I posted a question to find out any information on migrating Netware file
permissions to CIFS. I did not get any in-depth feedback, so I want to
share what I have learned, and see if anyone has done this.
Basically I have a large Netware 4.x environment, as well as a NT4 domain.
All clients (95/NT/2k) authenticate on both NDS and NT4 domain when logging
on.
Due to time and budget restraints, I need to migrate data with security
intact, from Netware to NT/Filer. In a perfect world this would be a great
time to review security and start from the ground up, but this is not
possible on this project.
Also, scripting the security migration (file permissions) is beyond what I
would deem reasonable for a shell script. My first thought was to dump the
Novell permissions to a text file and use cacls or the like to reset them.
Novell permissions are just too different. It would take too long (for me)
to write and test, and there is a proven solution out there.
After doing some research it seems the best tool for the job is FastLane NDS
Migrator (now owned by Quest software). The limitation is that it only goes
from NDS to Active Directory. Perfect if you have AD, but we don't. The
answer given to me by Quest that I will be testing and letting the group
know about is migrating straight from NDS to the filer, but with a AD "proxy
domain". So I build an AD server, install NDS Migrator and SQL server, and
then import my users/groups from my existing domain. Once I have an AD
Domain with my users and groups, I use FastLane NDS Migrator to move data
and migrate security from NDS to AD, with the data being put on the filer.
NDS OUs become AD Global Groups. Data transfer speed is limited due to the
fact that all data will go from the Netware server, through the AD server,
then to the filer. This is offset by the ability of NDS Migrator to migrate
data while the users are accessing the data, the SQL server being used by
NDS Migrator to track changes. Obviously there will be downtime when the
actual cutover occurs.
Now that the data is on the filer with permissions migrated from NDS to
CIFS/AD, we are set except for the fact that although user and group names
are correct, the domain name and SID is wrong. There is functionality
within FastLane to re-ACL everything to the correct NT4 Domain SID that we
actually need.
If anyone has done this, or sees any flaws in this plan, I would appreciate
feedback.
Additional info can be found at:
http://www.quest.com/fastlane/nds_migrator/index.asp
<http://www.quest.com/fastlane/nds_migrator/index.asp>
Thank you,
Steve Hight
perotsystems
...Servicing Catholic Healthcare West
permissions to CIFS. I did not get any in-depth feedback, so I want to
share what I have learned, and see if anyone has done this.
Basically I have a large Netware 4.x environment, as well as a NT4 domain.
All clients (95/NT/2k) authenticate on both NDS and NT4 domain when logging
on.
Due to time and budget restraints, I need to migrate data with security
intact, from Netware to NT/Filer. In a perfect world this would be a great
time to review security and start from the ground up, but this is not
possible on this project.
Also, scripting the security migration (file permissions) is beyond what I
would deem reasonable for a shell script. My first thought was to dump the
Novell permissions to a text file and use cacls or the like to reset them.
Novell permissions are just too different. It would take too long (for me)
to write and test, and there is a proven solution out there.
After doing some research it seems the best tool for the job is FastLane NDS
Migrator (now owned by Quest software). The limitation is that it only goes
from NDS to Active Directory. Perfect if you have AD, but we don't. The
answer given to me by Quest that I will be testing and letting the group
know about is migrating straight from NDS to the filer, but with a AD "proxy
domain". So I build an AD server, install NDS Migrator and SQL server, and
then import my users/groups from my existing domain. Once I have an AD
Domain with my users and groups, I use FastLane NDS Migrator to move data
and migrate security from NDS to AD, with the data being put on the filer.
NDS OUs become AD Global Groups. Data transfer speed is limited due to the
fact that all data will go from the Netware server, through the AD server,
then to the filer. This is offset by the ability of NDS Migrator to migrate
data while the users are accessing the data, the SQL server being used by
NDS Migrator to track changes. Obviously there will be downtime when the
actual cutover occurs.
Now that the data is on the filer with permissions migrated from NDS to
CIFS/AD, we are set except for the fact that although user and group names
are correct, the domain name and SID is wrong. There is functionality
within FastLane to re-ACL everything to the correct NT4 Domain SID that we
actually need.
If anyone has done this, or sees any flaws in this plan, I would appreciate
feedback.
Additional info can be found at:
http://www.quest.com/fastlane/nds_migrator/index.asp
<http://www.quest.com/fastlane/nds_migrator/index.asp>
Thank you,
Steve Hight
perotsystems
...Servicing Catholic Healthcare West