'CatNet Migration - Quick Guide

'CatNet – Enterprise Active Directory Domain Services

More Information

	'CatNet Home
	'CatNet Forest Structure
	'CatNet AD Population
	'CatNet Services
	'CatNet Membership Options
	'CatNet Migration Quick Guide

Management Tools

'CatNet User Account Management

Policies and Procedures

	'CatNet Naming Conventions
	'CatNet Roaming Profiles

Forms and Applications

'CatNet Delegated OU Application

How to Migrate to 'CatNet - Quick Guide

Submit a request for a delegated OU in ‘CatNet
Fill out and submit the ‘CatNet Delegated OU Request form. A member of the UITS Windows Enterprise Administrators team will contact you when your request has been approved and your OU created. At that time you will receive an OU administrator account with a temporary password. The next step is to create a trust between your existing domain and ‘CatNet.

How to create a trust with ‘CatNet:

Before creating a trust relationship with ‘CatNet the following ports need to be open in any firewalls or RACLs that may exist between the two domains:

135/TCP
1024-65535/TCP/UDP
389/TCP/UDP
636/TCP
3268/TCP
3269/TCP
53/TCP/UDP
88/TCP/UDP
445/TCP
53/TCP/UDP

Before creating the trust ensure that your domain’s functional level (both domain and forest) is set to 2003. Launch the New Trust Wizard. When prompted for the name of the domain, forest or realm for the trust enter catnet.arizona.edu. When prompted for the Trust type select Forest trust. Select one-way: outgoing for the direction of the trust. Create the trust for both domains, when prompted for a username and password use your Delegated OU admin account. Complete the trust wizard.

After successfully creating and validating the trust you should add your ‘CatNet OU administrator account to the built-in administrators group in your domain. You will need to be able to log into the acting PDC in your domain with your ‘CatNet OU administrators account in order to migrate objects from your domain. The next step is to install Active Directory Migration Tool v3 and configure your domain for migration.

ADMT hints and tips

For more detailed information see CatNet ADMT Process or the ADMT v3 Migration Guide

Download and install ADMT 3.0 on the acting PDC in the source domain
In order to migrate passwords for service accounts install and configure the Password Export Service (PES) on the same DC as ADMT.
Create an empty local group in the source domain named {SourceNetBIOSDom}$$$
Make sure the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\TcpipClientSupport registry value exists and is set to "1" on the source domain primary domain controller (requires a restart)
Disable SID filtering and enable SID history on the trust
Netdom trust <yourdomainNETBIOSname> /domain:catnet /quarantine:No /usero:<yourdomainadminaccount> /passwordo:*
Netdom trust <yourdomainNETBIOSname> /domain:catnet /EnableSIDHistory:Yes /usero:<yourdomainadminaccount> /passwordo:*

Note: Netdom is part of the Windows Support tools found on the Windows Server install CD <drive$\support\tools\suptools.msi

Perform a test migration of a global group from the source domain to ‘CatNet in order to ensure that all of the settings are correct – this will ensure that you are able to successfully migrate SIDs

Object types to be migrated:

The only objects that should be migrated from an existing domain into ‘CatNet are:

Service Accounts
Global Groups
Computer Accounts

Renaming computers, groups and service accounts after migration:

All objects migrated into ‘CatNet must conform to the existing naming conventions (see ‘CatNet Naming Conventions for detailed information). In most cases you will need to rename your existing AD objects to conform to the naming conventions. This can be done via whatever method is easiest for you, but it must be completed within one week of migration. In order to avoid any conflicts within the 'CatNet domain it is recommended that you complete any necessary renaming prior to your migration. Below are some scripting options if you choose to use them.

Remote Computer Rename Script