In-Depth
Stop and Go Migration
Migrating to Windows 2000 Active Directory was taking the Cincinnati State Technical and Community College much longer than expected. A migration tool from Quest Software Inc. made all the difference.
Cincinnati State Technical and Community College ran headlong into the Active Directory wall when it decided to make the switch to Windows 2000 back in the middle of 2000.
"We have to teach Win2K in our operating systems classes, so we need to have it on our network," explains Eric Kornau, the college's CIO. Unfortunately, the migration ended up stretching into the middle of 2002.
And that's not unusual. Active Directory may be one of the main reasons IT managers want to deploy Windows 2000, but the sheer complexity of an AD deployment tends to mean it's one of the last elements activated. Full deployments can sometimes take several years to pull off.
"AD migrations take a lot longer than most organizations anticipate. Many take 12 to 24 months to complete," says Laura DiDio, an analyst at Giga Information Group in Cambridge, Mass.
Product Information | FastLane Manager 5.5 Quest Software Inc. Irvine, Calif. (949) 754-8000 www.quest.com | | |
Modeling the Changes
Active Directory comes with a free utility, Active Directory Migration Tool (ADMT), a light version of NetIQ's Directory Migration Administrator. But ADMT lacks many of the features that enterprises need for a smooth migration, Kornau says, so it's probably far cheaper in the long run to pay for a full-scale version of a migration toolkit (typically around $10 per end user).
Kornau attended several directory services workshops run by the state and, based on recommendations he received there, was considering using Quest Software Inc.'s FastLane migration tools to finish off his Win2K migration. Then Quest offered a free six-month software license when a customer purchased a week's worth of consulting. That, Kornau says, made the decision easy.
The software smoothed the pre-migration path better than Microsoft's free tools, and did a better job of handling exceptions. "Earlier, we modeled the changeover to Win2K with ADMT, but FastLane was a lot easier and faster," says Kornau. "FastLane also has the ability to do a roll back and recovery whenever you make a mistake, which is difficult to do with ADMT."
But while Kornau liked the software, the real benefits came from the consulting. "The three days we spent with the consultants proved to be really invaluable," he says. "Some of the approaches they gave us for modeling the domain rollout weren't in any of the Best Practices books we reviewed."
One technique involved setting up a dummy network to model the migration. The first step involved taking some PCs, and adding them to each NT domain and trust unit as backup domain controllers (BDC). The BDCs were then taken off the actual network and set up in a separate room. By connecting these PCs together and promoting them to primary domain controllers, the college re-created its network structure. That way, when a mistake was made, they could just plug the PC back into the network as a BDC, re-load the data and put that PC back into the test network. Exchange servers were addressed in the same way.
"Our network administrators, engineers and help desk staff sat around and tried different scenarios," says Kornau. "By the end of the week, we had created a written domain migration plan."
Best Laid Plans …
Even so, migration was hardly smooth. Kornau's group encountered everything from curfews to bugs. Stage one encompassed migrating the students over a three-day break in the Spring of 2000. "We planned 72 hours of straight work, but civil disturbances in the city thwarted us," says Kornau. "Because of the curfew we couldn't have anyone in the building at night."
The next hurdle was an unforeseen issue with enabling mailboxes in Exchange. Although this wasn't specifically a domain migration issue, it had to be addressed immediately or no one would receive e-mail.
"It was a day-and-a-half of sheer terror," he says. "I'm still not sure what we did to fix it, but finally we did get it working." Although a little late, the college did manage to successfully migrate students to Win2K and AD in their own domain.
The second stage aimed at preparing the staff NT domain before migrating all college users—staff and students—into a single new Win2K domain. Once again, things didn't go as planned.
First, the school received a donation of EMC storage equipment worth a half-million dollars. The unexpected windfall led to a decision to delay the migration so the school could use the new equipment as the directory host. Unfortunately, just before that equipment went live, a transformer blew, stalling the migration project once more.
As a result, the college has spent the past year stuck in a mixed environment, with some servers running NT and others on Windows 2000.
"The students seem to authenticate a whole lot better than our staff," says Kornau. "We're trying to do some cross authentication, but we're finding that the new operating system doesn't play as well with old NT domain controllers."
Cincinnati State Technical and Community College doesn't intend to stay in mixed mode much longer. After replacing the transformer, setting up a backup power system and isolating the operations center power from the rest of the campus, they're ready to continue the rollout.
"We've been inching along on it," says Kornau. "We have some test servers up, we've modeled it again and we're ready to go as soon as we get the okay to turn everything on."
Details: Cincinnati State Technical and Community College Team Leader: Eric Kornau, CIO Organization: Cincinnati State Technical and Community College Location: Cincinnati, Ohio Web Site: www.cinstate.cc.oh.us Goal: Smoothly transfer all 8,000 users to a Win2K environment including Active Directory. Scope: -
45 servers -
1,500 to 1,800 client machines -
7,000 to 8,000 registered users -
400 printers in 3 locations Platform: Mix of Windows NT/95/98/2000 Solution: Getting a third-party migration tool and modeling the migration offline ahead of the actual move. Product: FastLane Manager 5.5 from Quest Software Inc. Software is available for free with five days of paid consulting. Results: Migration of students completed over a long weekend. Full migration delayed due to unforeseen issues. Business/Mission: College delivering two-year technical degrees and certificate training to 12,000 students in computers, healthcare, engineering and other fields. VARs/Integrators: Quest Software's professional services group consulted on the migration. Future Challenges: Completing the migration—the college has been stuck in the middle of the process for a year. Interoperability Issues: Authentication problems between NT and Win2K domains. Lessons Learned: If I had the opportunity to do it over, I would spend more time on planning the impact on the network and straightening it up ahead of the migration.—CIO Eric Kornau Other Products Considered: Microsoft's Active Directory Migration Tool. If they had to do it over again, would consider other products. Evaluation Requirements: Selected product based on the recommendation of The Burton Group (www.tbg.com) and feedback from users. Milestones: Students migrated in Spring 2001. Entire school scheduled for migration during Spring 2002. | |
About the Author
Drew Robb is a freelance writer specializing in technology reporting.