Solved

Quest migration tools

Posted on 2015-01-22
3
250 Views
Last Modified: 2015-02-09
We are migrating users from domain/forest A to another domain/forest B.  Domain/forest A has three child domains.  Users on  two of the child domains have been migrated but is a smaller population which the DC's and users are on the same network.  The third domain, (larger population and multiple locations) the DC's and users are on different networks and the migration team are having issues migrating the user computers.  At first the team thought it was because the DC's are not on the same network as the users.  They then though had to enable wins for the short name since they explained Quest tool needs short name and can't ping the domain name.  Short name should work with DNS as well.  The team setup WINS replication between to two Domains/Forests but they still have the problem.  The team also enabled wins because they thought the migration of the users computer needed to be able to ping the domain name for domain/forest B.
Can someone explain to me how does the Quest migration tools work to migrate a user computer in an environment the users and DC's are on different networks?  How does short name play into migrating the user computers? What needs to be in place to migrate the user computer?
0
Comment
Question by:hbpub
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40564645
Take a look at the Dell site specifically and you will find a complete step-by-step screenshot view of how Quest migrates objects.

Quest Active Directory migration

Will.
0
 

Author Comment

by:hbpub
ID: 40564966
I am looking what are the requirements in preparing the domain for this process to work.  I have been asking the migration team for more information and they are not providing this information.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40568497
I never used WINS for Quest tool to work correctly

It is working on DNS fine as far as I seen

The tool prerequisites are not much
Tool do not require domain trust, however it is better to have trust to maintain co-existence during migration for resource access
Also it do require ADLDS instance

The tool has 3 components (database, migration console for users, groups and computers and lastly resource updater (specific for computer migration)
The tool installs his agent on domain controllers in source and target domain to do migration task such as user, group and computer migration

For computer migration the tool simply copy \ prestage computer account from source to target and install tool agent on that computer, but for actual physical computer migration you need to run resource updater which actually translate security on profile\shares\registry etc from source domain to target and finally disjoin computer from source domain to target domain

From Quest manager console, The target computer name will get resolved with DNS of target domain and need to be get contacted over SMB and NetBIOS protocol to push quest agent for migration.
You need to enable firewall exceptions in clients for file and print sharing or simply turn off windows firewall on client computers so that quest agent can be pushed without any problems
Also quest migration console should be able to talk to source and target domain controllers on all standard AD auth ports (TCP and UDP 135,137,138, 139, 445, 3268.3269, 389, 88,464, 636, 53 and high RPC ports 1024-65535)
Now you should keep QMM console (database, migration console and resource updater), target DC and source computers to be migrated in same network to avoid latencies and drops because tool has to install agent on workstations and that agent has to translate security from source to target accounts and send logs to QMM console and from there it need to written to database
In short if QMM and computers to be migrated are in different location \ networks, it can cause migration problems during migration due to latencies \ packet drops

Generally you should deploy ADLDS, Quest migration manager and resource updater on same server
U can install all three components on separate server \ computers but it do not required in most of the cases
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question