Network Computingwww.networkcomputing.com

Aelita's Controlled Migration Suite consists of three components: Enterprise Directory Reporter, Domain Migration Wizard and Enterprise Delegation Manager.

A database application, Enterprise Directory Reporter collects, stores and reports a multitude of details about the structure of a domain before, during and after the migration. The Domain Migration Wizard is a project management tool that follows a well-thought-out script for migrating a network from Windows NT 4.0 to Win2000. The Enterprise Delegation Manager lets administrators simulate new Win2000 features, such as administrative delegation and OUs (organization units) before migration. All three tools share an ODBC-compliant database to provide excellent reporting and control of the domain environment.

I ran the Controlled Migration Suite on a 10-computer test network that included two domain controllers (both 450-MHz Pentium III machines with 256 MB of memory and 13 to 20 GB of disk space), seven client machines running a mix of Windows 98, NT 4 and Windows 2000 Professional, and a Directory Reporting Console (DRC) setup on a 350-MHz Pentium II with 128 MB of memory and a 14-GB disk. The DRC ran Windows 2000 Professional and used an Access database for the Enterprise Directory Reporter.

Step-by-Step Migration

Aelita's Controlled Migration Strategy is a project template that provides a very realistic road map of the tasks required for a successful migration. The individual tools are designed to support various aspects of this five-step plan.

The first two steps are analyze/plan and model/ test. At this point, the Enterprise Directory Reporter collects and stores data about existing domain objects. It provides two versions of a network inventory tool--the Centralized Directory Collector and the Distributed Directory Collector. The centralized collector runs on the DRC-designated workstation to gather domain information from a local subnet and populate the migration database. The distributed collector can be installed at remote offices to perform local inventory and feed the data to the central database running on the DRC. Once the migration database is populated, the Delegation Manager and the Enterprise Directory Reporter can be used together to clean up the NT 4.0 domain, model possible Win2000 domains and test migration plans.

The third step involves restructuring domains and migrating users, computers and other objects to the new domain. The Domain Migration Wizard uses information in the migration database as a live backup so administrators can migrate objects with minimal risk. Administrators can select any size group to migrate in a single transaction by selecting a subset of the database.

The fourth step is cleanup of the Win2000 directory. The domain cleanup tool in the Enterprise Directory Reporter provides full reporting of duplicate ACLs (access control lists) that result from Win2000's SIDhistory (security ID history) feature.

The last step is a controlled transition to the new environment. The Enterprise Directory Reporter provides more than 100 customizable reports to audit and report on the details of the new Win2000 domain environment.

A Successful Migration

In my tests, all the features tested worked as advertised with only one minor bug: The reporter insisted on using the sheet feeder instead of the primary paper tray on the printer attached to one of the domain controllers.

The centralized collector ran for nearly two hours on the test network and gathered detailed data on more than 100,000 objects. Although Aelita says the Domain Migration Console can run on any system with sufficient available resources, I recommend a dedicated system with SQL Server as a database. Also, administrators should make use of multiple distributed inventory agents whenever running inventories on remote LANs. The inventory scheduling subsystem lets this remote inventory run at off-hours.

Must-Have Features

Aelita provides several tools that most network managers will consider indispensable. These include: