EngrIT Migration Procedure Guide

Engineering procedure for migrating units to the new AD.

Step 1: Initial Preparation

  1. Fill out EngrIT Template for Share Permissions Access Worksheets for your unit well PRIOR to migration.
    1. Add an additional column so you have Old Permissions and New Permissions. ID all current permissions on shares/printers
    2. Try to switch permissions to using personnel groups in the new AD.
    3. If that is not possible,decide which need an access group and which need a more general group because it reflects an actual grouping of people (such as organizers of a particular project) and could reasonably be used for more than just access to a particular share.
  2. Create the group objects required from previous step.  Watch your naming convention!
  3. Create machine accounts in UOFI according to naming convention:  building-room-##, example eh-403b6-01. 
    1. Note: The mobile devices OU defaults to Offline Files Disabled. USA units have an OfflineFilesEnabled OU under each Unit with appropriate GP already linked in. Other locations that need similar are encouraged to follow suit.
  4. Send a requests to Bob and Kathleen that your objects are complete so they can audit them.  Please give them a couple working days before you plan to migrate!

(EngrIT comment: Bob & Kathleen reviewed units to try and make sure everyone started out interpreting the policies the same way and everything looked clean to start with. Since we were changing a lot we wanted to make sure we started out the same across departments.)
(EngrIT comment: It isn’t clear from up there, but one of the BIG things being looked for an pushed in our policies is to PUT A DESCRIPTION ON EVERYTHING)

Step 2: Server/network Preparation

  1. Set file permissions as decided in Step 1
  2. Set printer permissions as decided in Step 1
  3. Verify/create DFS paths
    1. Users should be: \\ad.uillinois.edu\engr\users\netid
    2. Shares should be: \\ad.uillinois.edu\engr\unit-sharename
  4. Create appropriate printer deployment policy 
    1. Claim one of the Engineering GP – ### empty policies
    2. Rename it ENGR Unitname Printers (or similar)
    3. Use Group Policy Preferences to deploy the printers
         Warning: If you have printers restricted to certain groups, you will need to check “Run in logged-on user’s security context (user policy option)” under the Common tab
  5. Create appropriate drive mapping policy
    1. Claim one of the Engineering GP – ### empty policies
    2. Rename it ENGR Unitname Drive Mapping (or similar)
    3. Use Group Policy Preferences to map the drives
          Remember: Home directory is mapped at u:/ for all admin and research machines
  6. Verify or create any other group policy or policies required for unit
    1. Claim one of the Engineering GP – ### empty policies
    2. Rename it ENGR Unitname SomethingDescriptive

(EngrIT note: If this looks like very few GPOs to apply to a unit, that’s because most of our policies apply up the tree a ways. Very few apply at the unit level)

Step 3: User Preparation

  1. Notify affected users of scheduled migration
    1. Warn them either here or post-migration that first login can take 10 minutes
  2. Update Engineering Status page
    1. To add a status message just log into the private wiki, select “add” and “blog post”
    2. Add relevant details and then be sure to set the label to status so that it will appear on the page
    3. You can check your handiwork here: (Linked to private EngrIT space)

Step 4: Pre-migration Computer

  1. Make sure uofi\users will have appropriate permissions on desktop systems (user or administrator as per unit).  (engrit-usa and engrit-usr have admin privs by GP)
  2. For XP machines, make sure the preferences patch is applied so GP Preferences actually apply: (http://www.microsoft.com/download/en/details.aspx?id=3628 or on the software share)
  3. Optional, and only relevant if moving profile pieces by hand: Have the user login once as uofi\netid and launch Outlook prior to migration
  4. Rename existing machines within UIUC to match naming convention by NetDom script.Note: This script has worked very well for some units and did almost nothing in others. We do not know what the difference is, but it saves a lot of time and effort if it works and you have to gather all the relevant information already anyway. If the script does not work most people have found it easiest to do the renaming along with Step 5.## Download the spreadsheet:AD_Netdom.xlsx\
    1. Fill in the blue boxes for old and new computer names
    2. Fill in your netid and AD password (then delete it when you’re done with this process!)
    3. Copy the contents of the “Rename Command” column out of Excel and into notepad
    4. Save your notepad document as something.bat on your local PC (highly suggest not on desktop–put it somewhere that isn’t on the server)
    5. Run the batch file when you are ready to rename. It will force reboot all the systems you rename, so do it out of normal hours
    6. Delete the batch file! (As it has your password in it)

Step 5: Migrate the computer and profile data

  1. Migrate the computer to the new AD
    1. Option 1: By hand
    2. Option 2: NetDom Script
      1. Download the spreadsheet: AD_Netdom.xlsx
      2. Fill in the blue boxes for new computer names
      3. Fill in your netid and AD password (then delete it when you’re done with this process.)
      4. Copy the contents of the “Join Command” column out of Excel and into notepad
      5. Save your notepad document as something.bat on your local PC (highly suggest not on desktop–put it somewhere that isn’t on the server)
    3. Run the batch file when you are ready to join PCs. It will force reboot all the systems, so do it out of normal hours.
      1. Delete the batc file! (As it has your password in it)
    4. Option 3: Using Forensit 
      1. See EngrIT ForensIT Guide for detailed directions.  Pretty straightforward and has been reasonably reliable.  If you are planning to use Forensit to migrate the user profile(s) it is suggested you use it for migrating the machine as well. Not necessary, but easier in many ways.
  2. Migrate Profile Data
    1. Option 1: By Hand (See the profile information in EngrIT Migration Gotchas )
    2. Option 2: Use Forensit.  For detailed directions (it’s pretty straightforward) see: EngrIT ForensIT Guide
    3. If your Unit did not forward IE Favorites before, copy the user’s favorites from the local machine to their home directory on the server
    4. If your users have ad.uiuc.edu shortcuts update them to ad.uillinois.edu

Step 6: Post-Migration

  1. Update Status Message on Wiki
  2. Record any unusual problems and hopefully their solutions EngrIT Migration Gotchas