Solved

Quest migration tools

Posted on 2015-01-22
3
201 Views
Last Modified: 2015-02-09
We are migrating users from domain/forest A to another domain/forest B.  Domain/forest A has three child domains.  Users on  two of the child domains have been migrated but is a smaller population which the DC's and users are on the same network.  The third domain, (larger population and multiple locations) the DC's and users are on different networks and the migration team are having issues migrating the user computers.  At first the team thought it was because the DC's are not on the same network as the users.  They then though had to enable wins for the short name since they explained Quest tool needs short name and can't ping the domain name.  Short name should work with DNS as well.  The team setup WINS replication between to two Domains/Forests but they still have the problem.  The team also enabled wins because they thought the migration of the users computer needed to be able to ping the domain name for domain/forest B.
Can someone explain to me how does the Quest migration tools work to migrate a user computer in an environment the users and DC's are on different networks?  How does short name play into migrating the user computers? What needs to be in place to migrate the user computer?
0
Comment
Question by:hbpub
3 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40564645
Take a look at the Dell site specifically and you will find a complete step-by-step screenshot view of how Quest migrates objects.

Quest Active Directory migration

Will.
0
 

Author Comment

by:hbpub
ID: 40564966
I am looking what are the requirements in preparing the domain for this process to work.  I have been asking the migration team for more information and they are not providing this information.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40568497
I never used WINS for Quest tool to work correctly

It is working on DNS fine as far as I seen

The tool prerequisites are not much
Tool do not require domain trust, however it is better to have trust to maintain co-existence during migration for resource access
Also it do require ADLDS instance

The tool has 3 components (database, migration console for users, groups and computers and lastly resource updater (specific for computer migration)
The tool installs his agent on domain controllers in source and target domain to do migration task such as user, group and computer migration

For computer migration the tool simply copy \ prestage computer account from source to target and install tool agent on that computer, but for actual physical computer migration you need to run resource updater which actually translate security on profile\shares\registry etc from source domain to target and finally disjoin computer from source domain to target domain

From Quest manager console, The target computer name will get resolved with DNS of target domain and need to be get contacted over SMB and NetBIOS protocol to push quest agent for migration.
You need to enable firewall exceptions in clients for file and print sharing or simply turn off windows firewall on client computers so that quest agent can be pushed without any problems
Also quest migration console should be able to talk to source and target domain controllers on all standard AD auth ports (TCP and UDP 135,137,138, 139, 445, 3268.3269, 389, 88,464, 636, 53 and high RPC ports 1024-65535)
Now you should keep QMM console (database, migration console and resource updater), target DC and source computers to be migrated in same network to avoid latencies and drops because tool has to install agent on workstations and that agent has to translate security from source to target accounts and send logs to QMM console and from there it need to written to database
In short if QMM and computers to be migrated are in different location \ networks, it can cause migration problems during migration due to latencies \ packet drops

Generally you should deploy ADLDS, Quest migration manager and resource updater on same server
U can install all three components on separate server \ computers but it do not required in most of the cases
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now