Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE.

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

Chapter Five Users, Groups, Profiles, and Policies.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Preparing Windows 2000 installation (Week 3, Wednesday 2/25/2006) © Abdou Illia, Spring 2006.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Lesson 18 – INSTALLING AND SETTING UP WINDOWS 2000 SERVER.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
MCT260-Operating Systems I Operating Systems I Networking.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Configuring Active Directory Certificate Services Lesson 13.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Ch 11 Managing System Reliability and Availability 1.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.
SCO Insight Connector Training. The SCO Insight Connector  Product Overview  Technical Specifications  Installation  Using the Components  Target.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Beams Division Local Administrators Meeting 9/17/02 Brian Drendel.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Chapter 9: Novell NetWare
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Security Planning and Administrative Delegation Lesson 6.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 23 Shared Folders 1.
EMerge Browser Managed Security Platform Module 3: Startup eMerge Certification Course  Physical connection  TCP/IP Characteristics of PC  Initial connection.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Training Session II Storage Services Mapped Drives Web Folders/SMB Htcomnet FTP Quota.
Security Planning and Administrative Delegation Lesson 6.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
1 Overview of Microsoft Windows 2000 Multipurpose OS Reduces total cost of ownership (TCO)
1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1 Remote Installation Service Windows 2003 Server Prof. Abdul Hameed.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Windows Server Administration Fundamentals
Presentation transcript:

Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE National Conference October 19, 2005 Copyright, Gale Fritsche 2005

Private research university located 90 miles west of NYC Approx 4500 undergraduates and 1900 graduate students Merged organization – Library and Technology Services consists of Libraries and Computing Approx 2200 supported faculty/staff PCs Approximately 90% Windows PCs, 5% Mac and 5% other (Linux etc.)

Microsoft’s Active Directory provides a scalable enterprise directory service which allows for centralized management of Microsoft resources. This presentation describes how AD was integrated into our existing network infrastructure and used to centrally manage Windows XP computers and other Microsoft resources. Microsoft’s Active Directory

Lehigh uses Novell’s NDS as a directory service for LAN based file and print sharing. The Andrew File System (AFS) for UNIX based authentication. The Novell and AFS user IDs and passwords are synced through a central web site. So why add another directory service? Lehigh’s Infrastructure Prior to Implementing AD

Project Timeline Summary Implementation Complete (Summer 2005) Stage 6 Stage 6– Resolving Issues (Spring 2005 – Summer 2005) Macintosh Issues Off campus access issues Stage 5 Stage 5– Migrate department drives (Y: drive) (Spring 2005) Consolidate application servers Stage 4 Stage 4 – Personal and dept. data migration (Fall 2004 – Spring 2005) Migrate personal and departmental data (H: and I: drives) Stage 3 Stage 3 - Prepare user community (Spring 2003 – Fall 2005) Upgrade Client computers Add XP computers to AD Train End Users

Reasons to move to AD –Centralized Windows authentication –Increased demand for FrontPage Web services for IIS –Windows 2003 Server management –Novell License is expensive (Lehigh had SW agreement with Microsoft) –Management of Windows XP systems Stage 1 – Planning and Preparation Identify Client Computing Needs –Inventory current computing hardware and OS using Bindview –Determine Windows 95/98 systems to be upgraded –Determine hardware needs/memory upgrades for XP

Develop Plans for the AD Structure –Determine Domain (ad.lehigh.edu) –Determine Organizational Structure Stage 1 – Planning and Preparation (cont.)

Stage 2 – AD Structure Implementation Lehigh University adapted a simple Active Directory structure using a single domain ad.lehigh.edu –A delegation was added to our existing DNS servers referring our Active Directory DNS servers as authoritative for the zone ad.lehigh.edu The organizational structure for faculty, staff and students was replicated from our existing Novell NDS structure AD user accounts were created from the existing Novell user accounts –A synchronize program was written which duplicated the NDS accounts in the Active Directory. This program also set the password for the Active Directory account to the existing NDS / AFS password (harvested passwords from Novell logins)

A program was written to accept input from our existing accounts web page. This program synced WEB based account creation, deletion, and password changes to the Active Directory accounts Stage 2 – AD Structure Implementation (Cont.) Windows XP Implementation –The Client Services team performs the setup of new systems for faculty staff users. Procedures were developed to incorporate the XP systems into Active Directory Computer object management - An easy method was needed to locate and manage the computer objects for faculty / staff in Active Directory. –A computer object web site was created to provide the Client Services team with a simple tool to create and delete computer objects in the correct location within Active Directory

Stage 2 – AD Structure Implementation (Cont.) Develop a way to handle Group Management (by functional support area) Lehigh Library and Tech Services College of Education College of Engineering College of Business and Economics College of Arts and Sciences Admin and Finance –Management groups for each functional area of the Client Services team were created in Active Directory –IR-WorkGrp-Mgr –ADM-WorkGrp-Mgr –A&S-WorkGrp-Mgr –BUS-WorkGrp-Mgr –ENG-WorkGrp-Mgr –EDU-WorkGrp-Mgr –Management groups provide rights to manage computer objects within the associated computer organizational unit. In addition the appropriate management group is added to the local admin group on each Windows XP system during the initial setup. This allows administrator access to the local computer for the members of the management group

Stage 3 – Prepare the User Community for AD Upgrade Client Computers to Windows XP –Memory upgrades –Windows XP upgrades Set up client computers (Client logged into AD but still mapped to the Novell drives so they could get to their data) Active Directory computer preparation –Acquire Admin password from end user (if they have one) –Obtain Ethernet Address –Rename the computer (reboot) –Add the computer object to Active Directory

Stage 3 – Prepare the User Community for AD (Cont.) –Adding computers to the AD domain Right click on My Computer and then select Properties Select the Computer Name tab Select Member of Domain and enter "ad.lehigh.edu" as the domain name Click Ok (receive a confirmation message) and Reboot –Add Local Administrator Users/Groups Go to the Control Panel then Administrative Tools and select Computer Management Select Local Users and Groups, and then Groups and right click on Administrators and select properties Click on the Add button to add a user or group to the local administrators group Add the AD user to the Local Admin Group if requested

Stage 3 – Prepare the User Community for AD (Cont.) Copying profile settings (if necessary) –Logon to the Windows XP system as someone with administrator rights. An account that is a member of the local Administrators group –Make sure that the account that you login with is not the account profile that you are trying to copy –Go to Control Panel, then System and then the Advanced Tab –Select User Profiles Settings and click on the user profile that you want to copy and click on the Copy To button –Click the Browse Button and go to C:\Documents and Settings and go to the directory you would like to overwrite –Click on the Change button and then Enter the valid Active Directory name and click Check Names and click OK –Verify that the Active Directory Profile is correct and then click OK to confirm the copy

Stage 3 – Prepare the User Community for AD (Cont.) End User Education and Documentation –Train end users on account usage AD vs. Local accounts –Explain how the consultant admin group account is used –Address security concerns (demonstrate encryption feature) –Focus on Advantages of Using AD – Ability to Access Resources Transparently, Remote Access, Group Policies, Security –Disable change password option on Client computers – we want users to change it via the account webpage

Stage 4 – Individual and Department Data Migration Moved data for faculty/staff to AD server –There are three drives that users map to (H:, I:, and Y:) H: drive is the personal drive (350 MB limit) I: drive is the department shared drive (English, Math, etc) Y: drive is where the applications are served –Scripts were developed to copy data from Novell to AD H: drive transfer occurred at one time I: Drive occurred one department at a time Changed file ownership from Novell servers to AD users and pulled mappings from Novell and added them to the AD login script. Suppressed Novell login Active Directory Servers H: Drive Personal Drive I: Drive Department Drive Y: Drive Application Drive Permissions had to be set to the new directories and files –Custom scripting to keep the groups and permissions to department directories –Data sync was handled by a copy utility

Stage 5: Migrate client computers to department and private drives (Y: drive) Scripts were developed to make the drive mappings transparent to the end user Multiple Application Servers consolidated onto one AD application server (using Prism – a web browser based application installer) Permissions were set to read only Script was used to place Y: drive in the AD login script and remove the Y: drive from the Novell login script Conversion to new severs happened simultaneously for all users

Stage 6– Resolving Issues Macintosh support issues (access to the H: Drive and the I: drive) –Port 139 needed to be open in order for Mac users to access the H: and I: drives. Opening this older port is a known security risk. –Panther OS could get to the H: drive using a custom utility using SMB »Only needed port 139 open to get to H: drive using standard SMB (so we opened port 139 on campus for Mac users) »Mounted the I: department drive using a custom utility that uses SMB (Instead of Webdav) »Panther does not support SSL Webdav –Tiger OS can get to the H: drive using special utility developed to mount a drive using Webdav »Tiger supports SSL Webdav »Tiger needs ports 139 and 137 on campus using standard SMB so out of luck getting to the Department I: drives. Our system and networking department would not agree open port 137 due to security concerns

Stage 6– Resolving Issues (cont.) Resolving Off-Campus Access –Webdav was used – only for the H: drive though – did not open access to the I: drive through Webdav for security reasons –Users were advised to use the VPN to gain access to the I: drive or to use Remote Desktop Linux Support –Linux users typically did not care. For others we installed AFS which allows for the mounting of the I: and H: drives Problems with drive quotas –Novell files were compressed so when the conversion took place many quotas were reached because AD files are not compressed (despite increasing the quotas to begin with) especially MS Access files (when from 250 MB Novell to 350 MB AD) Computers that are not in Active Directory – students and select faculty/staff –Student computers are not part of AD so we needed to develop a client that would automatically map the proper drives (H:, I:, and Y:) –This also worked for Faculty/Staff who did not want to be part of Active Directory

Don’t be in a hurry –Plan a reasonable and methodical approach (upgrading hundreds of PCs takes time) –Plan from a budgetary and resource standpoint. This is major investment if end user hardware is not up to specifications for Windows XP Communication is key –Clients, Systems and Networking Staff, Client Services Staff and the Help Desk. If one group is out of the loop, it could mean problems for all Schedule the steps well in advance –Sometimes the client services staff was rushed because implementation milestones were not committed to or communicated by the Systems and Networking staff Read contracts carefully –The Novell contract had contingencies that were overlooked at first Take the Time to Automate the conversion as much as possible –Develop scripts to copy user account info and data –Password harvesting Lessons Learned