroni<e directory information (y using MSDSS or Ouest NDS Migrator'
C Migrate files and file security on sam!le data (y using te File Migration .tility or
te Ouest Tools'
C 2onfigure and test !rinting in te la( @create of new Printers in &ctive Directory to
re!lace NetWare Print OueuesA
C 6eview and ad"ust your migration !lans as a!!ro!riate (ased on te results of te
test la(' ,t is e9!ected tat !ro(lems will arise in te test la('
C 6e!eat te test migration !rocess to one te !rocess until you are comforta(le
wit te results' Tis !rocess leads into te ne9t !ase of te migration, te
Sta(ili<ing !ase, were te !rocess is !erfected'
/esign
?efore you can test te migration !rocess, you must first test te design (y (uilding te
new infrastructure and configuring te environment to meet te design s!ecifications'
.uild +ew Windows Server 0112 In'rastructure
6egardless of weter you ave cosen to (uild a new &ctive Directory from scratc or to
do an in8!lace u!grade from an e9isting Windows NT 4'0 or Windows 2000 environment,
a set of new Windows 2003 servers and a new &ctive Directory forest must (e de!loyed
troug te arcitectural design cosen during te Planning Pase' Tis forest will serve
as te future ost for te migrated NetWare resources'
,nitially you sould de!loy only te ardware and o!erating system, and ten create te
&ctive Directory forest after te (uild !rocess is com!lete' .se te !rocedures develo!ed
in te la( wit te latest release of te o!erating system to (uild te &ctive Directory
serversPdomain controllers, file servers, and utility serversPand u!date te servers wit
all availa(le critical u!dates'
.uild or Migrate to Active /irector*
&fter te servers ave (een de!loyed and u!dated, te &ctive Directory forest can (e
im!lemented according to te design' For environments tat ave never ad a Windows
domain, tis is a nonim!actful !rocess, as new &ctive Directory servers can (e (rougt
online in tandem wit oter servers' ?ecause no one will (e using te infrastructure
initially, you will ave more fle9i(ility to ma7e design modifications, restart servers, and
!erform initial !ilot testing (efore te &ctive Directory domain com!onents (ecome !art of
te !roduction infrastructure'
44
For environments wic will (e u!grading from an e9isting Windows NT 4'0 domain
structure or Windows 2000 &ctive Directory forest, te !rocess is more involved and
!otentially im!actful to end users' Tis ty!e of migration !rocess sould (e carefully
designed, documented, !rototy!ed, !iloted, and im!lemented on its own (efore it will (e
a fully develo!ed Windows Server 2003 &ctive Directory environment' For more
information on u!grading to &ctive Directory see Windows Server 2003 De!loyment >it#
Designing and De!loying Directory and Security Services
@tt!#EEwww'microsoft'comEdownloadsEdetails'as!9QFamily,DR52D1511:80DF*843N48
N21D82*4:23&N1??1Vdis!laylangRenUfilelistA'

/irect Migration
Now tat you ave esta(lised te new !latform, you can test te migration !rocess to
te new environment' Te ste!s for te direct migration !rocess are#
*' ?uild new Windows 2003 Server infrastructure
2' ?uild &ctive Directory
3' ,nstall MSDSS
4' Migrate users, grou!s, and files
0' Migrate !rinters
5' Migrate wor7stations'
P$ased Migration
Manual Migration
,f your team selected a manual migration !rocess during te Planning Pase, you ave
removed a certain degree of com!le9ity from te !rocess, (ecause a manual a!!roac
does not migrate e9isting users, grou!s, and file !ermission structures'
Setting u! a !rototy!e using te manual migration !rocess consists of te following 7ey
ste!s#
C ,dentify te sam!le data tat will (e migrated' Tis may consist of a server or a
single NetWare volume'
C 2reate test users and necessary accounts'
C 2reate eHuivalent users and grou!s in &ctive Directory to matc te old .sers and
/rou!s in NetWare'
C Migrate a s!ecific set of File data from NetWare file servers to &ctive Directory file
servers, using sim!le co!y tecniHues'
C &!!ly NTFS security to te migrated data, eiter manually or wit a utility suc as
T2&2;S, wic will allow for a scri!ted a!!lication of file !ermissions'
C Migrate client functionality for te test users, eiter troug a manual removal of
te 2lient32 software, or a modification of te e9isting login scri!ts to ma! te
migrated volume or server to its new location in &ctive Directory' ,n addition, te
clients must (e configured to login using teir new &ctive Directory user names'
40
Automated Migration b* "sing Services 'or +etWare 8-12
,f your organi<ation cooses or reHuires an automated a!!roac, te Microsoft Services
for NetWare 0'03 @SfNA or te Ouest NDS Migrator tools can (e el!ful' Tere are several
7ey conce!ts tat are similar in te way tat (ot tools wor7, and it is im!ortant to
understand ow to de!loy and use tem'
+ote, Wen de!loying SfN on Small ?usiness Server @S?S 2003A, you need to sto!
19cange services (efore installing SfN or it will fail'
Set " /irector* S*nc$roni&ation
&fter de!loying Microsoft Services for NetWare 0'03 on te a!!ro!riate server in
accordance wit te design s!ecifications, Microsoft Directory Syncroni<ation Service
@MSDSSA can (e used to set u! directory re!lication (etween &ctive Directory and
NDSE?indery as well as !re!are for file migration'
MSDSS reHuires te use of Novell 2lient for Windows' ,f you !erformed a clean
installation te Windows Server 2003 o!erating system, you must download and install
Novell 2lient for Windows (efore you install Services for NetWare 0'03' ,n addition, te
user account tat runs te install !rocess must ave Scema &dmin rigts to te forest,
as te MSDSS install !rocess will e9tend te &D scema'
To install MSDSS#
*' ,n My 2om!uter, rigt8clic7 te drive were te Services for NetWare 2D86+M is
located, clic7 19!lore, and ten dou(le8clic7 te MS/SS folder'
2' ,n te details !ane, dou(le8clic7 msdss-msi' @)ou need to ave Scema &dmin
rigts to te &ctive Directory forest to install te !roduct'A
+ote, To manage MSDSS after you ave installed it, o!en &dministrative Tools, and
ten clic7 /irector* S*nc$roni&ation'

Te ne9t ste! is to create sessions for eac Novell +rgani<ational .nit @+.A tat is to (e
migrated or syncroni<ed' ,n addition to selecting te a!!ro!riate +.s in eac directory
for te session, you must select te migration ty!e @NDS or ?inderyA of te session'
&fter te sessions are defined according to te design criteria, you can scedule regular
u!dates for te a!!ro!riate directories' &t tis time, you can !erform an initial manual
syncroni<ation as well' ,t is igly recommended tat you set u! all o("ects to (e
syncroni<ed (etween NetWare and &ctive Directory from te moment of te Pilot setu!,
troug te im!lementation, and all te way to te end of te !ro"ect, as tis will ensure
tat all canges tat are made to (ot directories are reflected in (ot !laces'
To set u! an MSDSS Syncroni<ation session, !erform te following tas7s on te server
were MSDSS was installed#
*' ,n Administrative #ools, clic7 /irector* S*nc$roni&ation'
2' ,n te console tree, rigt8clic7 MSDSS, and ten start te New Session Wi<ard'
3' 2oose weter o("ects will (e co!ied from NDS or ?indery'
4' Select te Migration ='rom +/S or .inder* to Active /irector*> tas7'
,f files will (e migrated wit directory o("ects, you need to select te Migrate <iles
cec7 (o9' Tis will create te file migration log tat is reHuired (y File Migration
.tility'
45
0' +n te &ctive Directory 2ontainer and Domain 2ontroller !age, ty!e te !at to te
&ctive Directory container in wic you want to co!y items, or (rowse to it'

Ty!e te !at, using te synta9 in te following e9am!le#
;D&P#EE+.RSales,D2RServer*,D2RWingti!,D2Rcom
&ll su(containers in te selected containers will (e co!ied'
5' .nder Domain 2ontroller, acce!t te default domain controller in wic you want to
store te migration log, or clic7 <ind to locate a different domain controller'
:' +n te NDS 2ontainer and Password or ?indery 2ontainer and Password !age,
ty!e te a!!ro!riate NDS or ?indery synta9 as indicated, or (rowse to te
container or server#

NDS#EETree*E+RWingti!E+.RSales
NW2+MP&T#EEServer
=' Ty!e te administrative account and te !assword for tat account'
)ou must ty!e te NDS administrative account (y using te full NDS conte9t, suc
as F&dmin'wingti!F' Do not include te NDS tree name'
N' +n te ,nitial 6everse Syncroni<ation !age, clic7 Password Otions, and ten
coose one of te following !assword scemes#
C Set !asswords to (lan7
C Set !asswords to te user name
C Set !asswords to a random value
C Set all !asswords to te following value

,f you do not select a sceme, te default sceme @Set !asswords to te user
nameA is a!!lied'
Migrate Samle /ata wit$ t$e <ile Migration "tilit* =<M">
,n addition to !erforming te migration of users and grou!s, MSDSS also creates a file
migration log wic is ten used (y te File Migration .tility for migrating files' Te users
and grou!s tat you create in &ctive Directory using MSDSS are ten used to a!!ly
security to te data tat is migrated wit te FM. tool'
&s !art of te !rototy!e, a sam!le set of data must (e migrated from NetWare to te new
Windows Server 2003 File servers' Tis sam!le set of data can consist of te data from a
single NetWare server or a single volume of NetWare data from te server' Te data
sould ten (e migrated (y using te File Migration .tility, wic will !reserve te file
security structure from te NetWare side and recreate it using te users and grou!s tat
were syncroni<ed wit te MSDSS tool'
To set u! a File Migration .tility session to migrate te sam!le data, !erform te following
ig8level ste!s on te server were FM. is installed#
*' Start te File Migration .tility @Start, &ll Programs, &dministrative Tools, File
Migration .tilityA
2' ?rowse for te migration log tat was created (y using MSDSS wit te Mi'ration
o!tion selected'
3' 2lic7 (oad /ata' '
4' 3erify te Security &ccounts'
4:
0' Select te source volume and target location'
5' 1na(le logging'
:' 2lic7 Scan to cec7 weter te target source and roots are valid'
=' +n te last screen, clic7 Migrate' Te logs will (e dis!layed as te file data and
!ermissions are migrated'
Automated Migration b* "sing Buest
Te Ouest NDS Migrator tools allow for te same ty!e of directory syncroni<ation and
file and security migration as te Services for NetWare tools' ,n addition, Ouest as
included advanced logging, more migration o!tions, and additional fle9i(ility to !erform
!ased migrations' ,t is recommended tat you test (ot sets of tools to determine wic
set is te (est fit for your organi<ation'
Installing Buest +/S Migrator
?efore you install Ouest NDS Migrator, ma7e sure tat your environment meets te
ardware and software reHuirements as outlined in te Ouest NDS Migrator 8 Ouic7 Start
/uide or te Ouest NDS Migrator 8 .serGs /uide' Tese documents can (e downloaded
from tt!#EEwww'microsoft'comEwindowsserver2003EmigrateEnovellEdefault'ms!9
*' Download Ouest NDS Migrator from
tt!#EEwww'microsoft'comEwindowsserver2003EmigrateEnovellEdefault'ms!9
2' ,nstall Ouest NDS Migrator (y dou(le8clic7ing +/S Migrator Setu-msi' Tis will
lead you troug te installation !rocess'
For more information on installing Ouest NDS Migrator !lease see te Ouest NDS
Migrator 8 Ouic7 Start /uide or te Ouest NDS Migrator 8 .serGs /uide'
"sing Buest +/S Migrator
Te ste!s for migrating are as follows#
*' Set u! a new !ro"ect @esta(lis te !ro"ect name and set te !ro"ect o!tionsA'
Pro"ect o!tions include#
C .ser o!tions
C /rou! o!tions
C &ccess rigts ma!!ing o!tions
C 2onflict rules
C Scri!t o!tions
C +("ect migration o!tions
C File migration o!tions

See te Ouest NDS Migrator .serDs /uide for detailed information on configuring
te !ro"ect o!tions'
2' Ma! o("ects from NDS to &ctive Directory using te Migration /uide'
3' Detect ,ntra8NDS name conflicts'
4=
4' Detect NDS to &ctive Directory collisions' Ouest NDS Migrator can determine if
accounts tat are to (e migrated will collide wit an &ctive Directory account'
0' Migrate o("ects'

+ote, Te ste!s to migrate from a !ure Novell environment versus a mi9ed Novell and
Windows environment are te same' -owever, configuration settings will differ' See te
Ouest NDS Migrator .serGs /uide for configuration settings'
Password S*nc$roni&ation
&fter te test users ave (een migrated, teir !asswords need to (e syncroni<ed from
NDS to &ctive Directory' During te installation of Ouest NDS Migrator, one of te o!tions
was to install te Password Syncroni<ation >it' Te Password Syncroni<ation >it is a
We( !age were users will (e a(le to su!!ly teir Novell logon and !assword' ,f te
information is correct and tey ave (een selected to ave teir !assword syncroni<ed,
teir !assword will (e u!dated in &ctive Directory' Please refer to te Ouest NDS
Migrator .serDs /uide for more information on installing te Password Syncroni<ation
>it' To !re!are te Password Syncroni<ation >it, te migration data must (e im!orted
!er te instructions in te Ouest NDS Migrator .serGs /uide'
<ile Migration
Now you are ready to migrate file and folder data to te target environment'
Te ig8level ste!s to !erform te file migration using te NDS Migrator are as
follows#
*' 1sta(lis volume ma!!ings'
2' Set te Files Migration +!tions'
3' Migrate files'
4' 2ec7 logs for file migration errors'
0' 6esolve migration errors'
Printer Migration

& !rinter JMigration,K (etween NetWare and Windows Server 2003, is more of a manual
!rocess tan a migration' Te !rocess involves recreating !rinters in &ctive Directory to
corres!ond to te old NetWare Print Oueues' Wen setting u! tese !rinter o("ects, ta7e
into account tese im!ortant factors#
C Printers must (e !ysically cec7ed to ensure tat tey can (e !rinted to using
!rotocols oter tan ,PT @,deally T2PE,PA' Wile it is !ossi(le to ena(le ,PTESPT
su!!ort on Windows servers, it sould (e avoided' Tis may involve retiring older
!rinters or loading new firmware onto e9isting !rinters'
C Tere are significant driver differences (etween NetWare and Windows !rint
Hueues' ,t is im!ortant to download and install te latest drivers from te !rinter
+1M'
C Te clients must (e redirected to te new !rinters in &ctive Directory eiter troug
login scri!ts or /rou! Policy +("ects in &ctive Directory'
C Printers wic were manually set u! in wor7station !rofiles must (e reconfigured to
!oint to te new Windows locations'

4N
0
Sta(ili<ing te Novell to
Windows Server 2003
Migration Solution
Te !ur!ose of te Sta(ili<ing Pase is to im!rove te solution Huality to a level tat
meets te acce!tance criteria for release to !roduction' Sta(ili<ing Pase testing
em!asi<es usage and o!eration under realistic environmental conditions' Te team
focuses on !rioriti<ing te (ugs tat testing discovers, fi9ing tose wit te igest
!riority, and !re!aring te solution for release'
Wen a (uild as (een deemed sta(le enoug to (e a release candidate and
!re!roduction testing is com!lete, te team de!loys te solution to one or more !ilot
grou!s in te !roduction environment'
Te two ma"or Sta(ili<ing Pase tas7s tat are relevant to migration !ro"ects are#
C 2onducting te !ilot
C Testing te solution

Te content of tis ca!ter !rovides te tecnical information needed to ena(le teams to
accom!lis tese tas7s' 6efer to te .MP/ for general !ro"ect guidance on ow team
mem(ers and wor7 !rocesses sould (e organi<ed to com!lete tis !ase'
Stabili&ing P$ase Major Milestone, Release Readiness
Aroved
Te !ase culminates in te fourt ma"or milestone, 6elease 6eadiness &!!roved'
Passing te milestone indicates team and customer agreement tat all outstanding
issues ave (een addressed and te design and !rocess are ready for im!lementation'
0*
Conducting t$e Pilot
Wen te design com!onents and migration !rocess ave (een fully tested in te
isolated environment, it is time to introduce tem in te !roduction environment as !art of
a !ilot' Tere are tree ma"or ste!s to conducting te !ilot# (uilding te new server
structure, setting u! syncroni<ation, and migrating !ilot data'
Te !ilot data set sould re!resent a cross section of data ty!es as well as sam!les of
!otentially !ro(lematic data' ,n many environments, tis will involve te migration of a
s!ecific file server, or a single volume on a file server' Te goal of te !ilot stage is to
uncover any !ro(lems in te !rocess or environment (efore tey im!act te entire data
set' Te !ilot data set sould include users, grou!s, !rinters, files, and te !ermissions
on tose files'
Migration Pilot
Tis section outlines te !rocesses tat you need to do (eyond te !rototy!ing ste!s for
your Pilot using eiter te manual or automated migration metods' 6efer to 2a!ter 4#
Migrating I Prototy!ing te Migration to Windows Server 2003 for te !rototy!ing ste!s'
Manual Migration
,f a manual migration !rocess was selected during te Planning Pase, a certain degree
of com!le9ity is removed from te !rocess' Set u! a Pilot (y following te !rototy!ing
ste!s and tese additional 7ey ste!s#
C ,dentify te Pilot test grou! of users and te data tat will (e migrated' Tis may
consist of a server or a single NetWare volume'
C 2reate eHuivalent users and grou!s in &ctive Directory to matc te old .sers and
/rou!s in NetWare'
C Migrate client functionality for te Pilot test grou! of users, eiter troug a manual
removal of te 2lient32 software, or a modification of te e9isting login scri!ts to
ma! te migrated volume or server to its new location in &ctive Directory' ,n
addition, te clients must (e configured to login using teir new &ctive Directory
user names'
C 6emove access to te old NetWare volume or server eiter (y dismounting te
volume migrated or sutting down te server' Tis will !revent a situation in wic
file data is modified in two !laces'

.!on migration, !ilot users sould (e given instruction on ow to wor7 in te new
environment, suc as ow to cange teir !assword u!on login or ow to access te !ilot
data tat as (een moved' ,n addition, you will need to !lan for a scenario were
!roduction data resides in two !laces for te duration of te !ilot' Pilot data will reside on
a Windows sare wic must (e accessi(le to all users wo need access to it' Te rest of
te nonmigrated data will still consist of te (alance of your NetWare file volumes, wic
will need to (e accessi(le to migrated !ilot users as well'
Automated Migration using Services 'or +etWare 8-12
Follow te !rototy!e ste!s wit te !ilot users and !ilot data'
C Set .! Directory Syncroni<ation
C Migrate Pilot Data wit te File Migration .tility @FM.A

02
Automated Migration "sing Buest
C ,nstalling Ouest NDS Migrator
C .sing Ouest NDS Migrator

Password S*nc$roni&ation
<ile Migration
Printer Migration

Part 3#
03
Part 3# D1P;+)
00
5
De!loying te Novell to
Windows Server 2003
Migration Solution
During tis final !ase of your Novell to Windows Server 2003 migration, te goal is to
de!loy te solution to all of te remaining file data and users tat were not included in te
!ilot' Te team will (e following te !lan tat was develo!ed during te Planning Pase
and tested during te !rototy!e and !ilot' Tis !lan may ave (een u!dated as te
!ro"ect !rogressed'
,n certain cases, te final !ase of te !ro"ect will (e s!read over a !eriod of time, were
te migration of a single server as !art of te !ilot rolls into te migration of a second
server, and ten a tird, and so on until te entire set of data is migrated into te
!roduction environment' ,n oter cases, a !ilot migration of data will (e followed (y a
one8time full de!loyment and te removal of te 2lient32 from user des7to!s over a long
wee7end' Wicever metod you coose, te !rocess is effectively te same' Te
migration metod, eiter wit tools or manually, involves moving te file data from te
Novell NetWare volumes to Windows sares and rema!!ing clients to !oint to te new
data location'
Tas7s in te De!loying Pase include#
C 2om!leting de!loyment !re!arations
C De!loying te solution in te !roduction environment
C Sta(ili<ing te de!loyment
C Transferring ownersi! of te Windows Server 2003 infrastructure to o!erations

/elo*ing P$ase Major Milestone, /elo*ment Comlete
&n im!ortant final tas7 is o(taining final customer a!!roval of te !ro"ect' &fter
de!loyment is com!lete and ownersi! and res!onsi(ility ave (een transferred to
o!erations and su!!ort, o(taining customer sign8off signifies te acievement of te fift
and final ma"or !ro"ect milestone, De!loyment 2om!lete'
&fter te de!loyment, te team conducts a !ro"ect review and a customer satisfaction
survey' Te team may continue wit sta(ili<ing te de!loyment during tis !eriod as tere
may (e new issues tat could not (e identified during te !rototy!e testing'
/elo*ment Prearations
,n !re!aration for de!loyment, te results of te Pilot testing sould (e carefully
scrutini<ed to determine if any canges need to (e made to te overall de!loyment
strategy' ,n addition, final configuration canges to te !roduction &ctive Directory
infrastructure sould (e made at tis time'
/elo*ing
Manual Migration
Te full de!loyment of te &ctive Directory solution follows te same general !rocedure
as te one used during te !ilot' ,f te !rototy!e and !ilot !ases were successful, te
only difference (etween te !ilot and te !roduction migration is tat you will not ave to
(uild te new infrastructure as it was esta(lised during te !ilot'
Te following ig8level ste!s are involved wit manually migrating a NetWare
environment to Windows Server 2003#
C Manually co!y te file data from Novell file volumes to Windows Server 2003 file
sares' & useful tool to assist wit te data migration is te 6o(oco!y utility
availa(le from Microsoft'
C 6ecreate Printers in &ctive Directory (ased on te Novell Print Oueues'
C &fter te data as (een co!ied, manually assign security rigts using te /., or
wit te assistance of a tool suc as te T2&2;S utility'
C 6ecreate login scri!t functionality from NetWare to &ctive Directory login scri!ts'
C 6emove te Novell NetWare 2lient32 a!!lication from te des7to!s, eiter
manually or !ased over time during des7to! refreses'

Automated Migration "sing Services 'or +etWare
?ecause te MSDSS tool will !rovide for ongoing syncroni<ation (etween &ctive
Directory and NetWare, te only remaining ste! wen utili<ing te Services for NetWare
0'03 tools for te de!loyment !ase is to migrate te remaining file data' )ou can use te
same File Migration .tility !rocess tat was !erformed in te Pilot !ase to migrate te
final volumes from NetWare to Windows' )ou may decide to migrate all remaining
volumes at once, or to !ase te migration over time'
Following te removal of te last of te Novell File 3olumes, you can (rea7 down te
MSDSS syncroni<ation (y uninstalling te service from te server tat it is running on'
,n addition, te NetWare 2lient32 a!!lication sould (e removed from te client
com!uters and teir file and data ma!!ings sould (e rema!!ed using Windows login
scri!ts tat were develo!ed and tested during te la( testing !ase'
Automated Migration "sing Buest
Wust as wit te manual metod and te Services for NetWare 0'03 tools a!!roac, using
te Ouest NDS Migrator tools for te de!loyment !ase involves finising te migration
of te remaining set of file data' Te Ouest tool maintains directory syncroni<ation for
te duration of te !ro"ect, so tat grou! mem(ersi! and new user account creations in
NDS are reflected in &ctive Directory'
Wust as you did during te Pilot !ase, te file migration !rocess can (egin for te
remainder of te data in te server to!ology' ?e sure to allow enoug time for te
migration !rocess to ta7e !lace, eiter !ased over a !eriod of time or over a long
wee7end' +nce again, te ig8level migration ste!s are as follows#
*' 1sta(lis volume ma!!ings
2' Set te Files Migration +!tions
3' Migrate files
4' 2ec7 logs for file migration errors
0' 6esolve migration errors

&fter all file data as (een migrated, te syncroni<ation mecanism can (e sut down
from te Ouest console' ,n addition, "ust as wit te oter a!!roaces, client login scri!ts
must (e !ut into !lace to rema! te users to te new data locations' Te NetWare client
sould also (e removed, eiter manually, troug scri!ted metods, or troug a !ased
a!!roac'
Part 4# +P16&T1
:
+!erating )our
Windows Server 2003
1nvironment
Tis section addresses te need to o!erate a Windows Server 2003 environment after
te migration !ro"ect as (een com!leted' Muc of te detailed guidance can (e found in
e9isting documentation @see Windows Server 2003 +!erations
tt!#EEwww'microsoft'comEtecnetE!rodtecnolEwindowsserver2003Eo!erationsEdefault'ms
!9A' 6eference to s!ecific sources are made trougout tis section' Te guidance
!rovided in tis ca!ter su!!lements tis documentation and addresses te areas of
Windows Server 2003 management and maintenance'

Managing Windows Server 0112
Windows Server 2003 systems are now te eart of your ,T infrastructure' Tese servers
need to (e managed and maintained to 7ee! te (usiness running o!timally' Server
management and maintenance el! ma9imi<e your organi<ationDs investment in
infrastructure and !roductivity'
Server management entails many different tas7s' Tey include, (ut are not limited to,
administering and su!ervising servers (ased on functional roles, !roactively monitoring
te networ7 environment, 7ee!ing trac7 of activity, and im!lementing solid cange control
!ractices' Tese management functions for Windows Server 2003 can (e !erformed (ot
locally and remotely'
&s systemsG wor7loads, ca!acities, and usage cange in te environment, te systems
need to (e maintained so tat tey o!erate as efficiently as !ossi(le' Witout suc
maintenance, systems (ecome more li7ely to cause slower res!onse times and
decreased relia(ility' Periodic system maintenance will el! avoid any inefficiency' Tis
section covers (est !ractices on ways to maintain and manage your
Windows Server 2003 environment'
Managing .ased on Server Roles
Windows Server 2003 systems can !artici!ate in various res!onsi(ilities in a given
networ7 environment' Some of tese res!onsi(ilities may (e intertwined (ecause of
(udget constraints, (usiness reHuirements, or tecnical "ustifications' No matter ow te
roles and res!onsi(ilities are defined in te environment, it is im!ortant to manage tem
a!!ro!riately (ased on te roles of te server' Te management as!ects for some of te
roles tat Windows Server 2003 can underta7e are defined as follows#
C <ile Servers- File servers are !rimarily res!onsi(le for 7ee!ing data' Tis data
must (e availa(le and Huic7ly accessed' &s suc, management of tese servers
entails using te Dis7 Defragmenter utility to 7ee! file access o!timi<ed' Tis el!s
7ee! reading and writing to dis7 more efficient tan if files and te dis7 were
fragmented' Dis7 ca!acity must also (e managed so tat tere is always am!le
s!ace availa(le for additional data' Dis7 Ouota management can also (e an
integral !art of file server management' Dis7 Huotas are used to control te amount
of dis7 s!ace tat is availa(le to te end users' Wen a dis7 Huota is set, a
s!ecified amount of s!ace on a volume can (e set aside for a user or a grou!'
Warning messages can (e sent as te Huota a!!roaces te limit'
C Print Servers- Managing !rint servers is an im!ortant (ut often overloo7ed as!ect
of managing Windows Server 2003, (ecause !rinters on Windows Server 2003 are
sim!le to manage' &ltoug tere is less management reHuired for a !rint server,
!rinting sould still (e audited and monitored'
C Web Servers- Windows Server 2003 We( Servers offer an assortment of ,nternet8
related functionalities, suc as -TTP, FTP, SMTP, and more' 1ac of te services
em!loyed on te server must (e managed to 7ee! content and services u! to date'
C /omain Controllers- Domain controllers ost &ctive Directory, wic contains
most, if not all, o("ects in te Windows Server 2003 environment' &ctive Directory
as many functional roles in a Windows Server 2003 environment, including o("ect
management @additions, modifications, or deletionsA, autentication, re!lication,
security, and more' Managing tese &ctive Directory roles can (e intimidating,
es!ecially in larger environments, (ut &ctive Directory as many useful tools to
el! manage te directory' Tey include, (ut are not limited to, &ctive Directory
Domains and Trusts, &ctive Directory Sites and Services, and &ctive Directory
.sers and 2om!uters'

Auditing t$e Environment
&uditing is a way to gater and 7ee! trac7 of activity on te networ7, devices, and entire
systems' ?y default, Windows Server 2003 ena(les some auditing, wereas many oter
auditing functions must (e manually turned on' Tis allows you to easily customi<e te
features to (e monitored'
&uditing is ty!ically used for identifying security (reaces or sus!icious activity' -owever,
auditing is also im!ortant to gain insigt into ow te networ7, networ7 devices, and
systems are accessed' &s it !ertains to Windows Server 2003, auditing can (e used to
monitor successful and unsuccessful events on te system' Te auditing !olicies in
Windows Server 2003 must first (e ena(led (efore activity can (e monitored'
Auditing Policies
&uditing !olicies are te (asis for auditing events on a Windows Server 2003 system'
De!ending on te !olicies set, auditing may reHuire a su(stantial amount of server
resources in addition to tose resources su!!orting te serverGs functionality' +terwise,
auditing could !otentially slow server !erformance' &lso, collecting lots of information is
only as useful as te evaluation of te audit logs' ,n oter words, if a lot of information is
ca!tured and a significant amount of effort is reHuired to evaluate tose audit logs, te
wole outcome of auditing is not as effective' &s a result, itGs im!ortant to ta7e te time to
!ro!erly !lan ow te system will (e audited' Tis allows te administrator to determine
wat needs to (e audited, and wy, witout creating an a(undance of overead'
&udit !olicies can trac7 successful or unsuccessful event activity in a
Windows Server 2003 environment' Te ty!es of events tat can (e monitored include#
C Account logon events' 1ac time a user attem!ts to log on, te successful or
unsuccessful event can (e recorded' Failed logon attem!ts can include logon
failures for un7nown user accounts, time restriction violations, e9!ired user
accounts, insufficient rigts for te user to log on locally, e9!ired account
!asswords, and loc7ed8out accounts'
C Account management' Wen an account is canged, an event can (e logged and
later e9amined'
C /irector* service access' &ny time a user attem!ts to access an &ctive Directory
o("ect tat as its own system access control list @S&2;A, te event is logged'
C (ogon events' ;ogons over te networ7 or (y services are logged'
C Object access' Te o("ect access !olicy logs an event wen a user attem!ts to
access a resource @for e9am!le, a !rinter or sared folderA'
C Polic* c$ange' 1ac time an attem!t to cange a !olicy @user rigts, account
audit !olicies, trust !oliciesA is made, te event is recorded'
C Privileged use' Privileged use is a security setting and can include a user
em!loying a user rigt, canging te system time, and more' Successful or
unsuccessful attem!ts can (e logged'
C Process trac)ing' &n event can (e logged for eac !rogram or !rocess tat a
user launces wile accessing a system' Tis information can (e very detailed and
ta7e a significant amount of resources'
C S*stem events' Te system events !olicy logs s!ecific system events, suc as a
com!uter restart or sutdown'

Te audit !olicies can (e ena(led or disa(led troug te local system !olicy, domain
controller security !olicy, or /rou! Policy o("ects' &udit !olicies are located witin te
2om!uter 2onfigurationXWindows SettingsXSecurity SettingsX;ocal PoliciesX&udit Policy
folder'
"sing Microso't Oerations Manager to Simli'*
Management
Microsoft +!erations Manager @M+MA is an enter!rise8class monitoring and management
solution for Windows environments' ,t is designed to sim!lify Windows management (y
consolidating events, !erformance data, alerts, and more into a centrali<ed re!ository'
6e!orts on tis information can ten (e tailored de!ending on te environment and on
te level of detail tat is needed and e9tra!olated' Tis information can assist
administrators and decision ma7ers in !roactively addressing Windows Server 2003
o!eration and any !ro(lems tat e9ist or may occur' For more information on Microsoft
+!erations Manager, see Microsoft +!erations Manager 2000
@tt!#EEwww'microsoft'comEtecnetE!rodtecnolEmomEmom2000Edefault'ms!9A'
Keeing u wit$ Service Pac)s and "dates
Service !ac7s and u!dates for (ot te o!erating system and a!!lications are vital !arts
of maintaining availa(ility, relia(ility, !erformance, and security' Microsoft !ac7ages tese
u!dates into service !ac7s or individually' Tere are several ways an administrator can
u!date a system wit te latest service !ac7 or u!date# 2D86+M, manually entered
commands, Windows .!date, or Microsoft Software .!date Server @S.SA'
+ote, Torougly test and evaluate service !ac7s and u!dates in a la( environment
(efore installing tem on !roduction servers and client com!uters' &lso, install te
a!!ro!riate service !ac7s and u!dates on eac !roduction server and client com!uter
to 7ee! all systems consistent'
Windows "date
Windows .!date is a We( site tat scans a local system and determines weter tere
are u!dates to a!!ly to tat system' Windows .!date is a great way to u!date individual
systems, (ut tis metod is sufficient for only a small num(er of systems' ,f
administrators cose tis metod to u!date an entire organi<ation, tere would (e an
unnecessary amount of administration'
So'tware "date Services
6eali<ing te increased administration and management efforts administrators must face
wen using Windows .!date to 7ee! u! wit service !ac7s and u!dates for anyting
oter tan small environments, Microsoft as created te Software .!date Services
@S.SA client and server versions to minimi<e administration, management, and
maintenance of mid8 to large8si<ed organi<ations' S.S communicates directly wit
Microsoft to gater te latest service !ac7s and u!dates'
Te service !ac7s and u!dates downloaded onto S.S can ten (e distri(uted to eiter a
la( server for testing @recommendedA or to a !roduction server for distri(ution' &fter tese
u!dates are tested, S.S can automatically u!date systems inside te networ7'
Maintaining Windows Server 0112
Te !rocesses and !rocedures for maintaining Windows Server 2003 systems can (e
se!arated (ased on te a!!ro!riate time to maintain a !articular as!ect of
Windows Server 2003' Some maintenance !rocedures reHuire daily attention, wereas
oters may reHuire only yearly cec7u!s' Te maintenance !rocesses and !rocedures
tat an organi<ation follows de!end strictly on te organi<ationM owever, te categories
descri(ed in te following sections and teir corres!onding !rocedures are (est !ractices
for organi<ations of all si<es and varying ,T infrastructures'
/ail* Maintenance
2ertain maintenance !rocedures reHuire more attention tan oters' Te !rocedures tat
reHuire te most attention are categori<ed as daily !rocedures' Terefore, it is
recommended tat an administrator ta7e on tese !rocedures eac day to ensure system
relia(ility, availa(ility, !erformance, and security' Tere are tree com!onents to daily
maintenance#
C 3eri'*ing t$at .ac)us are Success'ul- To !rovide a more secure and fault8
tolerant organi<ation, it is im!erative tat a successful (ac7u! to ta!e (e !erformed
eac nigt' ,n te event of a server failure, te administrator may (e reHuired to
!erform a restore from ta!e' Witout a (ac7u! eac nigt, te ,T organi<ation will
(e forced to rely on re(uilding te server witout te data' Terefore, te
administrator sould always (ac7 u! servers so tat te ,T organi<ation can restore
tem wit minimum downtime in te event of a disaster' ?ecause of te im!ortance
of te ta!e (ac7u!s, te first !riority of te administrator eac day needs to (e
verifying and maintaining te (ac7u! sets'
&ltoug te Windows Server 2003 (ac7u! !rogram does not offer alerting
mecanisms to (ring attention to unsuccessful (ac7u!s, many tird8!arty !rograms
do' ,n addition, many of tese tird8!arty (ac7u! !rograms can send e8mail
messages or !ages re!orting if (ac7u!s are successful or unsuccessful'
C C$ec)ing Overall Server <unctionalit*- &ltoug cec7ing te overall server
ealt and functionality may seem redundant or elementary, tis !rocedure is
critical to 7ee!ing te system environment running smootly and users wor7ing
!roductively' Some Huestions tat sould (e addressed during te cec7ing and
verification !rocess are te following#
C 2an users access data on file serversQ
C &re !rinters !rinting !ro!erlyQ &re tere long Hueues for certain !rintersQ
C ,s tere an e9ce!tionally long wait to log on @tat is, longer tan usualAQ
C 2an users access messaging systemsQ
C 2an users access e9ternal resourcesQ

C Monitoring t$e Event 3iewer' Te 1vent 3iewer is used to cec7 te System,
Security, &!!lication, and oter logs on a local or remote system' Tese logs are
an invalua(le source of information regarding te system' Te following event logs
are !resent for Windows Server 2003 systems#
C Securit* log' Te Security log ca!tures all security8related events tat are
(eing audited on a system' &uditing is turned on (y default to record te
success and failure of security events'
C Alication log' S!ecific a!!lication information is stored in te &!!lication
log' Tis information includes services and any a!!lications tat are running on
te server'
C S*stem log' Windows Server 2003Is!ecific information is stored in te
System log'

Domain controllers also ave tese additional logs#
C <ile Relication Service' &ny events relating to te File 6e!lication Service
are ca!tured in tis log'
C /irector* Service' 1vents regarding &ctive Directory, suc as connection
!ro(lems wit a glo(al catalog server or re!lication !ro(lems, are recorded
ere'
C /+S Server' &nyting aving to do wit te DNS service is cataloged in te
DNS Server log'

Wee)l* Maintenance
Maintenance !rocedures tat reHuire sligtly less attention tan daily cec7ing are
categori<ed as wee7ly !rocedures#
C C$ec)ing /is) Sace' Dis7 s!ace is a !recious commodity' &ltoug te dis7
ca!acity of a Windows Server 2003 system can (e virtually endless, te amount of
free s!ace on all drives sould (e cec7ed daily' Serious !ro(lems can occur if
tere isnGt enoug dis7 s!ace' To !revent !ro(lems from occurring, administrators
sould 7ee! te amount of free s!ace to at least 20 !ercent' Tis sould (e
verified troug manual metods, or wit te assistance of automated alerting
software suc as Microsoft +!erations Manager @M+MA 2000'
C 3eri'*ing !ardware' -ardware com!onents su!!orted (y Windows Server 2003
are relia(le, (ut tis doesnGt mean tat teyGll always run continuously witout
failure' -ardware availa(ility is measured in terms of mean time (etween failures
@MT?FA and mean time to re!air @MTT6A' Tis includes downtime for (ot !lanned
and un!lanned events' Tese measurements !rovided (y te manufacturer are
good guidelines to followM owever, mecanical !arts are (ound to fail at one time
or anoter' &s a result, ardware sould (e monitored wee7ly to ensure efficient
o!eration'
C C$ec)ing Arc$ive Event (ogs' Te tree event logs on all servers and te tree
e9tra logs on a domain controller can (e arcived manually or a scri!t can (e
written to automate te tas7' )ou sould arcive te event logs to a central location
for ease of management and retrieval' Te s!ecific amount of time to 7ee!
arcived log files varies on a !er8organi<ation (asis' For e9am!le, (an7s or oter
ig8security organi<ations may (e reHuired to 7ee! event logs u! to a few years'
&s a (est !ractice, organi<ations sould 7ee! event logs for at least tree monts'
C Running /is) /e'ragmenter' Wenever files are created, deleted, or modified,
Windows Server 2003 assigns a grou! of clusters de!ending on te si<e of te file'
&s file si<e reHuirements fluctuate over time, so does te num(er of grou!s of
clusters assigned to te file' 1ven toug tis !rocess is efficient wen using
NTFS, te files and volumes (ecome fragmented (ecause te file doesnGt reside in
a contiguous location on te dis7' To minimi<e te amount of fragmentation and
give !erformance a (oost, te administrator sould use Dis7 Defragmenter to
defragment all volumes' Dis7 defragmentation can (e manually !erformed or
automated wit te use of tird8!arty tools or scri!ts tat run on a designated
(asis'
C Running t$e /omain Controller /iagnostic "tilit*' Te Domain 2ontroller
Diagnostic @D2DiagA utility !rovided in te Windows Server 2003 Su!!ort Tools is
used to analy<e te state of a domain controller' ,t runs a series of tests, analy<es
te state of te D2, and verifies different areas of te system, suc as connectivity,
re!lication, to!ology integrity, security descri!tors, netlogon rigts, intersite ealt,
roles, and trust verification' Te D2Diag utility sould (e run on eac D2 on a
wee7ly (asis or as !ro(lems arise' For more information on te D2Diag utility, see
DcDiag'e9e# Domain 2ontroller Diagnostic Tool
@tt!#EEwww'microsoft'comEwindows2000EtecinfoEres7itEtoolsEnewEdcdiag8o'as!A'

Mont$l* Maintenance
,t is recommended tat you !erform te tas7s outlined in te section on a montly (asis'
C Maintaining <ile S*stem Integrit*' 2->DS> scans for file system integrity and
can cec7 for lost clusters, cross8lin7ed files, and more' ,f Windows Server 2003
senses a !ro(lem, it will run 2->DS> automatically at startu!' &dministrators can
maintain F&T, F&T32, and NTFS file system integrity (y running 2->DS> once a
mont or during regular server maintenance cycles' For more information on te
2->DS> utility, see 27ds7
@tt!#EEwww'microsoft'comEresourcesEdocumentationEWindowsServE2003EstandardE
!roddocsEen8usEDefault'as!Q
urlREresourcesEdocumentationEWindowsServE2003EstandardE!roddocsEen8
usEc7ds7'as!A'
C #esting t$e "PS' &n uninterru!ti(le !ower su!!ly @.PSA sould (e used to !rotect
te system or grou! of systems from !ower failures @suc as s!i7es and surgesA
and 7ee! te system running long enoug after a !ower outage so tat an
administrator can gracefully sut down te system' ,t is recommended tat an
administrator follow te .PS guidelines !rovided (y te manufacturer at least once
a mont' &lso, montly sceduled (attery tests sould (e !erformed' Many tird8
!arty .PS !roducts automate tis ty!e of functionality, or you can develo! scri!ts
to run tis as well'
C 3alidating .ac)us' +nce a mont, an administrator sould validate (ac7u!s (y
restoring te (ac7u!s to a server located in a la( environment' Tis is in addition to
verifying tat (ac7u!s were successful from log files or te (ac7u! !rogramGs
management interface' & restore gives te administrator te o!!ortunity to verify
te (ac7u!s and to !ractice te restore !rocedures tat would (e used wen
recovering te server during a real disaster' ,n addition, tis !rocedure tests te
state of te (ac7u! media to ensure tat tey are in wor7ing order and (uilds
administrator confidence for recovering from a true disaster'
C "dating Automated S*stem Recover* Sets' &utomated System 6ecovery
@&S6A is a recovery tool tat sould (e im!lemented in all Windows Server 2003
environments' ,t (ac7s u! te system state data, system services, and all volumes
containing Windows Server 2003 system com!onents' &S6 re!laces te
1mergency 6e!air Dis7s @16DsA used to recover systems in earlier versions of
Windows Server'
&fter (uilding a server and any time a ma"or system cange occurs, te &S6 sets
@tat is, te (ac7u! and flo!!y dis7A sould (e u!dated' &noter (est !ractice is to
u!date &S6 sets at least once a mont' Tis 7ee!s content in te &S6 sets
consistent wit te current state of te system' +terwise, valua(le system
configuration information may (e lost if a system e9!eriences a !ro(lem or failure'
For more information on &S6, see -ow &S6 Wor7s
@tt!#EEwww'microsoft'comEresourcesEdocumentationEWindowsServE2003EallEde!loy
guideEen8usEDefault'as!Q
urlREresourcesEdocumentationEwindowsservE2003EallEde!loyguideEen8
usEsdc(cSstoSa9o'as!A'
C "dating /ocumentation' &n integral !art of managing and maintaining any ,T
environment is to document te networ7 infrastructure and !rocedures' For
assistance in u!dating documentation see te Wo( &id, Wor7seet &'*2 .!dating
Networ7 DocumentationF in te Windows Server 2003 De!loyment >it
@tt!#EEgo'microsoft'comEfwlin7EQ;in7,dR*44:*A'
Buarterl* Maintenance
&s te name im!lies, Huarterly maintenance is !erformed four times a year' &reas to
maintain and manage on a Huarterly (asis are ty!ically self8sufficient and self8sustaining'
,nfreHuent maintenance is reHuired to 7ee! te system ealty' Tis doesnGt mean,
owever, tat te tas7s are sim!le or tat tey arenGt as critical as tose tas7s tat reHuire
more freHuent maintenance'
C C$ec)ing Storage (imits' Storage ca!acity on all volumes sould (e cec7ed to
ensure tat all volumes ave am!le free s!ace' >ee! a!!ro9imately 20 !ercent
free s!ace on all volumes'
C C$anging Administrator Passwords' &dministrator !asswords sould, at a
minimum, (e canged every Huarter @N0 daysA' 2anging tese !asswords
strengtens security measures so tat systems canGt easily (e com!romised' ,n
addition to canging !asswords, oter !assword reHuirements suc as !assword
age, istory, lengt, and strengt sould (e reviewed'
C Maintaining t$e Active /irector* /atabase' &ctive Directory is te eart of te
Windows Server 2003 environment' +("ects suc as users, grou!s, +.s, and
more can (e added, modified, or deleted from te &ctive Directory data(ase' Tis
interaction wit te data(ase can cause fragmentation' Windows Server 2003
!erforms online defragmentation nigtly to reclaim s!ace in te &ctive Directory
data(aseM owever, te data(ase si<e doesnGt srin7 unless offline defragmentation
is !erformed' +ffline defragmentation of te &ctive Directory data(ase can only (e
accom!lised (y ta7ing te domain controller offline, restarting into Directory
Services 6estore Mode, and running defragmentation tools against te NTDS'D,T
data(ase file'
&
6eferences and ?i(liogra!y
C Windows Server 2003 De!loyment >it# Designing and De!loying Directory and
Security Services tt!#EEwww'microsoft'comEdownloadsEdetails'as!9Q
Family,DR52D1511:80DF*843N48N21D82*4:23&N1??1Vdis!laylangRenUfilelist
C NetWare to Windows Server 2003 Migration Planning /uide
tt!#EEwww'microsoft'comEwindowsserver2003EtecinfoEoverviewEsfnmig'ms!9
C Microsoft Windows Storage Server 2003
tt!#EEwww'microsoft'comEwindowsserversystemEwss2003Edefault'ms!9
C Windows Servers in a Storage &rea Networ7 1nvironment
tt!#EEwww'microsoft'comEwindowsserversystemEwss2003EtecinfoE!lande!loyEmss
ans'ms!9
C Microsoft Windows Services for NetWare Tecnology 2enter
tt!#EEwww'microsoft'comEwindowsserver2003EsfnEdefault'ms!9
C Microsoft Windows Services for NetWare 0'03 +verview
tt!#EEwww'microsoft'comEwindowsserver2003EtecinfoEoverviewEsfncd'ms!9
C MSDSS Tecnical +verview
tt!#EEwww'microsoft'comEwindows2000EsfnEmsdss'as!
C -ow to Migrate or De!loy a Novell NetWare 1nvironment to Windows
tt!#EEsu!!ort'microsoft'comE7(EH2:42:NE
C NetWare &dd8on Services
tt!#EEwww'microsoft'comEntserverEtecresourcesEintero!EnetwareE&ddonServices'a
s!
C Microsoft +!erations Manager 2000
tt!#EEwww'microsoft'comEtecnetE!rodtecnolEmomEmom2000Edefault'ms!9
C DcDiag'e9e# Domain 2ontroller Diagnostic Tool
tt!#EEwww'microsoft'comEwindows2000EtecinfoEres7itEtoolsEnewEdcdiag8o'as!
C 27ds7
tt!#EEwww'microsoft'comEresourcesEdocumentationEWindowsServE2003EstandardE!
roddocsEen8usEDefault'as!Q
urlREresourcesEdocumentationEWindowsServE2003EstandardE!roddocsEen8
usEc7ds7'as!
C -ow &S6 Wor7s
tt!#EEwww'microsoft'comEresourcesEdocumentationEWindowsServE2003EallEde!loyg
uideEen8usEDefault'as!Q
urlREresourcesEdocumentationEwindowsservE2003EallEde!loyguideEen8
usEsdc(cSstoSa9o'as!
C Windows Server 2003 +!erations
tt!#EEwww'microsoft'comEtecnetE!rodtecnolEwindowsserver2003Eo!erationsEdefa
ult'ms!9
C Ouest NDS Migrator
For more information on Ouest NDS Migrator, visit us at
tt!#EEwm'Huest'comE!roductsEndsmigrator or contact your local sales office (y
accessing tt!#EEwww'Huest'comEa(outEa(outSus'as!'
Ouest Windows Management delivers software !roducts in tree areas# &ctive
Directory, 19cange, and Windows' ,n eac of tese areas, Ouest !rovides
com!reensive ca!a(ilities to el! you administer, migrate, re!ort, recover and
auditP using secure !rocesses' To read more, access te Ouest Solutions for
Windows Management data seet for more information'
2oose wat you are interested in#
C &ctive Directory
C 19cange
C Windows
C Migration

+r, go to &ll Products to (rowse te com!lete list of Ouest Windows Management
!roducts and teir descri!tions'
&((reviations
#able 0-1, Abbreviation /e'initions
Abbreviation /e'inition
&2; &ccess 2ontrol ;og
&S6 &utomated System 6ecovery
?,+S ?asic ,n!utE+ut!ut System
D2 Domain 2ontroller
DFS Distri(uted File System
D-2P Dynamic -ost 2onfiguration Protocol
DNS *' Domain Name System
2' Domain Name Service
16D 1mergency 6e!air Dis7
F&T File &llocation Ta(le
FM. File Migration .tility
FTP File Transfer Protocol
/P+ /rou! Policy +("ect
/., /ra!ic .ser ,nterface
-TTP -y!erte9t Transfer Protocol
,P ,nternet Protocol
,PT ,nternetwor7 Pac7et eTcange
,T ,nformation Tecnology
;&N ;ocal &rea Networ7
;D&P ;igtweigt Directory &ccess Protocol
M+M Microsoft +!erations Manager
MSF Microsoft Solutions Framewor7
MSDSS Microsoft Directory Syncroni<ation Services
MT?F Mean Time ?etween Failures
MTT6 Mean Time to 6e!air
N&S Networ7 &ttaced Storage
NDS Novell Directory Service
+1M +riginal 1Hui!ment Manufacturer
+. +rgani<ational .nit
P>, Pu(lic >ey ,nfrastructure
6+, 6eturn on ,nvestment
S&N Storage &rea Networ7
SfN Services for NetWare
S;& Service ;evel &greement
SMTP Sim!le Mail Transfer Protocol
SS; Secure Soc7et ;ayer
S.S Software .!date Service
T2+ Total 2ost of +wnersi!
T2PE,P Transmission 2ontrol ProtocolE,nternet Protocol
.N2 .niversal Naming 2onvention
.PS .ninterru!ti(le Power Su!!ly
.MP/ .N,T Migration Pro"ect /uide
3PN 3irtual Private Networ7
W&N Wide &rea Networ7
W,NS Windows ,nternet Naming Service

Solution For Migrating From Novell Netware To Windows Server 2003

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Solution For Migrating From Novell Netware To Windows Server 2003

Hochgeladen von

Copyright:

Verfügbare Formate

Solution for Migrating File, Print, and Directory Services

from Novell NetWare to Windows Server 2003

Das könnte Ihnen auch gefallen