Solved

Quest migration tools

Posted on 2015-01-22
3
221 Views
Last Modified: 2015-02-09
We are migrating users from domain/forest A to another domain/forest B.  Domain/forest A has three child domains.  Users on  two of the child domains have been migrated but is a smaller population which the DC's and users are on the same network.  The third domain, (larger population and multiple locations) the DC's and users are on different networks and the migration team are having issues migrating the user computers.  At first the team thought it was because the DC's are not on the same network as the users.  They then though had to enable wins for the short name since they explained Quest tool needs short name and can't ping the domain name.  Short name should work with DNS as well.  The team setup WINS replication between to two Domains/Forests but they still have the problem.  The team also enabled wins because they thought the migration of the users computer needed to be able to ping the domain name for domain/forest B.
Can someone explain to me how does the Quest migration tools work to migrate a user computer in an environment the users and DC's are on different networks?  How does short name play into migrating the user computers? What needs to be in place to migrate the user computer?
0
Comment
Question by:hbpub
3 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40564645
Take a look at the Dell site specifically and you will find a complete step-by-step screenshot view of how Quest migrates objects.

Quest Active Directory migration

Will.
0
 

Author Comment

by:hbpub
ID: 40564966
I am looking what are the requirements in preparing the domain for this process to work.  I have been asking the migration team for more information and they are not providing this information.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40568497
I never used WINS for Quest tool to work correctly

It is working on DNS fine as far as I seen

The tool prerequisites are not much
Tool do not require domain trust, however it is better to have trust to maintain co-existence during migration for resource access
Also it do require ADLDS instance

The tool has 3 components (database, migration console for users, groups and computers and lastly resource updater (specific for computer migration)
The tool installs his agent on domain controllers in source and target domain to do migration task such as user, group and computer migration

For computer migration the tool simply copy \ prestage computer account from source to target and install tool agent on that computer, but for actual physical computer migration you need to run resource updater which actually translate security on profile\shares\registry etc from source domain to target and finally disjoin computer from source domain to target domain

From Quest manager console, The target computer name will get resolved with DNS of target domain and need to be get contacted over SMB and NetBIOS protocol to push quest agent for migration.
You need to enable firewall exceptions in clients for file and print sharing or simply turn off windows firewall on client computers so that quest agent can be pushed without any problems
Also quest migration console should be able to talk to source and target domain controllers on all standard AD auth ports (TCP and UDP 135,137,138, 139, 445, 3268.3269, 389, 88,464, 636, 53 and high RPC ports 1024-65535)
Now you should keep QMM console (database, migration console and resource updater), target DC and source computers to be migrated in same network to avoid latencies and drops because tool has to install agent on workstations and that agent has to translate security from source to target accounts and send logs to QMM console and from there it need to written to database
In short if QMM and computers to be migrated are in different location \ networks, it can cause migration problems during migration due to latencies \ packet drops

Generally you should deploy ADLDS, Quest migration manager and resource updater on same server
U can install all three components on separate server \ computers but it do not required in most of the cases
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question