Taylor Jolin

Hacker | Musician | Innovator | Dreamer

Novell eDirectory Migration To Microsoft Active Directory

Posted on

About The Migration

The 319th Maintenance Squadron has been utilizing Novell e-Directory for the better part of five years and as a result, the overall management of user and computer objects has become cumbersome. Each container object has a convoluted set of rules that must be inherited by the client computers. Policies must be applied directly to the user or computer object, instead of a group object as a whole; making management easier across the network. When a user logs in each time, they must wait for at least 10 minutes for all policies, mappings, and script to load. Every time a policy is updated or added, each client must re-sync with the directory server and download the entire set of scripts, policies, and mappings. When this happens, clients devices have been freezing and/or crashing altogether.

Key Objectives of the Migration

The primary objectives of this migration are:

• Consolidate management of users (approx. 500) and computers (approx. 350).
• Organize users into logical groupsets.
• Create security and mail groups that allow for ease of management.
• Create a change management program that follows each change through the lifetime of the deployment.
• Form a trust relationship with parent units domain controller.
• Adapt group policies from the parent domain and apply to the child domain (319th).
• Create user and computer objects, object units, and group policies.

Results Summary

The overall project was completed successfully without any issue. Prior to taking down the Novell e-Directory domain, a copy of each, and every object was dumped to a .CSV file and parsed for transferable data. A new Dell PowerEdge 850 server arrived a week prior to scheduled deployment and Microsoft’s Windows Server 2003 was installed and preconfigured. An Active Directory domain (319th MXS [319mxs.PRIVATE.mil] OU) was installed and OUs were created to correspond to each subordinate unit. The trust relationship between the 319th MXS forest and the PARENT forest was formed successfully and group policies were inherited and passed downward. Additional group policies were created to cover requests from the unit commander.

Additionally, prior to the deployment of Active Directory services, each client computer was configured to be joined to the new domain. A maintenance window was given during the weekend and on early Saturday morning each client computer was staged for domain connection. Domain was successfully deployed and all client devices connected to the domain controller successfully. The following Monday morning, user test and support was also a success. A total of 15 users were affected and the issue was simply an account lockout.

Share this post