In-Depth

Stop and Go Migration

Migrating to Windows 2000 Active Directory was taking the Cincinnati State Technical and Community College much longer than expected. A migration tool from Quest Software Inc. made all the difference.

• By Drew Robb
• 08/01/2002

"We have to teach Win2K in our operating systems classes, so we need to have it on our network," explains Eric Kornau, the college's CIO. Unfortunately, the migration ended up stretching into the middle of 2002.

And that's not unusual. Active Directory may be one of the main reasons IT managers want to deploy Windows 2000, but the sheer complexity of an AD deployment tends to mean it's one of the last elements activated. Full deployments can sometimes take several years to pull off.

"AD migrations take a lot longer than most organizations anticipate. Many take 12 to 24 months to complete," says Laura DiDio, an analyst at Giga Information Group in Cambridge, Mass.

Modeling the Changes
Active Directory comes with a free utility, Active Directory Migration Tool (ADMT), a light version of NetIQ's Directory Migration Administrator. But ADMT lacks many of the features that enterprises need for a smooth migration, Kornau says, so it's probably far cheaper in the long run to pay for a full-scale version of a migration toolkit (typically around $10 per end user).

Kornau attended several directory services workshops run by the state and, based on recommendations he received there, was considering using Quest Software Inc.'s FastLane migration tools to finish off his Win2K migration. Then Quest offered a free six-month software license when a customer purchased a week's worth of consulting. That, Kornau says, made the decision easy.

The software smoothed the pre-migration path better than Microsoft's free tools, and did a better job of handling exceptions. "Earlier, we modeled the changeover to Win2K with ADMT, but FastLane was a lot easier and faster," says Kornau. "FastLane also has the ability to do a roll back and recovery whenever you make a mistake, which is difficult to do with ADMT."

But while Kornau liked the software, the real benefits came from the consulting. "The three days we spent with the consultants proved to be really invaluable," he says. "Some of the approaches they gave us for modeling the domain rollout weren't in any of the Best Practices books we reviewed."

One technique involved setting up a dummy network to model the migration. The first step involved taking some PCs, and adding them to each NT domain and trust unit as backup domain controllers (BDC). The BDCs were then taken off the actual network and set up in a separate room. By connecting these PCs together and promoting them to primary domain controllers, the college re-created its network structure. That way, when a mistake was made, they could just plug the PC back into the network as a BDC, re-load the data and put that PC back into the test network. Exchange servers were addressed in the same way.

"Our network administrators, engineers and help desk staff sat around and tried different scenarios," says Kornau. "By the end of the week, we had created a written domain migration plan."

Best Laid Plans …
Even so, migration was hardly smooth. Kornau's group encountered everything from curfews to bugs. Stage one encompassed migrating the students over a three-day break in the Spring of 2000. "We planned 72 hours of straight work, but civil disturbances in the city thwarted us," says Kornau. "Because of the curfew we couldn't have anyone in the building at night."

The next hurdle was an unforeseen issue with enabling mailboxes in Exchange. Although this wasn't specifically a domain migration issue, it had to be addressed immediately or no one would receive e-mail.

"It was a day-and-a-half of sheer terror," he says. "I'm still not sure what we did to fix it, but finally we did get it working." Although a little late, the college did manage to successfully migrate students to Win2K and AD in their own domain.

The second stage aimed at preparing the staff NT domain before migrating all college users—staff and students—into a single new Win2K domain. Once again, things didn't go as planned.

First, the school received a donation of EMC storage equipment worth a half-million dollars. The unexpected windfall led to a decision to delay the migration so the school could use the new equipment as the directory host. Unfortunately, just before that equipment went live, a transformer blew, stalling the migration project once more.

As a result, the college has spent the past year stuck in a mixed environment, with some servers running NT and others on Windows 2000.

"The students seem to authenticate a whole lot better than our staff," says Kornau. "We're trying to do some cross authentication, but we're finding that the new operating system doesn't play as well with old NT domain controllers."

Cincinnati State Technical and Community College doesn't intend to stay in mixed mode much longer. After replacing the transformer, setting up a backup power system and isolating the operations center power from the rest of the campus, they're ready to continue the rollout.

"We've been inching along on it," says Kornau. "We have some test servers up, we've modeled it again and we're ready to go as soon as we get the okay to turn everything on."