La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

TNT1-130 <SLIDETITLE>Entry Slide</SLIDETITLE>

Presentaciones similares


Presentación del tema: "TNT1-130 <SLIDETITLE>Entry Slide</SLIDETITLE>"— Transcripción de la presentación:

1 TNT1-130 <SLIDETITLE>Entry Slide</SLIDETITLE>
<KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

2 Migración e interoperabilidad Novell NetWare y Microsoft® Windows® Server™ 2003
<SLIDETITLE>Title Slide</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Hello and welcome to this Microsoft® TechNet session on Novell NetWare and Windows Server 2003 Migration and Interoperability. My name is {insert name} </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

3 Lo que vamos a cubrir Migración versus sincronización
Utilizar el servicio de sincronización de directorios de Microsoft Emplear la Utilidad de migración de archivos <SLIDETITLE>What We Will Cover</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] First, we will talk about the advantages and disadvantages of migration versus synchronization between Microsoft Active Directory® directory service and Novell NetWare. [BUILD2] Then, we will discuss using Microsoft Directory Synchronization Service, a tool that can both synchronize NDS and Active Directory for long-term interoperability and migrate tree information from NDS to Active Directory. [BUILD3] Finally, we will use the File Migration Utility to move files and permissions from NDS to Active Directory. </SLIDESCRIPT> <SLIDETRANSITION> This is the prerequisite knowledge that will help you in this session. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

4 Conocimiento previo Nivel 200
Experiencia en administrar servidores Windows Server 2003 Experiencia en administrar redes Novell NetWare <SLIDETITLE>Prerequisite Knowledge</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> You will be able to get the most out of this presentation if you have some experience administering Microsoft Windows® Server™ 2003 servers and Novell NetWare networks. </SLIDESCRIPT> <SLIDETRANSITION> This is the agenda for the presentation. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Nivel 200

5 Agenda Servicios para NetWare
Sincronización y migración del directorio Migrar recursos de archivo Configuración de la estación de trabajo y resolución de problemas de migración <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> This is the agenda for the presentation. First, we will talk about planning and preparing for Services for NetWare (SFN). Then we will cover how to use Microsoft Directory Synchronization Services to synchronize or migrate from NetWare to Windows. Next, we will talk about how to use File Migration Utility to move files from NetWare to Windows, preserving permissions. Finally, you will learn about migrating the workstation and some troubleshooting for Services for NetWare, including how to customize SFN for your needs. </SLIDESCRIPT> <SLIDETRANSITION> Novell and its NetWare customer base are facing some upcoming challenges. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

6 Servicios para Netware Desafíos de NetWare
Movimiento estratégico de Novell NNLS y OES Soporte descentralizado Nuevo sistema operativo Menor soporte para NetWare Desafíos administrativos Host de aplicaciones Aplicaciones de administración Ejecutar una versión anterior Tiempo para realizar la actualización <SLIDETITLE> Challenges to NetWare </SLIDETITLE> <KEYWORDS> NetWare, NNLS, Novell </KEYWORDS> <KEYMESSAGE> NetWare administrators face significant challenges moving forward.</KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> An enterprise that is utilizing NetWare tools faces significant challenges as it moves forward. [BUILD1] Novell is planning to release its new open source network server, Open Enterprise Server, in February OES is a combination of some of the features in NetWare with the Linux operating system. Novell has invested in open source initiatives and bundled third-party applications with OES, providing services to the network that are developed and supported by the open source community. Since OES is delivered with Linux, administrators will have to become familiar with a new operating system to fully adopt Novell’s new product. Novell’s last Network Operating System, NNLS, ran exclusively on a Linux platform and had a reduced feature set compared to NetWare. [BUILD2] As an administrator, the current NetWare feature set has some limitations. Across the industry, there is limited and shrinking support for NLM application deployment, the Novell tool for server hosting of applications. More and more applications are available using the .NET framework, leveraging IIS and the .NET development tools. As Novell has changed its administrative tools, Novell administrators find themselves using a mix of NWAdmin, ConsoleOne, and Rconsole to perform common administrative tasks. Remote administration is further limited.

7 Servicios para Netware Desafíos de NetWare
Movimiento estratégico de Novell NNLS y OES Soporte descentralizado Nuevo sistema operativo Menor soporte para NetWare Desafíos administrativos Host de la aplicación Aplicaciones de administración Ejecutar una versión anterior Tiempo para realizar la actualización [BUILD3] Enterprises that utilize older versions of NetWare, such as NetWare 3.x or 4.x , may be called on to deploy technologies that their current network is not capable of managing with the new tools. An upgrade to a newer version of NetWare is risky due to Novell’s dwindling support and due to the limited migration tools, so a migration to NNLS would be risky as well. </SLIDESCRIPT><SLIDETRANSITION> Windows Server 2003 can address the challenges that administrators face. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Benefits of Migrating from NetWare to Microsoft Windows Server 2003 white paper, chapter 1.</ITEM> </ADDITIONALINFORMATION>

8 Servicios para Netware Ventajas de Windows Server 2003
Profunda integración del cliente Integración con las aplicaciones (SharePoint®, etcétera) Mayor compatibilidad y estandarización Son las cosas pequeñas Impresoras buscables Herramientas de administración remota Mejores capacidades del servicio de archivo Herramientas de respaldo Sistema distribuido de archivos <SLIDETITLE> Windows Server 2003 Advantages </SLIDETITLE> <KEYWORDS> Active Directory, Windows Server 2003, File and Print </KEYWORDS> <KEYMESSAGE> Windows Server 2003 addresses the needs of the new enterprise. </KEYMESSAGE> <SLIDEBUILDS> 5 </SLIDEBUILDS> <SLIDESCRIPT> Windows Server 2003 addresses the needs that administrators find in the current environment. [BUILD1] Windows Server 2003 and Active Directory integrate closely with Windows desktop operating systems, particularly Microsoft Windows XP. Designed to work together, Server 2003 and XP integrate closely, giving the administrator powerful tools to survey and manage both the network and the desktop environment. [BUILD2] Using IIS and the .NET Framework, applications such as SharePoint® Services integrate with the desktop client. [BUILD3] More and more applications utilize Microsoft technologies that Windows Server 2003 supports. As we mentioned earlier, Windows offers by far, the greatest number of application of any family of operating systems, including NetWare, Linux, and all competing platforms. Corporations whose server platforms are based on Microsoft Windows Server 2003 benefit from maximum choice for their business-critical applications. [BUILD4] As an administrator, the small inconveniences of managing the network can eat up your time very quickly. Since Server 2003 printers are integrated into Active Directory, it is simple to search for printers from the workstation and install them. With Microsoft Management Console and the Windows Server 2003 Administration Tools Pack, an administrator can manage the network from anyplace, increasing response and easing the stress of maintaining the network.

9 Servicios para Netware Ventajas de Windows Server 2003
Profunda integración del cliente Integración con las aplicaciones (SharePoint®, etcétera) Mayor compatibilidad y estandarización Son las cosas pequeñas Impresoras buscables Herramientas de administración remota Mejores capacidades del servicio de archivo Herramientas de respaldo Sistema distribuido de archivos [BUILD5] Windows Server 2003 includes Shadow Copy service. The Volume Shadow Copy service provides an infrastructure for creating a point-in-time copy of a single volume or multiple volumes. The Volume Shadow Copy service coordinates with business applications, backup applications, and storage hardware to enable application-aware data management. Distributed File System (DFS) eases the task of locating and managing data on your network. DFS provides unified management of and access to distributed servers across an organization. Through DFS, files on different computers can appear as a single namespace, providing a unified, hierarchical view of multiple file servers and file server shares on a network. Using the Active Directory service, DFS shares can be published as volume objects, and administration can be delegated. Other enhancements include more reliable load-balancing, better file replication across DFS sites and servers, and closest-site selection for users accessing the network, which ensures that users share files from the server closest to their network access point. </SLIDESCRIPT> <SLIDETRANSITION> Look at our example company, Contoso. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> </ADDITIONALINFORMATION>

10 Servicios para Netware El escenario de Sydney
Oficina sucursal de Contoso Sydney Utiliza NetWare 5.1 Servicio de archivo Impresoras (NDPS y QPrint) ZENworks Decisión estratégica para migrar Contabilidad utiliza la aplicación NLM personalizada <SLIDETITLE> The Sydney Scenario </SLIDETITLE> <KEYWORDS> Sydney, Contoso </KEYWORDS> <KEYMESSAGE> The rest of this presentation will relate NetWare to Active Directory migration tools in use at the Contoso Sydney branch office.</KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] For the rest of this presentation, we will follow the Contoso Corporation’s Sydney branch office. [BUILD2] Currently, the office utilizes NetWare 5.1 for basic networking needs: it has file services and printers that use both NDPS and QPrint. Some policies are enforced with ZENworks. Logon scripts map drives for different departments. [BUILD3] Contoso has made a strategic decision to migrate this office to Active Directory. Contoso wants to standardize its enterprise and deploy .NET Framework applications. [BUILD4] However, the Sydney office uses a custom application that is NetWare-dependent. It can not migrate immediately but needs to be able to integrate immediately with the Active Directory tools. When the application can be ported in the future, the NetWare server will be retired. </SLIDESCRIPT> <SLIDETRANSITION>Next, look at Windows support for Novell systems. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>SMS 2003 Concepts, Planning and Deployment Guide, page 15. </ITEM> </ADDITIONALINFORMATION>

11 Servicios para Netware Soporte de Windows para NetWare
Servicios del cliente para NetWare Servicios para NetWare 5.03 Mensajes Microsoft Identity Information Server Sincronización del director (metadirectorio) <SLIDETITLE> Windows Support for NetWare </SLIDETITLE> <KEYWORDS> Exchange 2003, Novell, Client for NetWare, MIIS </KEYWORDS> <KEYMESSAGE> Microsoft offers multiple tools to help enterprises with interoperability and migration. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> Microsoft offers multiple tools to help enterprises with interoperability and migration. [BUILD1] All Microsoft operating systems come equipped with Microsoft Client for NetWare. Windows workstations in NetWare environments can use Client Services for NetWare (CSNW), which is included with Windows workstation operating systems, to gain access to NDS. CSNW is sometimes used for this purpose as an alternative to Novell NetWare Client for Windows. CSNW provides access to NetWare 5.x and earlier environments using the IPX/SPX protocol. If a workstation is running Client Services for NetWare, that workstation will not implement ZENworks or be able to run administrative tools. [BUILD2] The rest of this presentation will talk extensively about the two tools in Services for NetWare They allow directory synchronization between NetWare networks and Active Directory as well as File Migration. [BUILD3] Exchange 2003 can interoperate with NetWare. For more information, read the Exchange 2003 Interoperability and Migration Guide. [BUILD4] Microsoft Identity Information Server 2003 is a product that can help you synchronize multiple directories and password protected applications to simplify your user and management experience. </SLIDESCRIPT> <SLIDETRANSITION> What do you want a migration to do? </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> </ITEM> <ITEM> </ITEM></ADDITIONALINFORMATION> También consulte la Guía de interoperabilidad y migración de Exchange 2003, Microsoft.com/technet/prodtechnol/exchange/ guides/e2k3InterOpMig

12 Servicios para Netware Enfoques de la migración
Evite una migración fallida Planee, planee, planee Minimice el tiempo que requiere la migración Optimice las mejores prácticas y lecciones aprendidas de las migraciones anteriores Contenga el costo de la migración <SLIDETITLE> Focus on Migration </SLIDETITLE> <KEYWORDS> Migration, best practice, focus </KEYWORDS> <KEYMESSAGE> An organization that is going to migrate to Active Directory from NetWare wants to have a successful, quick, and affordable migration. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> When your organization is preparing to migrate, the plan and execution will focus on: [BUILD1] Without proper planning and execution, a migration could be unsuccessful. A failed migration could result in loss of data, loss of functionality, or a negative experience on the part of users. Through planning and testing, the risk of failure can be mitigated. [BUILD2] The transitional period between networks can be quite sensitive. Not only can users experience downtime or a confusing experience, but the time spent on the migration can be directly related to the total cost of the migration. [BUILD3] Most enterprises have experienced some sort of data or software migration in the past. Leverage your own organization’s experience to avoid any problems and replicate the successes of those past projects. Depending on the project, it might be cost effective to recruit outside help from an expert with experience in NetWare to Windows migration. [BUILD4]Keep the cost of migration down. The best way to reduce cost is to plan the migration thoroughly and utilize a lab testing environment to identify and manage risks to the migration. Keep in mind that a gradual migration, in which you must support both networks for a time, tends to cost more due to the doubling of support requirements. </SLIDESCRIPT> <SLIDETRANSITION> These are the features of Services for Netware </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Migrating Novell NetWare to Windows Server 2003, page 26.</ITEM> </ADDITIONALINFORMATION>

13 Servicios para Netware Descripción general del producto
Servicios de sincronización de directorio de Microsoft Sincroniza Active Directory® con NDS / eDirectory Reduce la administración del directorio Simplifica la migración a Active Directory <SLIDETITLE> Product Overview </SLIDETITLE> <KEYWORDS> Microsoft Directory Synchronization Services, File Migration Utility, Features</KEYWORDS> <KEYMESSAGE> Services for Netware 5.03 has two applications, Microsoft Directory Synchronization Services and File Migration Utility </KEYMESSAGE> <SLIDEBUILDS> 2 </SLIDEBUILDS> <SLIDESCRIPT> Services for Netware version 5.03 contains two applications to synchronize and migrate NetWare networks to Active Directory. [BUILD1] Microsoft Directory Synchronization Services (MSDSS) synchronizes objects in the NDS tree with objects in Active Directory. It works with all versions of NDS and eDirectory. MSDSS can be applied in two different ways: to synchronize the two networks for a long-term period, assuring that changes to objects are consistent in both networks, or to migrate NetWare objects to Active Directory. MSDSS provides a single point of management for the migration. It enables the two networks to be managed from a single set of management tools, reducing management effort. We will look at MSDSS in more detail in the second part of this presentation. [BUILD2] The second part of SFN is the File Migration Utility (FMU). FMU migrates NetWare files to Windows servers, translating NetWare rights to Windows Permissions. FMU can massively reduce migration time in comparison to manually moving directories and files and then manually applying permissions. You will learn more about FMU in the third part of this presentation. </SLIDESCRIPT> <SLIDETRANSITION> SFN 5.03 has some improvements and changes from previous versions. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Services for NetWare 5.03 White Paper, pages 2 and 10. </ITEM> </ADDITIONALINFORMATION> Utilidad de migración de archivos Migra los archivos NetWare a los servidores Windows Acelera los procesos de migración Conserva la información del control de acceso Consulte Servicios para Netware 5.03, microsoft.com/windowsserver2003/sfn/default.mspx

14 Servicios para Netware Cambios de servicios para el 2000
Archivo e impresión para NetWare ya no se incluye Utilice los Servicios del cliente para NetWare Sincronización completa del usuario Número de fax, dirección postal Envío y reverrsión Dominios de Windows 2003 Posibles contenedores anidados en modo nativo <SLIDETITLE> Changes from Services for 2000 </SLIDETITLE> <KEYWORDS> Services for NetWare, File and Print for NetWare, MSDSS, FMU </KEYWORDS> <KEYMESSAGE> The latest version of Services for NetWare has some changes from previous versions. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> The latest version of Services for NetWare has some changes from previous versions. [BUILD1] File and Print for NetWare is no longer included with SFN. In the case that users still need to access file and print resources on a NetWare server, install Client Services for NetWare and access File and Print directly from the client [BUILD2] User synchronization is more robust. The previous version of MSDSS did not fully synchronize user fax numbers and postal addresses during reverse synchronization. [BUILD3] Since SFN 5.03 is Windows Server 2003 domain compliant, if your domains are running in native mode MSDSS will migrate and synchronize nested containers completely. </SLIDESCRIPT> <SLIDETRANSITION> Another possible tool for synchronization is Microsoft Identity Information Server. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Services for NetWare Release Notes, </ITEM> </ADDITIONALINFORMATION>

15 Servicios para Netware Microsoft Identity Information Server
Windows Sincronización de directorio Administración de contraseñas Aprovisionamiento y flujo de trabajo Es el mejor para la sincronización a largo plazo <SLIDETITLE> Microsoft Identity Information Server </SLIDETITLE> <KEYWORDS> MIIS, Microsoft Identity Information Server, Password Management, Synchronization, NDS, Active Directory </KEYWORDS> <KEYMESSAGE> Consider using MIIS if you plan to maintain a long-term coexistence of Active Directory and NDS, particularly if you have other systems to synchronize. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Microsoft Identity Integration Server (MIIS) 2003 is a centralized service that stores and integrates identity information for organizations with multiple directories. The goal of MIIS 2003 is to provide organizations with a unified view of all known identity information about users, applications, and network resources. If you have other identities to manage for your users, such as a SQL database or a mainframe database application, MIIS can centralize the management of users’ multiple identities. [BUILD2] For NDS and Active Directory, Microsoft Identity Integration Server 2003 Enterprise Edition can provide centralized password management for both the administrator and the user. End users and helpdesk personnel can modify all resource passwords from a single Web interface instead of using multiple tools. [BUILD3] Attribute flow enables changes to identity data to flow into and out of the MIIS “metaverse”--that is the set of tables within MIIS that contain the integrated identity information from multiple connected sources. Based upon your preferences, data in one location can “flow” to another location. For instance, if you change a phone number or another piece of identity in Active Directory, MIIS can change the same data in NDS and a custom SQL application. [BUILD4] MIIS is compatible with eDirectory 8.6.2, 8.7, and 8.7.x versions. It is not directly compatible with NDS. If your organization is using these versions of eDirectory, or if you can upgrade to them, MIIS is an effective way to simplify the management of multiple directories. MIIS does not help with resource migration; all of the file and print capabilities currently on the NDS servers will remain there. Client workstations will still require Client Services for NetWare or the Novell Client to access NDS resources. NDS SQL MIIS Datos de identidad Mainframe/ Unix

16 Servicios para Netware Microsoft Identity Information Server
Windows Sincronización de directorio Administración de contraseñas Aprovisionamiento y flujo de trabajo Es el mejor para la sincronización a largo plazo </SLIDESCRIPT> <SLIDETRANSITION> Take these steps to prepare for NetWare</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Services for NetWare 5.03 White Paper, page 16. </ITEM> <ITEM> </ITEM></ADDITIONALINFORMATION> NDS SQL MIIS Datos de identidad Mainframe/ Unix

17 Servicios para Netware Interfaz Web de MIIS
<SLIDETITLE> MIIS Web Interface </SLIDETITLE> <KEYWORDS> MIIS, user interface, Password management </KEYWORDS> <KEYMESSAGE> MIIS offers Web interfaces for helpdesk and end user password management </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] The greatest cost in helpdesk time is in resetting passwords, studies have shown. The complexity of user passwords increases as organizations acquire more systems for which users have accounts. When employees can’t remember all of their passwords, they might resort to non-secure practices like taping notes to their monitors. Minimizing the number of passwords that a user is required to remember can reduce the IT costs of resetting passwords and can make your organization more secure. A helpdesk worker can synchronize and change passwords easily from this Web interface. [BUILD2] To further reduce helpdesk costs, MIIS allows users to change all of their synchronized passwords through a simple, secure Web interface. The user can then select all or only a subset of their accounts returned and specify the old and new password. Microsoft Identity Integration Server 2003 then attempts to change the password for the special connector, the primary password. If this succeeds, the passwords for the remaining accounts are changed or set, depending on what operations are supported for the system. [BUILD3] Note that the account shown has a check box to its left that cannot be cleared. That is because that account is designated the “special connector.” If the attempt to set the password on this connector is not successful, by default none of the other requests will be processed. This makes it possible to use the most restrictive password policy as the policy-checking method. MIIS is a secure way to synchronize users’ connections to multiple networks and applications simultaneously. </SLIDESCRIPT> <SLIDETRANSITION> Look at how to design your Active Directory tree as you prepare to migrate. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Microsoft Identity Information Server 2003 Password Management, page 9. </ITEM> <ITEM> </ITEM> </ADDITIONALINFORMATION>

18 Servicios para Netware Metas de diseño para Active Directory
Administración más sencilla mediante una estructura consolidada de dominio La capacidad de delegar el control administrativo Menor impacto en el ancho de banda de la red Duplicación de objetos en todos los enlaces WAN Uso compartido simplificado de la red Mantiene el recurso cerca del usuario <SLIDETITLE> Active Directory Design Goals </SLIDETITLE> <KEYWORDS> Active Directory, Container, Active Directory Objects </KEYWORDS> <KEYMESSAGE> Design an Active Directory that suits your organization’s needs. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> Active Directory in Microsoft Windows Server 2003 enables organizations to create a scalable, secure, and manageable infrastructure for user and resource management and to support directory-enabled applications. A well-designed Active Directory logical structure provides the following benefits. Plan with these concepts in mind. [BUILD1] Simplified management of Windows networks that contain large numbers of objects. A consolidated domain structure means that the administrator can logically manage the elements of the network based upon their Active Directory location instead of as individual elements. For example, you can locate printer objects in OUs that correlate to their physical location to enable granular changes. [BUILD2] The ability to delegate administrative control over resources as appropriate. Subdivisions of network resources into domains and forests allow the enterprise administrator to delegate control over specific objects without granting general administrative rights. For instance, a regional helpdesk administrator can have access over local users and printers without having access to shares or users in another office. [BUILD3] By being aware of inter-domain replication, the Active Directory design will reduce the impact on network bandwidth. Replication inside a domain is much more frequent and intense than replication between two domains in a forest. Domain boundaries can help to control WAN link traffic. También consulte el Kit de implementación de Windows Server 2003, microsoft.com/resources/documentation/WindowsServ/2003/ all/deployguide/en-us/

19 Servicios para Netware Metas de diseño para Active Directory
Administración más sencilla mediante una estructura consolidada de dominio La capacidad de delegar el control administrativo Menor impacto en el ancho de banda de la red Duplicación de objetos en todos los enlaces WAN Uso compartido simplificado de la red Mantiene el recurso cerca del usuario [BUILD4] Place resources near the users who need them to simplify resource sharing. A well-designed Active Directory logical structure facilitates the efficient integration of features such as Group Policy, enabling desktop lockdown, software distribution, and user, group, workstation, and server administration, into your system. In addition, a carefully designed logical structure facilitates the integration of services such as Microsoft Exchange 2000, public key infrastructure (PKI), and domain-based distributed file system (DFS). If your organization is currently operating in a non-Microsoft operating system or Microsoft Windows NT® version 4.0 operating system environment, designing an Active Directory logical structure before deploying Active Directory enables you to optimize your deployment process to best take advantage of Windows Server 2003 Active Directory features.</SLIDESCRIPT> <SLIDETRANSITION> These goals are best achieved by creating a good Active Directory structure. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Windows 2003 Active Directory, </ITEM> </ADDITIONALINFORMATION> También consulte el Kit de implementación de Windows Server 2003, /resources/documentation/WindowsServ/2003/all/deployguide/en-us/

20 Servicios para Netware Estructura de Active Directory
Bosque – toda la organización Límite de seguridad Similar a la “Organización” de NDS Dominio Geográfica o lógica Duplicación de la red, similar a las particiones de NDS Identidad del usuario en toda la red Unidad organizacional Categoría de administración <SLIDETITLE> Active Directory Structure </SLIDETITLE> <KEYWORDS> Active Directory, Container, Active Directory Objects, Design </KEYWORDS> <KEYMESSAGE> An Active Directory forest is organized by three logical categories</KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> Design of an Active Directory Structure is guided by the principles of security, resources, and management. [BUILD1]The largest Active Directory unit we are going to talk about is the forest. The forest contains domains. The forest is used to define the security scope of administrators. No administrators from outside the forest can control access to information inside the forest unless first given permission to do so by the administrators within the forest. By contrast a domain is not a security boundary because within a forest it is not possible for administrators from one domain to prevent a malicious administrator from another domain from accessing data in their domain. [BUILD2] A domain is a partition in an Active Directory forest. Partitioning data enables organizations to replicate data only where it is needed. In this way, the directory can scale globally over a network that has limited available bandwidth. In addition, the domain supports a number of other core functions related to administration. A domain can be either geographic, to control bandwidth use and localize management, or logical for reasons of management and security. If there are no major bandwidth concerns of management delegations, you may want to create a single domain. Domain controllers, servers that replicate the domain, provide authentication services for users and supply additional authorization data, such as user group memberships, which can be used to control access to resources on the network. The domain defines a partition of the directory containing sufficient data to provide domain services and replicates it between the domain controllers. In this way, all domain controllers are peers in a domain and are managed as a unit.

21 Servicios para Netware Estructura de Active Directory
Bosque – toda la organización Límite de seguridad Similar a la “Organización” de NDS Dominio Geográfica o lógica Duplicación de la red, similar a las particiones de NDS Identidad del usuario en toda la red Unidad organizacional Categoría de administración Network-wide user identity. Domains allow user identities to be created once and referenced on any computer joined to the forest in which the domain is located. Domain controllers that make up a domain are used to store user accounts and user credentials such as passwords or certificates securely. [BUILD3] Within domains, resources and objects are organized into organizational units (OUs). Organizational units are used to group objects for administrative purposes, such as the application of Group Policies or delegation of authority. Control over an OU and the objects within it is determined by the access control lists (ACLs) on the OU and on the objects in the OU. To facilitate the management of large numbers of objects, Active Directory supports the concept of delegation of authority. By means of delegation, owners can transfer full or limited authority over objects to other users or groups. Delegation is important because it helps to distribute the management of large numbers of objects across a number of people trusted to perform management tasks. Delegation is assigned to OUs. </SLIDESCRIPT> <SLIDETRANSITION> Organization Unit design is different in Active Directory from NDS. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSBD_TOPO_OVERVIEW.asp </ITEM> </ADDITIONALINFORMATION>

22 Servicios para Netware Razones para crear UOs
Para delegar administración Para generar el alcance de la política La precedencia de la Política de grupo es sitio, dominio, UO Para controlar la administración de los recursos Establecer permisos en una sola UO y no en múltiples objetos <SLIDETITLE> Reasons to Create OUs </SLIDETITLE> <KEYWORDS> Active Directory, Container, Active Directory Objects, Organizational Unit, OU </KEYWORDS> <KEYMESSAGE> Create OUs for management purposes. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> Active Directory trees appear similar to an NDS tree. However the purpose of Active Directory trees, and thus the design, is a bit different. Generally, Active Directory OUs only contain one type of resource, such as printers, users, or shares. This makes the administration of resources simpler, as like items can be managed in one action. [BUILD1] The AD OU enables the delegation of administration. Responsibility for managing a specific OU can be assigned to a specific user. For instance, helpdesk personnel can be assigned the “Users” OU to create and change passwords without assigning them the “Shares” OU and the “Printers” OU. [BUILD2] Windows 2003 Group Policy can be applied by OU. Group Policy allows you to control users’ desktop experience, execute logon scripts, and otherwise manage containers. Policy is applied from large to small. You could apply a set of policies for all users and computers at the site or domain level, and then apply specific drive mappings or applications to specific OUs. [BUILD3] Create OUs to simplify administration. Put resources that have united management needs, such as Shares, into a single OU so that you can manage their permissions as a group instead of individually. </SLIDESCRIPT> <SLIDETRANSITION> Avoid creating an unnecessarily complex Active Directory. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSBD_TOPO_OVERVIEW.asp </ITEM> </ADDITIONALINFORMATION>

23 Servicios para Netware AD y diseño de la Política de grupos
ou = ejecutivos Innecesariamente complejas ou = WEST ou = San Jose ou = mfg Bob Tom ou = Burlingame ou = mkg Steve Mary ou = EAST ou = NYC Susan Estructura simplificada de UO ou = EMPLEADOS Bob Tom Steve Mary GP-SJ SJ BUR GP-BUR GP-NYC GP-mfg GP-mkt GP-exec mfg mkg ejecutivos NYC más fácil de ver las políticas los grupos se pueden buscar la membresía del grupo se puede ver el grupo puede recibir correos GP <SLIDETITLE> AD and Group Policy Design </SLIDETITLE> <KEYWORDS> Active Directory Design, Group Policy </KEYWORDS> <KEYMESSAGE> Use Groups and Group Policy to distribute policy, not organizational units. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> Here is a visual example of how and why tree design in Active Directory is different from NDS. [BUILD1] This tree is organized as you would organize it in NDS, with nested OUs for geographical and organizational subcategories. In NDS, ZENworks objects associated with each OU would disseminate policy, so this level of complexity is necessary. [BUILD2] This organization needs to implement specific group policies for each container, mapping custom drives and applying security policies. A group policy must be applied to each OU. [BUILD3] If an additional security policy needed to be added for only the executives in New York and the Marketing team in Burlingame, an additional Group Policy would have to be created and those users would have to be placed into it. [BUILD4] A simpler design can perform the same functions. Place all the users into a single OU, create groups for each function, and apply a Group Policy to the groups. Policies are then not constrained by the tree design: if the tree is organized in a geographical manner but workgroups are not always in the same place, create groups that reflect users’ work relationships. Unlike OUs, users can view and search groups and can enable them for mail distribution. For the administrator, groups are easily searched. A user’s multiple group memberships is easily viewed and manipulated. A flatter Active Directory is easier to understand and manage. </SLIDESCRIPT> <SLIDETRANSITION> Users and Groups are used to apply the security and communication principles that NDS does through OUs. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> </ITEM> </ADDITIONALINFORMATION> GP – Plan de marketing

24 Servicios para Netware Usuarios y grupos de Active Directory
Se utiliza para buscar directorios (agenda / lista de distribución) Se utiliza para aplicar la seguridad (acceso a los archivos, permisos) Se puede utilizar para aplicar las políticas de grupo Puede ampliar un grupo para ver las membresías Los usuarios no pueden ver el árbol Se debe utilizar más que la UOs <SLIDETITLE> Active Directory Users and Groups</SLIDETITLE> <KEYWORDS> Active Directory, Container, Active Directory Objects, Organizational Unit, Active Directory Users </KEYWORDS> <KEYMESSAGE> Users and Groups are used for security and communication. </KEYMESSAGE> <SLIDEBUILDS> 5 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Apart from the directory structure and OU locations, objects in Active Directory can be assigned to groups. A lot of the rights and capabilities that NDS applies through OUs is instead managed through groups in Active Directory. Groups are mail-enabled and visible in the Global Access List (GAL) for directory lookup. Groups can be used for distribution lists. For instance, a Group made up of all human resources people across an organization could be assigned to a distribution list to enable them to communicate about payroll across an organization. [BUILD2] A group can also be used to apply security. The same group used for the distribution list could also grant access to a share that contains payroll information. Members across the organization could access the data but non-members could not. [BUILD3] In most cases, groups are a superior way of applying group policies. Since OUs are generally organized for network management purposes, groups can more effectively reflect working relationships of users. [BUILD4] To contrast with NDS, the Active Directory structure is not visible to users. They are able to view group membership. This highlights an important difference between NDS and AD structure: In AD, group membership is relevant to the user but OU location is not. [BUILD5] In Active Directory, you will use groups more than OUs to apply policy. </SLIDESCRIPT><SLIDETRANSITION> Based on this review of Active Directory, note the differences between AD and NDS design.</SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/DSSBD_TOPO_OVERVIEW.asp </ITEM> </ADDITIONALINFORMATION>

25 Servicios para Netware Comparación entre Active Directory y NetWare
Estructura del árbol Plano Las relaciones del objeto no se definen por ubicación del árbol Jerárquico Las relaciones del objeto se definen por ubicación del árbol Permisos/ Derechos Asignados por grupos Asignado por UO Nombre de usuario Único Se puede duplicar Los usuarios se definen por el contexto del árbol. <SLIDETITLE> Active Directory and NetWare Compared </SLIDETITLE> <KEYWORDS>Active Directory, NetWare, tree design </KEYWORDS> <KEYMESSAGE> Active Directory differs from NDS in the design of the tree structure, the way permissions are assigned, and the way a user is uniquely identified. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> Active Directory and NDS look similar in that they utilize containers to maintain objects. Looking deeper, there are significant differences that you need to know to plan an Active Directory structure to replace your NDS tree. [BUILD1] In broad terms, Active Directory objects do not rely on the tree for context. In comparison, NDS automatically defines an object by its location. [BUILD2]Although it is possible to utilize Active Directory organizational units to assign rights or policies, groups are much more adaptive. [BUILD3] In Active Directory, all users in a domain must have unique user names. Since NDS identifies every object by the full context, such as admin.admn.sydney.contoso, two users in different OUs could have the same user name. During synchronization or migration, objects with identical names who are migrated to the flat structure of Active Directory can not coexist. MSDSS handles this by checking for duplicate names and appending a number on the end of successive duplicate users. For example, if there is more than one user in NDS with the user name “John,” the second one to migrate is recreated in Active Directory as “John0,” the third is “John1,” and so on. </SLIDESCRIPT> <SLIDETRANSITION> You have probably heard some things about Active Directory and Windows 2003 that are wrong. We should correct those misconceptions. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare To Windows Server 2003, page 4. </ITEM></ADDITIONALINFORMATION>

26 Servicios para Netware ¿Qué es un dominio?
Designación para el grupo de seguridad, y roles y tareas de administración Se crea cuando Windows se promueve a Active Directory Relaciones de dominio Dominio raíz (el dominio más importante) Dominio secundario (por debajo del dominio raíz/ por debajo de otro dominio) Las confianzas están predeterminadas a dos vías NOTE: Use this optional slide to explain further about domain relationships. <SLIDETITLE> What is a Domain? </SLIDETITLE> <KEYWORDS> Active Directory </KEYWORDS> <KEYMESSAGE> A domain is a security and administrative grouping of Active Directory </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] The domain is a boundary within the network that defines security, such as user access to resources, and administration delegation. [BUILD2] When a Windows Server 2003 is promoted to Active Directory, it creates a domain. Many organizations only require a single domain, which can encompass multiple servers providing multiple services. [BUILD3] Some organizations require multiple domains to subdivide security and administration. The top-most domain, which is created when the first server is promoted, is referred to as the root domain. It controls the replication of the forest. Any domain that is below another domain is referred to as a child domain. The domain above is quite naturally referred to as the parent domain. By default, all domains within a forest are “two-way trusts.” Resources such as the Global Address List are replicated freely between the domains. Each domain can be administered separately and independently of the others in the forest. </SLIDESCRIPT> <SLIDETRANSITION> Domains are collected in a forest. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> </ITEM> </ADDITIONALINFORMATION>

27 Servicios para Netware Definición de un bosque
Duplicación entre dominios Límite total de seguridad Comparte un esquema común El dominio raíz es el titular predeterminado del catálogo global y las relaciones de confianza Note: Use this optional slide to explain further on Active Directory forests. <SLIDETITLE> Definition of a Forest </SLIDETITLE> <KEYWORDS> Active Directory, Forest </KEYWORDS> <KEYMESSAGE> A forest is a collection of domain trees that share a common schema. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] A forest is the highest level of the logical structure hierarchy. An Active Directory forest represents a single self-contained directory. The forest can control the manner in which the different domains replicate to each other, just as partitions do in NDS and eDirectory. [BUILD2]A forest is a security boundary, which means that administrators in a forest have complete control over all access to information that is stored inside the forest and to the domain controllers that are used to implement the forest. [BUILD3] Domains within the forest must share a common schema. A schema is a series of definitions for the types of objects that the forest can contain, such as users and printers and shares. [BUILD4] The root domain, which is the first domain created in a forest, controls the global catalog and trust relationships between the domains. </SLIDESCRIPT> <SLIDETRANSITION> Next, take a closer look at publishing Systems Management Server, or SMS data to Active Directory. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_logic_what.asp </ITEM> </ADDITIONALINFORMATION>

28 Servicios para Netware Bosque único con múltiples dominios
Es necesario administrar la seguridad a nivel dominio Política de las contraseñas Control de la duplicación de la base de datos Puede compartir información Servicio único de Exchange NOTE: Use this optional slide to explain further about the Multi-Domain model. <SLIDETITLE> Single Forest with Multiple Domains </SLIDETITLE> <KEYWORDS> Active Directory, Domains, Forest </KEYWORDS> <KEYMESSAGE> Create multiple domains to aid in security and management.</KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] In a forest, security must be set at the domain level. Forests do not have administrative control of the domain. Although administrative functions can be delegated at the OU level, administrative policies can not. Use the forest organizational unit if you need to delegate administrative control such as the ability to change password policy. [BUILD2] Domains can span geographic boundaries, but their bandwidth demands can be high. Inter-domain replication can be controlled by the forest. Use domains as a geographic boundary if there is limited bandwidth available in the WAN. [BUILD3] Objects within a forest can interact easily. By default, they have two-way trust relationships and share an address list. For instance, a multi-domain, single-forest model could still have a single instance of Exchange providing messaging for all forest users. </SLIDESCRIPT> <SLIDETRANSITION> </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_logic_what.asp </ITEM> </ADDITIONALINFORMATION>

29 Servicios para Netware Modelo de múltiples bosques
Ningún esquema común modifica la política Nivel de alta seguridad Cada bosque DEBE instalar su propio sistema Exchange Los usuarios únicamente inician sesión desde las estaciones de trabajo que pertenecen a su propio bosque NOTE: Use this optional slide to explain further a multiple forest model. <SLIDETITLE> Multi Forest Model </SLIDETITLE> <KEYWORDS> Active Directory, Forest, Domain </KEYWORDS> <KEYMESSAGE> You can create multiple forests to secure interaction between business units. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] You can establish multiple forests for your organization if you can not agree on a common schema change policy, that is the changing of definitions of objects in your enterprise. A forest must have the same schema, and changes made to one segment of the forest must replicate to others. [BUILD2] In addition, you may want to have a multiple forest topography if one section of your organization requires a high degree of security independence. Most specifically, since a forest is a security boundary, the IT departments of the different forests will not have access or control over the other forest. [BUILD3] Although you can create inter-forest trusts to share some information between forests, they can not function as a single unit. For example, a single Exchange instance will not serve multiple forests, even with inter-domain trusts. [BUILD4] Even with trusts established, users can not log on to the other forest directly. They must log on to their own forest. </SLIDESCRIPT> <SLIDETRANSITION> Next, take a closer look at publishing SMS data to Active Directory. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_logic_what.asp </ITEM> </ADDITIONALINFORMATION>

30 Servicios para Netware Lo que ha escuchado acerca de AD
Nunca se puede renombrar un bosque, así que diséñelo a la perfección la primera vez Nunca puede fusionar los bosques Nunca puede sincronizar los directorios entre bosques MIIS puede Nunca se puede renombrar un dominio Debe contar con el software Windows más reciente para ejecutar el “modo nativo” <SLIDETITLE>Things you have heard about AD</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Windows Server 2003 has resolved many of the drawbacks of earlier versions of Active Directory. </KEYMESSAGE><SLIDEBUILDS>5</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] It is true, you can’t rename a forest, however tools now exist that allow you to move objects from one forest to another, so while it’s important to be pretty certain on your forest design, it’s not “impossible” to change later. You can create a parallel forest, and move objects from the old forest to the new one. [BUILD2] With the same tools, you can move objects into a forest from another forest, meaning that you can merge resources from two forests into one. [BUILD3] Microsoft Identity Information Server can synchronize objects in two forests, allowing users to have a single sign on experience to multiple forests. [BUILD4] It is possible to rename a domain with the “rendom” tool. All domain controllers must be running Windows Server 2003 Service Pack 1. You can use the domain rename process to change the names of your domains, and you can also use it to change the structure of the domain trees in your forest. This process involves updating the Domain Name System (DNS) and trust infrastructures as well as Group Policy and service principal names (SPNs). When the process is complete, the domain is fully functional. [BUILD5] You do not need to have a purely Windows Server 2003 environment with purely Windows XP workstations to run the domain in “native mode,” the most efficient domain mode. The requirements for native mode is that domain controllers must be Windows 2000 or Workstations can be Windows NT or even Windows 9x. </SLIDESCRIPT>

31 Servicios para Netware Lo que ha escuchado acerca de AD
Nunca se puede renombrar un bosque, así que diséñelo a la perfección la primera vez Nunca puede fusionar los bosques Nunca puede sincronizar los directorios entre bosques MIIS puede Nunca se puede renombrar un dominio Debe contar con el software Windows más reciente para ejecutar el “modo nativo” <SLIDETRANSITION> This is the architectural process for migrating from NetWare to Active Directory.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_ad_ium_over.asp</ITEM> <ITEM>http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/deployguide/en-us/dssbk_pfl_podg.asp</ITEM> </ADDITIONALINFORMATION>

32 Servicios para Netware Migración
Ruta para un entorno Windows puro Sondeo: Identificar y reemplazar/migrar los servicios de NetWare Mover las cuentas y permisos del usuario a Active Directory Utilizar la migración MSDSS y FMU <SLIDETITLE> Migration </SLIDETITLE> <KEYWORDS>MSDSS, Migration, NDS, NetWare</KEYWORDS> <KEYMESSAGE> MSDSS can be used for migrating users to Active Directory from NDS. </KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> When introducing Active Directory into your enterprise, plan a long-term strategy of either migration or synchronization. Your strategies will vary based on your desired outcome. [BUILD1] Migration is a path to a pure Windows environment, eliminating all NDS resources. If this is possible, it will simplify management and support, and reduce cost. [BUILD2] Before you migrate, survey your current NDS tree. Identify what services NDS provides your users and plan how to migrate them to Active Directory or replace them with a Windows resource. MSDSS and FMU can take care of users, groups, and file services. Identify ZENworks objects, printers, and specialized applications that require other tools to migrate. [BUILD3] If your network is particularly small, it might be feasible and preferable to migrate user and file resources manually, recreating every resource in the NDS tree, copying files to the Windows file servers, and assigning rights. The tools included in Services for NetWare automate these processes and could come in handy. The second demonstration will cover this in more detail. </SLIDESCRIPT> <SLIDETRANSITION>If you can not plan to migrate fully, use MSDSS to synchronize the two environments. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> MSDSS - Understanding Synchronization and Migration, page 20. </ITEM></ADDITIONALINFORMATION>

33 Servicios para Netware Sincronización
Entorno compartido de Windows/Novell Experiencia sin problemas para el usuario Duplicar usuarios y grupos en NDS y AD Utilizar la sincronización de una o dos vías de MSDSS <SLIDETITLE>Synchronization</SLIDETITLE> <KEYWORDS> MSDSS, synchronization, one-way, two-way </KEYWORDS> <KEYMESSAGE> If your organization wants AD and NDS to coexist, use MSDSS to synchronize the networks. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> Microsoft designed Windows Server 2003 and Services for NetWare to support both ongoing mixed deployments and a complete conversion to the new operating system. With Services for NetWare, you can use MSDSS synchronization to establish a long-term or permanent coexistence between Active Directory and a Novell directory. When you establish a mixed environment, you can take advantage of many Active Directory features—such as its enhanced search functions, improved user management, and delegation capability—without converting the entire network to Windows Server Using directory synchronization thus enables you to protect existing investments in hardware, NDS-dependent software, and organizational logistics. [BUILD1] If there are resources that you can not migrate, or your organization elects to add Active Directory to an existing NDS system, MSDSS will create continuity between the two systems, assuring the objects and passwords on the two networks are synchronized. [BUILD2] With the users synchronized, the user experience will be seamless. Users can access file, print, and application resources on either network without any special actions on the part of the user. [BUILD3] In the first steps of synchronization, MSDSS recreates NDS Users, OUs, and Groups in Active Directory automatically. Since the two types of trees are organized differently, you can create “sessions” to place NDS objects into the correct AD location.

34 Servicios para Netware Sincronización
Entorno compartido de Windows/Novell Experiencia sin problemas para el usuario Duplicar usuarios y grupos en NDS y AD Utilizar la sincronización de una o dos vías de MSDSS [BUILD4] MSDSS synchronization can be configured for two different types of synchronization: one-way or two-way. In one-way synchronization, MSDSS reads changes in the Active Directory tree and replicates those changes in the NDS tree. For administrators, this means that changes made in NDS will not be replicated in Active Directory. After an OU is synchronized, only manage those objects with Active Directory tools. In two-way synchronization, MSDSS moves changes in both directions between the two networks. Changes in NDS are synchronized back to Active Directory as well as Active Directory changes being synchronized to NDS. </SLIDESCRIPT> <SLIDETRANSITION> These are the checklists to run through before synchronizing. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003 </ITEM></ADDITIONALINFORMATION>

35 Servicios para Netware Lista de verificación previa a la sincronización
Evalúa la infraestructura de NDS Recursos NDS Vínculos LAN y WAN Identificar los recursos para la sincronización Diseñar Active Directory Instalar las herramientas de migración Controlador de dominio MSDSS <SLIDETITLE> Pre-Synchronization Checklist </SLIDETITLE> <KEYWORDS> MSDSS, Services for NetWare, Synchronization, checklist </KEYWORDS> <KEYMESSAGE> Before you synchronize, perform these steps to assure a successful synchronization.</KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Before you synchronize NDS with Active Directory, evaluate your NDS infrastructure. Identify your NDS resources and determine if you have the capability to include synchronization in your organization. One-way synchronization happens at short intervals, by default every 15 minutes, but does not require much network resource. Two-way synchronization includes a regular full scan of the NDS tree, which requires a great deal more energy by the servers. Confirm that your network connections between the NetWare server and the domain controller are capable of regularly handling the synchronization load. [BUILD2] Identify the resources that you wish to synchronize. It might not be necessary to synchronize the entire tree, and MSDSS allows you to be granular in your migration. [BUILD3] Based on the best practices that we spoke about earlier, design the Active Directory according to your organization’s needs. Create domains in locations that are not connected and create organizational units that reflect your organization. It is possible to migrate nested OUs, but it might not suit your organization to copy the whole NDS tree to AD. For security and resources, create groups that you can populate after the synchronization has populated the directory. [BUILD4] Finally, install the migration tools. You will need to set up a domain controller, configure it, and install MSDSS services on that server. You may want to install the MSDSS user interface on a workstation instead of running the synchronization while sitting physically in front of the domain controller server. </SLIDESCRIPT> <SLIDETRANSITION> These are the requirements for using MSDSS for synchronization. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003, pages 8 to 12. </ITEM></ADDITIONALINFORMATION> Consulte migrar Novell NetWare a Windows Server 2003, página 15.

36 Servicios para Netware Requisitos
Controlador de dominio Aplicación de MSDSS Derechos administrativos Cliente Novell Estación de trabajo NDS Extensiones de esquema <SLIDETITLE> Requirements </SLIDETITLE> <KEYWORDS> Requirements, MSDSS, Services for NetWare, File Migration Utility </KEYWORDS> <KEYMESSAGE> To perform the migration you need to have a domain controller, administrative rights on both the domain and the NDS tree, and the capability to expand the schemas. </KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] MSDSS must be installed on a domain controller. During installation, the Active Directory schema will be extended, so the user that installs it must have the administrative rights to extend the schema. The synchronization process runs on this machine. MSDSS must be run under a user that is a member of the Domain Admins group. Since this server must access the NDS tree, the Novell client must be installed on the server. During the installation of both MSDSS and Novell Client, you will have to reboot the server. You must also install Novell NetWare Client for Windows software on the MSDSS server or servers. MSDSS uses Novell NetWare Client for Windows to authenticate and to gain access to NDS. While accessing NDS, MSDSS authenticates, but it does not use a license. MSDSS also uses Novell NetWare Client for Windows to map one directory’s contents to another, accounting for the fact that the object classes in Novell NDS or Bindery directories are different from Active Directory object classes. Novell NetWare Client for Windows is also required to use File Migration Utility to migrate files. [BUILD2] It is not necessary for the operator to be physically at the server to administer the synchronization. The MSDSS UI can be installed on any workstation running Windows 2000 or Windows XP. You can operate MSDSS remotely from this workstation. It is not possible for the application to run simultaneously in two locations, however. You must also install Novell NetWare Client for Windows on this computer. The console enables you to view MSDSS sessions. Novell NetWare Client for Windows enables you to remotely access a domain controller running MSDSS and thus perform all MSDSS administration tasks.

37 Servicios para Netware Requisitos
Controlador de dominio Aplicación de MSDSS Derechos administrativos Cliente Novell Estación de trabajo NDS Extensiones de esquema [BUILD3] You will need to have administrative rights in NDS. If you are going to utilize two-way synchronization, you will need the capability to extend the NDS Schema. </SLIDESCRIPT> <SLIDETRANSITION> Now apply the synchronization tools to the Sydney branch office of Contoso. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003.</ITEM></ADDITIONALINFORMATION>

38 Servicios para Netware El escenario de Sydney
Auditar el árbol existente Diseñar el árbol de Active Directory Instalar herramientas <SLIDETITLE> The Sydney Scenario </SLIDETITLE> <KEYWORDS> Sydney Branch Office, Contoso, migration</KEYWORDS> <KEYMESSAGE> Prepare the Sydney branch office for migration. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> As the Sydney office is preparing to migrate, it will need to perform pre-synchronization tasks. [BUILD1] First, it will audit the existing NDS tree to identify the resources to synchronize and migrate. It will have to understand the scope of the migration and the requirements of the Active Directory installation. [BUILD2] From that information, it will need to design the Active Directory tree. It will need to look critically at how it should organize the Active Directory. [BUILD3] Lastly, it will need to install and prepare the tools; Active Directory on Server 2003, Novell Client, and Services for NetWare. </SLIDESCRIPT> <SLIDETRANSITION> On to the first demo. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> Migrating Novell NetWare to Windows Server 2003 </ITEM> </ADDITIONALINFORMATION>

39 demo Prepararse para e instalar servicios para NetWare
Prepararse para la migración Instalar el Cliente Novell Windows Server Instalar MSDSS Prepararse para la sincronización <SLIDETITLE>Demonstration</SLIDETITLE> <KEYWORDS>MSDSS, Migration, Synchronization, Novell</KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

40 Agenda Prepararse para los Servicios para Netware
Sincronización y migración del directorio Migrar recursos de archivo Configuración de la estación de trabajo y resolución de problemas de migración <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE> This is the Agenda. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>The next item is Directory Synchronization and Migration. </SLIDESCRIPT> <SLIDETRANSITION> First, look at the technical concepts behind MSDSS </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

41 Sincronización del directorio Funciones de MSDSS
Publica cambios entre Active Directory y NDS / eDirectory Se puede configurar a nivel sub-árbol Respaldo de operación programada Sincronización basada en sesión <SLIDETITLE> MSDSS Technical Concepts </SLIDETITLE> <KEYWORDS> MSDSS, synchronization, session, </KEYWORDS> <KEYMESSAGE> MSDSS can synchronize containers in a very granular way based on your needs. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] As we covered in the previous section, Active Directory is organized differently than NDS. Migrating the exact tree structure from NDS to AD would probably result in an overly complex AD. With MSDSS, you can create individual sessions to synchronize certain NDS tree segments to particular AD sections. Each session can be individually managed. [BUILD2] Each object that is synchronized, be it an OU, user, or group, is monitored for any changes. If the object is moved to a different OU or any entry is modified, the object will be resynchronized. MSDSS is able to translate the two trees. Some objects do not directly correlate, for instance user name and logon name. MSDSS is configured to best correlate these unlike objects. Later in this presentation, you will learn to customize MSDSS to manage two segments of the tree that have different needs. [BUILD3] Some organizations that choose to implement directory interoperability need the ability to enter new data or modify existing data in either directory and have that directory then update its partner directory. For NDS-based networks, MSDSS two-way synchronization provides this functionality. Two-way synchronization enables you to propagate changes made to objects in either Active Directory or NDS to the other directory. </SLIDESCRIPT> <SLIDETRANSITION> Choose the right synchronization strategy for your situation. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>See the white paper “Migrating Novell NetWare to Windows Server 2003” </ITEM> </ADDITIONALINFORMATION> Detecta los cambios a nivel objeto Correlaciona las diferentes estructuras del árbol Da seguimiento a los objetos conforme se mueven Sincronización a nivel de objeto Soporte de una y dos vías Soporta operaciones de una y dos vías La de una vía publica los cambios en Active Directory para NDS La de dos vías trabaja de manera bidireccional

42 Sincronización del directorio Elegir una estrategia de sincronización
Meta de la empresa Herramienta Administración Migración por etapas (usuarios conectados a ambos árboles mientras tanto) MSDSS de una vía Active Directory Integración con las necesidades especiales MSDSS de dos vías Active Directory NetWare Migración total Migración de MSDSS + FMU Integración a largo plazo MIIS Active Directory NetWare MIIS <SLIDETITLE> Choosing a synchronization strategy </SLIDETITLE> <KEYWORDS> MSDSS, Synchronization </KEYWORDS> <KEYMESSAGE> Choose a synchronization strategy based on your organization’s needs.</KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> Select the migration system that best suits your needs. [BUILD1] MSDSS synchronization enables directories to coexist, which means that users can share and access information in either directory and continue to use existing directory-enabled services and applications. However, directory coexistence comes at the cost of partially duplicated administration of separate directories. MSDSS one-way synchronization enables you to retain an existing NDS tree or Bindery while it helps simplify network management by enabling you to perform object administration solely from Active Directory. In addition to helping you to eliminate most of the cost of managing two separate directories, one-way synchronization is the best solution when the long-term goal is to migrate. (You must still manage security administration and non-synchronized object administration, such as computer account objects, from each directory separately.) [BUILD2] If you can not retire the NDS administration tools, MSDSS two-way synchronization is the best tool. You want to have both Active Directory and NDS administered by two sets of network administrators. If the network environment contains NDS as the primary directory and you have no plans to consolidate the number of directory platforms, two-way synchronization allows you to manage both networks with their native tools. For a long-term integration, two-way synchronization is the best tool.

43 Sincronización del directorio Elegir una estrategia de sincronización
Meta de la empresa Herramienta Administración Migración por etapas (usuarios conectados a ambos árboles mientras tanto) MSDSS de una vía Active Directory Integración con las necesidades especiales MSDSS de dos vías Active Directory NetWare Migración total Migración de MSDSS + FMU Integración a largo plazo MIIS Active Directory NetWare MIIS The disadvantage to two-way synchronization is the network cost. For a forward synchronization, MSDSS can read the delta, or only the changes that have occurred in the directory since the last synchronization. For a reverse synchronization, MSDSS must scan the entire NDS tree and compare the results to the MSDSS database. Since the scan is initiated from the Active Directory domain controller that runs the MSDSS application, that leg of your network will experience heavy and sustained traffic during the synchronization if your NDS tree is large. The domain controller will also have high usage. [BUILD3] Use MSDSS in conjunction with File Migration Utility to perform a full migration, including data and file permissions. You can use MSDSS to perform a quick, one-time migration of NDS or Bindery objects, followed by FMU to migrate files to Active Directory. After migration, the NDS tree will no longer be in use and you can retire those servers. A direct migration is best applicable if all applications and services offered by the NDS tree have been replaced by Windows services. [BUILD4] If long-term integration is your goal, Microsoft Identity Information Server is the most robust solution. Particularly if you have other user and password databases to manage, MIIS can reliably synchronize users and passwords between multiple networks. In this scenario, your management tools expand to include the MIIS tool set, along with Active Directory and NDS. As we covered earlier, MIIS provides a single sign on experience for the user. Through a browser interface, administrators and helpdesk personnel can change and synchronize passwords. Users can reset their own passwords through a Web interface as well. </SLIDESCRIPT> <SLIDETRANSITION> Now, understand the differences between one-way and two-way synchronization. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003, pages 7 to 12. </ITEM><ITEM> </ADDITIONALINFORMATION>

44 Sincronización del directorio Soporte de una y dos vías
Active Directory NDS, eDirectory Active Directory NDS, eDirectory Una vía Dos vías <SLIDETITLE> One-Way and Two-Way Support </SLIDETITLE> <KEYWORDS> MSDSS, Synchronization, NDS, Active Directory </KEYWORDS> <KEYMESSAGE> MSDSS can either synchronize one direction, from Active Directory to NDS, or two-way, from each network back to the other. </KEYMESSAGE> <SLIDEBUILDS> 2 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] MSDSS is a flexible synchronization service that supports two different kinds of synchronization depending on the requirements of the customer: one-way and two-way synchronization. One-way synchronization describes a synchronization process that pushes changes made in Active Directory to NDS, but does not read changes made in NDS. Active Directory to NDS synchronization flow is called forward synchronization. One-way sync should be used when a customer wants to centralize directory administration in Active Directory. In this configuration NDS users, groups, OUs, and containers can be managed and changed from Active Directory. However, because of the single point of administration benefits this offers, it also means that object changes made in NDS are not synchronized in Active Directory. One-way sync should be considered when a single directory management platform is desirable or if the long-term strategy of an organization is migration to Active Directory. [BUILD2] Two-way synchronization describes a synchronization process that reads changes made in both Active Directory and NDS and synchronizes those changes in each directory, therefore performing both a forward and a reverse synchronization. Just like Active Directory to NDS synchronization is called forward synchronization, NDS to Active Directory synchronization flow is called reverse synchronization. Consequently, changes can be made in either directory, read by MSDSS, and then pushed out to the non-updated directory. Two-way sync should be used in network environments where there is a strong need to manage both directories separately and have the information that is changed in one reflected in the other. The downside to this approach is that the full benefits of centralized directory administration are not realized, since two directories, rather than only a single directory, are being actively administered. Los cambios fluyen sólo desde Active Directory a NDS, eDirectory Es buena para utilizar Active Directory como el punto focal de administración Cuando la estrategia a corto plazo es a migración a Active Directory Los cambios fluyen de manera bidireccional entre Active Directory y NDS, eDirectory. Gastos fijos considerablemente más altos del procesador y de la red Es buena cuando los administradores desean seguir administrando los datos desde ambos directorios Es bueno cuando los usuarios necesitan acceder a los datos en el servidor de NetWare

45 Sincronización del directorio Soporte de una y dos vías
Active Directory NDS, eDirectory Active Directory NDS, eDirectory Una vía Dos vías Two-way synchronization should be considered when a single directory platform is undesirable or if the long-term strategy of an organization is coexistence or incremental migration to Active Directory. In summary, the decision to synchronize one-way or two-way is up to the customer and depends on their requirements. It is always feasible to change a session from two-way to one-way, for example. </SLIDESCRIPT> <SLIDETRANSITION> Now, look at the step-by-step MSDSS process for synchronization. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>SMS 2003 Concepts, Planning and Deployment Guide, page 15. </ITEM> </ADDITIONALINFORMATION> Los cambios fluyen sólo desde Active Directory a NDS, eDirectory Es buena para utilizar Active Directory como el punto focal de administración Es mejor cuando la estrategia a corto plazo es a migración a Active Directory Los cambios fluyen de manera bidireccional entre Active Directory y NDS, eDirectory. Gastos fijos considerablemente más altos del procesador y de la red Es buena cuando los administradores desean seguir administrando los datos desde ambos directorios Es bueno cuando los usuarios necesitan acceder a los datos en el servidor de NetWare

46 Sincronización del directorio Proceso MSDSS
Usuarios y grupos de NetWare Usuarios y grupos de Windows <SLIDETITLE> MSDSS Process </SLIDETITLE> <KEYWORDS> MSDSS synchronization, process </KEYWORDS> <KEYMESSAGE> MSDSS acts as a bridge between the two networks. </KEYMESSAGE> <SLIDEBUILDS> 6 </SLIDEBUILDS> <SLIDESCRIPT> One way to think about what MSDSS does is to view it as a bridge, or a connector, between information stored in Active Directory and information stored in NDS. And just like a bridge, information can flow two ways from Active Directory to NDS and from NDS to Active Directory. As such, MSDSS is the enabling technology that links Active Directory and NDS and allows for centralized cross-directory management. This is the process that MSDSS uses to synchronize NDS and AD. After the tool is configured, this process is automated but can also be triggered manually. [BUILD1] A session synchronization is triggered either on a scheduled or manual basis. [BUILD2] The MSDSS providers query Active Directory in a one-way synchronization or both AD and the corresponding Novell directory for changes in a two-way synchronization. [BUILD3] The attributes that have changed in Active Directory are read into MSDSS and, during a two-way synchronization, the objects that have changed in NDS are read into MSDSS. In order to make sure changes in an OU of one directory are reflected accurately in the OU of the other directory, MSDSS has a map that relates an object and its properties in one directory to its equivalent in another directory. [BUILD4] The changes made in Active Directory are forwarded to the Novell directory. This is also known as publisher synchronization. [BUILD5] The changes made in NDS are reverse synchronized to the Active Directory, known as subscriber synchronization. [BUILD6] At the end of each session a log of events is generated which provides details on errors and warnings. </SLIDESCRIPT> <SLIDETRANSITION> Synchronization occurs on the object level. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/windows2000/sfn/msdss.asp </ITEM> </ADDITIONALINFORMATION> NDS/ eDirectory MSDSS Active Directory

47 Sincronización del directorio Sincronización a nivel objeto
Usuarios Usuarios M S D Contabilidad Ventas Chicago Nueva York <SLIDETITLE> Object-Level Synchronization </SLIDETITLE> <KEYWORDS> synchronization, MSDSS </KEYWORDS> <KEYMESSAGE> MSDSS can be configured to specify the location of each OU in the two directories. </KEYMESSAGE> <SLIDEBUILDS> 0 </SLIDEBUILDS> <SLIDESCRIPT> Because the two trees are organized differently, synchronization occurs on the object level. A session only occurs for a pair of OUs, or a sub tree, in Active Directory and NDS. If Active Directory is functioning in Native Mode, that is without NT servers, nested directories will also synchronize. Since many organizations have multiple OUs, a session needs to be configured for each OU pair that exists. MSDSS supports up to 128 simultaneous synchronization sessions. Organizations with more than 128 sessions need to bring up another MSDSS server on a Windows Server 2003 domain controller. To ensure that synchronized information is transferred and stored securely, the information is stored in Active Directory. On the right, the NDS tree is organized geographically. On the left, the Active Directory tree is organized by business function. MSDSS can synchronize objects even if they are not in parallel folders. </SLIDESCRIPT> <SLIDETRANSITION> MSDSS synchronizes only certain objects between NDS and Active Directory. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>White Paper: Migrating Novell NetWare to Windows Server </ITEM> </ADDITIONALINFORMATION> Usuario 1 Usuario 2 Usuario 1 Usuario 4 Usuario 3 Usuario 4 Usuario 2 Usuario 5 Usuario 5 Usuario 6 Usuario 3 Usuario 6 Active Directory NDS MSDSS es compatible con situaciones en las cuales Active Directory y NDS tienen diferentes estructuras de árbol MSDSS da seguimiento a los objetos conforme cambia su posición en el árbol desde las operaciones mover y recortar e insertar

48 Sincronización del directorio Objetos que sincroniza MSDSS
Usuarios “Nombre” de NDS para el “inicio de sesión” en AD No para “nombrar” AD por predeterminación Contraseña de AD para NDS No de NDS para Active Directory Creación de un usuario nuevo Grupos Miembros si los usuarios se incluyen en la migración Unidades organizacionales (UOs) <SLIDETITLE> Objects MSDSS Synchronizes</SLIDETITLE> <KEYWORDS> Active Directory, Synchronize, User, Group </KEYWORDS> <KEYMESSAGE> MSDSS synchronizes Users, Groups, and Organizational Units. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> MSDSS is designed to migrate those directory objects that typically store the largest amount of information and the most important information. An immediate, one-time migration moves these Bindery or NDS objects to Active Directory, specifically: user accounts, groups, and distribution lists (for both Bindery and NDS), and (for NDS only) OUs. MSDSS can synchronize the core of the network; users, groups, and OUs. [BUILD1] Users are synchronized. In an initial NDS to Active Directory synchronization, MSDSS creates AD users and links them to their NDS counterparts. After that session, any element that is changed in the user container is synchronized based on MSDSS settings. Most user attributes in AD and NDS easily correlate: phone number, address, and other directory attributes are transferred automatically. One difference is the NDS “name” attribute. In NDS, “Name” is both a logon name and first name of the user. By default, MSDSS synchronizes NDS “name” to AD “logon” and leaves the AD “name” field blank. By changing a registry setting on the MSDSS server, you can have both fields synchronized identically. Since passwords can not be read from NetWare, the initial reverse synchronization to Active Directory creates a new password for each user. That user then must change his or her password at the next logon, by default. That default setting can be changed, as you will see in the upcoming demonstration. The Novell and Windows clients synchronize the passwords. During and after synchronization sessions, the preferred method is to make administrative changes to passwords in Active Directory. Once a synchronization session has been established, new users created in Active Directory are created in NDS. If you have configured two-way synchronization, new users created in NDS are created in the synchronized OU in AD.

49 Sincronización del directorio Objetos que sincroniza MSDSS
Usuarios “Nombre” de NDS para el “inicio de sesión” en AD No para “nombrar” AD por predeterminación Contraseña de AD para NDS No de NDS para Active Directory Creación de un usuario nuevo Grupos Miembros si los usuarios se incluyen en la migración Unidades organizacionales (UOs) [BUILD2] Groups and their membership are migrated if the members are a part of the synchronized group. [BUILD3] Nested Organizational Units are also migrated by MSDSS. </SLIDESCRIPT> <SLIDETRANSITION> Other objects do not synchronize between NDS and AD. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003 </ITEM></ADDITIONALINFORMATION>

50 Sincronización del directorio Objetos que no sincroniza MSDSS
Impresoras Aplicaciones Políticas (ZENworks) Archivos (a no ser que se utilice la migración con la Utilidad de migración de archivo) <SLIDETITLE> Objects MSDSS Does Not Synchronize </SLIDETITLE> <KEYWORDS> MSDSS, Print, Application, NLM, ZENworks </KEYWORDS> <KEYMESSAGE> MSDSS is not a tool for migrating printers, applications, policies, or files. </KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> MSDSS is not a tool to entirely migrate all NDS resources. [BUILD1] Printers are always objects within the NDS tree. You can choose to maintain a user’s capability to access NDS and print to the existing queues. You can also choose to recreate printers in Active Directory. In a phased, long-term migration, printers can be progressively migrated. [BUILD2] Proprietary applications that run as NetWare Loadable Modules, or NLMs, can not be run on Windows servers. Each application will probably have to be handled individually. If the long-term goal is a full migration, seek a replacement application that utilizes Active Directory. [BUILD3] Desktop integration policies in NDS are managed by an additional Novell application, ZENworks. ZENworks requires the Novell client and a connection to the NetWare server. In an Active Directory environment, the built-in Group Policy module administers the same administrative templates. Although they can not be directly migrated, the policy enforcement of ZENworks can be entirely duplicated in Active Directory. Audit the ZENworks policies and apply them to the Active Directory network using Group Policies.

51 Sincronización del directorio Objetos que no sincroniza MSDSS
Impresoras Aplicaciones Políticas (ZENworks) Archivos (a no ser que se utilice la migración con la Utilidad de migración de archivo) [BUILD4] Services for NetWare includes the File Migration Utility, which integrates with MSDSS to replicate files, folders, and permissions from the NetWare server. To utilize FMU, you must run MSDSS. To migrate file-system permissions, you must migrate the users before you migrate the file system. That is, to be able to migrate files with their access rights, you must first use MSDSS to migrate NDS directory or Bindery objects to Active Directory, and you must select the optional “Migrate Files” check box when you do so. This creates a migration log that File Migration Utility can use. You then use File Migration Utility to migrate the files and their access rights to a Windows Server 2003 NTFS share. Detailed instructions for migrating the different versions of NetWare are provided later in this presentation. </SLIDESCRIPT> <SLIDETRANSITION> Now, look more extensively at options for printing in your synchronized environment. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003, page 5.</ITEM></ADDITIONALINFORMATION>

52 Sincronización del directorio Opciones de migración de impresora
Deje las impresoras NDS en su sitio Los PCs nuevos deben instalar el Cliente Novell Reconfigure NDPS Vuelva a crear impresoras en AD con base en el tamaño del proyecto. Manualmente Determinado por el usuario (búsqueda de impresoras) <SLIDETITLE>Printer Migration Options </SLIDETITLE> <KEYWORDS> Print, NDPS, Migration, Active Directory </KEYWORDS> <KEYMESSAGE> You can maintain NDS printing with MSDSS synchronization, or you can recreate printers in Active Directory. </KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Larger NetWare environments typically use HP JetDirect print services or a similar product that enables clients to print to the printer. Smaller environments often use NetWare’s queue-based print services. If you have not migrated NetWare print servers, workstations can continue to use either of these print services to access printers on NetWare servers, and, therefore, you should not uninstall them until you do migrate NetWare print servers. Novell Distributed Print Services (NDPS) combines printer, print queue, and print server functions and is backwardly compatible with queue-based print services. It is important to understand that MSDSS migrates or synchronizes user-related information, not services such as NDPS. If you use NDPS, deciding whether you want to migrate the NDPS printing environment to Windows Server 2003 printing, or to retain NDPS can be a major factor in deciding between migration and long-term synchronization. With NDPS, the client does not print to a local port that is then redirected to a print queue. Instead, the client prints to a virtual printing port created on the workstation. This means that the workstation must have Novell NetWare Client for Windows installed. All print jobs are then handled by the NDPS system on the server. The recommended solution is to create a print queue on the server and to reconfigure NDPS to service the queue. This enables you to use queue-based printing from the client with the existing NDPS print server, which means that you can remove the NDPS drivers from the workstations, and thus the Novell client. Consulte la documentación de Windows 2003, en “Impresoras y faxes.”

53 Sincronización del directorio Opciones de migración de impresora
Deje las impresoras NDS en su sitio Los PCs nuevos deben instalar el Cliente Novell Reconfigure NDPS Vuelva a crear impresoras en AD con base en el tamaño del proyecto. Manualmente Determinado por el usuario (búsqueda de impresoras) [BUILD2] The other option is to fully migrate away from NetWare printing and create printers in Active Directory. Then, for Windows XP, Windows 2000, Windows NT 4.0, Windows 95, and Windows 98 clients, you do not need to do anything further. The users connect to the shared printer by searching for the printer they want to add in the Add Printer Wizard, right-click it, and then click Connect. In both cases, the printer driver is automatically copied to the client computer. Windows 2000 and Windows NT 4.0 clients check the printer driver and printer configuration each time they connect. Windows NT 3.x clients check each time the spooler service on the client is started. If the driver is not current, a copy of the new driver is downloaded automatically. The printer driver for a client running Windows 95 or Windows 98 is not automatically kept current. If you update the driver on the print server, you must manually install the driver on clients running Windows 95 or Windows 98. However, administrators should update the drivers on the print server, making it easier for these clients to update their drivers manually from the print server instead of requiring floppy disks or CD-ROMs. For more information, see the Windows 2003 documentation under “printers and faxes.” </SLIDESCRIPT> <SLIDETRANSITION> Another challenge to migration is ZENworks. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Windows 2003 Documentation: “Printers and Faxes.”</ITEM> <ITEM> White Paper: “Migrating Novell NetWare to Windows Server 2003” </ITEM></ADDITIONALINFORMATION> Consulte la documentación de Windows 2003, en “Impresoras y faxes.”

54 Sincronización del directorio Objetos de la aplicación ZENworks
Sincronice y mantenga ZENworks en su lugar Mantener el cliente Novell Migrar ZENworks utiliza las mismas plantillas administrativas que la Política de grupo Asignar las secuencias de comando con la Política de grupos SMS implementar las aplicaciones <SLIDETITLE> ZENworks Application Objects </SLIDETITLE> <KEYWORDS> ZENworks, Group Policy, SMS </KEYWORDS> <KEYMESSAGE> ZENworks capabilities can be transferred to Group Policy and Systems Management Server in Active Directory. </KEYMESSAGE> <SLIDEBUILDS> 2 </SLIDEBUILDS> <SLIDESCRIPT> In older versions of Novell desktop management suite, ZENworks is integrated with NDS and requires Novell NetWare Client for Windows. It does not run on Microsoft Client for NetWare. Fully deployed ZENworks environments are uncommon. If an organization does use ZENworks, you must decide between two options: [BUILD1] Keep ZENworks by synchronizing. If you choose to continue to use ZENworks, understand that because it is NDS-integrated and needs Novell NetWare Client for Windows, it places an additional resource requirement on the desktop. Migrate from ZENworks. A complete migration from NDS to Active Directory also requires moving to Microsoft desktop management services. Windows Server 2003 includes built-in desktop management features, such as remote operating-system installation, application distribution, data and settings mirroring, and industry-standard management instrumentation (WMI), each of which can be used by Windows Server 2003 management tools. Windows Server 2003 Policies can also assist greatly in desktop management scenarios. [BUILD2] If you do migrate from ZENworks to Microsoft desktop management, you can then also easily migrate Dynamic Host Configuration Protocol (DHCP) services from NetWare to Windows Server In NetWare, the DHCP networking protocol dynamically registers the client’s IP address in the NDS database with the associated computer name. Similarly, in Windows Server 2003, DHCP provides dynamic configuration of IP addresses for computers, ensuring that address conflicts do not occur. Because Windows Server 2003 DHCP is integrated with the Windows Server 2003 implementation of DNS (which is itself a central component of Active Directory), consider migrating both of these primary network services. Consulte “Guía de planeación para la migración de NetWare a Windows 2000 Server.”

55 Sincronización del directorio Objetos de la aplicación ZENworks
Sincronice y mantenga ZENworks en su lugar Mantener el cliente Novell Migrar ZENworks utiliza las mismas plantillas administrativas que la Política de grupo Asignar las secuencias de comando con la Política de grupos SMS implementar las aplicaciones If you want additional desktop management solutions (or solutions that can run on a mixed network), you can purchase Microsoft Systems Management Server 2.0, which can manage Windows-based clients in a Windows NT 4.0, Windows 2000 Server, Windows Server 2003, or an NDS-based Novell NetWare environment, regardless of the directory service in use. Also note that there are third-party tools that can be used to migrate users from ZENworks. Windows Server 2003 Policies can also assist greatly in desktop management scenarios. For more information about migrating DNS and DHCP to Windows-based servers and a discussion of client-services issues relevant to migrations from ZENworks, see the white paper NetWare to Windows 2000 Server Migration Planning Guide. Although this paper was written with Windows 2000 environments in mind, it contains information that will be useful in a Windows Server 2003 scenario. </SLIDESCRIPT> <SLIDETRANSITION> If you choose to retire ZENworks, Group Policy can fulfill the roles that ZENworks plays in your enterprise. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Migrating Novell NetWare to Windows Server 2003, page 22. </ITEM> </ADDITIONALINFORMATION> Consulte “Guía de planeación para la migración de NetWare a Windows 2000 Server.”

56 Sincronización del directorio Automatización del cliente de la Política de grupo
Ajuste Descripción Plantillas administrativas Configuraciones de Políticas de grupo basadas en registro Seguridad Seguridad local, del dominio y de la red Instalación de software Administración central de la instalación de software Scripts Secuencias de comando para inicio, cierre, conexión y desconexión Mantenimiento de Microsoft Internet Explorer Administre y personalice Microsoft® Internet Explorer en PCs basados en Microsoft Windows® Server 2003 Redireccionamiento de carpetas Almacenar carpetas de usuarios en un servidor de red Restricción de software Identificar software y controlar su capacidad de ejecución <SLIDETITLE> Group Policy Client Automation </SLIDETITLE> <KEYWORDS> Group Policy, ZENworks, Novell </KEYWORDS> <KEYMESSAGE> With regard to desktop control and automation, Group Policy performs the same tasks in Active Directory as ZENworks does in NDS. </KEYMESSAGE> <SLIDEBUILDS> 7 </SLIDEBUILDS> <SLIDESCRIPT> Administrators use Group Policy to define specific configurations for groups of users and computers by creating Group Policy settings. These settings are specified through the Group Policy Object Editor tool and contained in a Group Policy object, or GPO, which is in turn linked to Active Directory containers, such as sites, domains, or OUs. In this way, Group Policy settings are applied to the users and computers in those Active Directory containers. Administrators can configure the users’ work environment once and rely on the system to enforce the policies as defined. [BUILD1] Administrative templates (or .adm files) enable you to control registry settings using Group Policy, providing the means to configure the behavior and appearance of the desktop, including the operating system, components, and applications. Windows comes with a predefined set of Administrative template files, which are implemented as text files (with an .adm extension), that define the registry settings that can be configured in a GPO. These .adm files are stored in two locations by default: inside GPOs in the Sysvol folder and in the %windir%\inf directory on the local computer The Group Policy Administrative Templates node contains all registry-based policy information. User configurations are saved in HKEY_CURRENT_USER (HKCU), and computer configurations are saved in HKEY_LOCAL_MACHINE (HKLM). The software policy settings include Group Policy for programs as well as for the Windows 2003 operating system and its components. [BUILD2] Security settings. These Group Policy settings are used to define values for various security-relevant operating system parameters, such as password policy, user rights assignment, audit policy, registry values, file and registry ACLs, and service startup modes.

57 Sincronización del directorio Automatización del cliente de la Política de grupo
Ajuste Descripción Plantillas administrativas Configuraciones de Políticas de grupo basadas en registro Seguridad Seguridad local, del dominio y de la red Instalación de software Administración central de la instalación de software Scripts Secuencias de comando para inicio, cierre, conexión y desconexión Mantenimiento de Microsoft Internet Explorer Administre y personalice Microsoft® Internet Explorer en PCs basados en Microsoft Windows® Server 2003 Redireccionamiento de carpetas Almacenar carpetas de usuarios en un servidor de red Restricción de software Identificar software y controlar su capacidad de ejecución [BUILD3] The Software Installation snap-in is used to centrally manage software. Software can be assigned or published to users and assigned to computers. Group Policy-based software installation can be used to install software applications when a computer is started, when the user logs on, or on demand. Software installation Group Policy settings can be applied to users or computers in an Active Directory structure. Group Policy-based software installation can also be used to upgrade deployed applications or remove earlier applications that are no longer required. Users can be restricted from installing any software from local media, such as a CD-ROM, disk, or other unapproved applications. Medium and large organizations may wish to consider using Systems Management Server (SMS). SMS provides advanced capabilities such as inventory-based targeting, status reporting, server- and client-side scheduling, multisite facilities, complex targeting, centralized hardware and software inventory, remote diagnostic tools, software metering, software distribution-point population and maintenance, support for Windows 95, Windows 98, Windows NT 4.0, Windows 2000, and Windows XP clients, and enhanced software deployment features. SMS does not require Active Directory. [BUILD4] Scripts are used to automate tasks at computer startup and shutdown, and at user logon and logoff. Scripts can be written in any language supported by Windows Script Host including the Microsoft Visual Basic® development system, Scripting Edition (VBScript), JavaScript, PERL, and MS DOS-style batch files (.bat and .cmd). [BUILD5] Internet Explorer Maintenance is used to manage and customize Internet Explorer on computers running Windows 2000 or later. You can set options for the browser UI, connections, URLs, proxy settings, security zones, Favorites, and Internet Explorer Enhanced Security Configuration component, also known as Microsoft Internet Explorer hardening. [BUILD6] You can use folder redirection to redirect special directories on Windows 2000 or Windows Server 2003 from their default user profile location to an alternate location on the network. These special folders include My Documents, Application Data, Desktop, and the Start menu. [BUILD7] Software restriction policies. These Group Policy settings are used to help protect computers from code that is not trusted by identifying and specifying which applications are permitted to run. </SLIDESCRIPT>

58 Sincronización del directorio Automatización del cliente de la Política de grupo
Ajuste Descripción Plantillas administrativas Configuraciones de Políticas de grupo basadas en registro Seguridad Seguridad local, del dominio y de la red Instalación de software Administración central de la instalación de software Scripts Secuencias de comando para inicio, cierre, conexión y desconexión Mantenimiento de Microsoft Internet Explorer Administre y personalice Microsoft® Internet Explorer en PCs basados en Microsoft Windows® Server 2003 Redireccionamiento de carpetas Almacenar carpetas de usuarios en un servidor de red Restricción de software Identificar software y controlar su capacidad de ejecución <SLIDETRANSITION> You might want to utilize SMS for more robust enterprise management. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Introduction to Group Policy in Windows Server 2003 </ITEM> <ITEM> Windows Server 2003 Technical Reference, “Group Policy Collections.” </ITEM> </ADDITIONALINFORMATION>

59 Sincronización del directorio SMS para administración de software
Utiliza Windows Installer Service Paquetes de software creados de un archivo .MSI Implementación agilizada de las aplicaciones Aplicaciones MSI de auto.reparación Soporta ambientes basados en Windows bloqueado Otras funciones de SMS Administración de servidor Supervisión de activos Revisiones de seguridad <SLIDETITLE> SMS for Software Management </SLIDETITLE> <KEYWORDS> SMS, ZENworks, MSI </KEYWORDS> <KEYMESSAGE> For more extensive desktop management, particularly desktop software installation and maintenance, Microsoft System Management Server enables central management of the desktop. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> If your NetWare network relies heavily on ZENworks for application deployment, SMS 2003 can be leveraged to replace that function. Although Group Policy is enabled for software deployment, among SMS’s functions is total desktop application control. [BUILD1] SMS 2003 utilizes the Windows Installer service, allowing self-healing software packages to be created directly from a Windows Installer (.msi) file. The combination of SMS 2003 and the Windows Installer Service enables users’ security levels to be maintained for regular activities, while applying and utilizing elevated rights to enable automatic deployment of software, maintaining a high security configuration at all times. SMS 2003 was designed to be bandwidth-aware throughout the application deployment process, preserving valuable network resources for business usage through delta replication capability. Delta replication greatly reduces network traffic by only propagating changed or new files throughout the SMS 2003 hierarchy, allowing incremental changes to applications without consuming expensive network resources. When alterations are made to existing software package sources, only the changes are propagated between Systems Management Server 2003 site servers and distribution points, minimizing the impact on expensive network bandwidth. [BUILD2] Often, administrators find themselves performing application installations that require greater access to the local OS or to the network than the desktop user is normally granted. SMS can install high-security level applications while maintaining desktop user security levels. SMS 2003 utilizes elevated rights for automatic deployment of software. Because SMS 2003 supports the Windows Installer service (.msi), it is able to switch user account contexts during a package installation allowing for self-healing application installation on “locked-down” systems.

60 Sincronización del directorio SMS para administración de software
Utiliza Windows Installer Service Paquetes de software creados de un archivo .MSI Implementación agilizada de las aplicaciones Aplicaciones MSI de auto.reparación Soporta ambientes basados en Windows bloqueado Otras funciones de SMS Administración de servidor Supervisión de activos Revisiones de seguridad [BUILD3] Beyond software installation, SMS can manage servers, survey equipment on the network for asset management, and maintain security patches on desktop and server operating systems. For more information about SMS’s capabilities, visit the SMS website, </SLIDESCRIPT> <SLIDETRANSITION> Confirm that the Active Directory servers are properly replicating before implementing it. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> </ITEM> </ADDITIONALINFORMATION>

61 Controlador de dominio Controlador de dominio
Sincronización de directorio Verificación de la salud de Active Directory Réplica de directorios Objetos del directorio (usuarios, PCs, etcétera.) <SLIDETITLE> Active Directory Healthcheck </SLIDETITLE> <KEYWORDS> Active Directory, replmon, sonar, frsdiag </KEYWORDS> <KEYMESSAGE> Make sure that your Active Directory environment is healthy before migrating. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> Before you implement the Active Directory as a fully operational part of your enterprise, confirm that it is replicating properly. [BUILD1] Use ReplMon in the Windows Support Tools on Windows CD to validate replication. [BUILD2] Also use sonar.exe and frsdiag.exe on the Windows 2003 Feature Pack downloads to confirm FRS replication. FRS replicates the SYSVOL, contains NETLOGON share, stores logon scripts and system policies, contains Group Policies in separate folders. The feature pack is available at </SLIDESCRIPT> <SLIDETRANSITION> Now apply the synchronization tools to the Contoso Sydney office. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM> HOW TO: Verify That Active Directory Partitions Are Replicated Properly on All Domains in Windows 2000 </ITEM> </ADDITIONALINFORMATION> Servicios de duplicación de archivos Controlador de dominio Controlador de dominio SYSVOL (secuencias de comando de inicio de sesión, políticas, etc.) Consulte el artículo de la KB, “HOW TO: Verify That Active Directory Partitions Are Replicated Properly on All Domains in Windows 2000.

62 Sincronización del directorio El escenario de Sydney
Oficina sucursal de Contoso Sydney El departamento de contabilidad no se migrará totalmente de inmediato Punto único de administración: Active Directory Sincronización de una vía <SLIDETITLE> The Sydney Scenario </SLIDETITLE> <KEYWORDS> Contoso, Sydney, Synchronization, MSDSS </KEYWORDS> <KEYMESSAGE> The Accounting department will synchronize their new Active Directory space with NDS for now. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Now we will apply MSDSS synchronization to part of the Contoso Sydney migration. [BUILD2] The Accounting department runs a legacy NetWare application as an NLM on the server. The department will not be able to migrate to a different solution immediately, so its segment of the tree will be synchronized with Active Directory for now. [BUILD3] The organization is seeking to reduce cost and complexity by having a single point of administration, so it has elected to manage its network objects with only Active Directory MMCs and retire the NetWare Administrator and ConsoleOne. [BUILD4] Because of these goals, the department is going to use MSDSS one-way synchronization and leave NDS resources available to clients. </SLIDESCRIPT> <SLIDETRANSITION> On to the demo. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

63 demo Sincronización y migración del directorio
Sincronización de una vía Después de la sincronización Modificar un objeto de Active Directory y forzar la sincronización <SLIDETITLE>Demonstration</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

64 Agenda Prepararse para los Servicios para Netware
Sincronización y migración del directorio Migrar recursos de archivo Configuración de la estación de trabajo y resolución de problemas de migración <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE> This is the Agenda. </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The next item is Migrating File Resources. </SLIDESCRIPT> <SLIDETRANSITION> First, what are the reasons to migrate? </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

65 Migrar recursos de archivo Razones para la migración
Costo de soporte, costo de migración Migrar al sistema de archivo de Windows NTFS Sistema distribuido de archivos Instantáneas de volumen El inicio de sesión único es menos complejo <SLIDETITLE> Reasons to Migrate</SLIDETITLE> <KEYWORDS>MSDSS, Migrate, Novell</KEYWORDS> <KEYMESSAGE> Use Services for NetWare full migration if you’re able to replace all of your NDS network services.</KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] When migrating from a NetWare environment to the Active Directory service, there are two basic approaches: gradual migration and direct migration. Gradual migration assumes that both directory services will coexist for an extended period of time. Direct migration assumes quick migration of all NetWare services to Active Directory. From a business perspective, the difference between a quick and a slow migration must be evaluated according to the impact each might have on an organization. The cost and the risk associated with the two types of migration must be considered, and correlatively, the network management structure evaluated. The cost of the slower migration tends to be higher because the work is carried out over a longer period of time and requires multiple support and management resources expressly associated with an infrastructure that is complex and supplied by multiple vendors. However, the risk is lower because rollback can be done easily and problems can be resolved during the migration project with little impact on the production system. In contrast, the quick migration has a lower cost but the risk is higher. The cost is lower in terms of both the amount of time needed to make the switch and the lower support impact on the system. However, the risk is higher because any problems that arise can create greater disruption in the production system. [BUILD2] Migrating your network data to the Windows File System provides the advantages of the advanced encryption of the NTFS file system, as well as the network-wide responsiveness of the Distributed File System. In addition, Windows Server 2003 provides Microsoft Shadow Copy, which makes the quick recovery of older versions of a network file possible by a user. For more information, see [BUILD3] By removing the Novell client from desktops, the user experience is less complex and creates less network traffic. Consulte microsoft.com/windows2003 y “Guía de planeación para la migración de NetWare a Windows 2000 Server.”

66 Migrar recursos de archivo Razones para la migración
Costo de soporte, costo de migración Migrar al sistema de archivo de Windows NTFS Sistema distribuido de archivos Instantáneas de volumen El inicio de sesión único es menos complejo For more information on direct versus manual migration, see NetWare to Windows 2000 Server Migration Planning Guide. Most of the information is relevant to Windows Server </SLIDESCRIPT> <SLIDETRANSITION> There are some important steps to take to prepare for a migration. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM>NetWare to Windows 2000 Server Migration Planning Guide.</ITEM> <ITEM> Microsoft Services for NetWare 5.03 White Paper </ITEM> <ITEM> Migrating Novell NetWare to Windows Server 2003 </ITEM></ADDITIONALINFORMATION> Consulte y “Guía de planeación para la migración de NetWare a Windows 2000 Server.”

67 Migrar recursos de archivo Prepararse para la migración
Plan para migrar estaciones de trabajo Configuraciones del usuario Cliente Archivo de comando y políticas de inicio de sesión Impresoras Volver a crear en Windows Aplicar el servicio del cliente para NetWare Capacitación del usuario <SLIDETITLE> Prepare for Migration </SLIDETITLE> <KEYWORDS> MSDSS, FMU, Migrate </KEYWORDS> <KEYMESSAGE> Before you migrate your network to Active Directory, resolve any issues with workstations, printers, and users. </KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> MSDSS and File Migration Utility can migrate users, groups, and files. Additionally, you will need to migrate the workstations and printers, and prepare users for any change in their experience. [BUILD1] To get the most out of Active Directory, Windows XP Professional is the preferred operating system. For information about migrating your workstations to XP, see the Microsoft Solution Accelerator for Business Desktop Deployment at However workstations running Windows 9x, NT, and 2000 can connect to the domain. Upon migration of a true multiple user operating system such as NT, 2000, or XP, you will join the workstation to the new domain. A new local user is created, causing confusion for the user who was become accustomed to local settings and file locations. Use the File and Settings Transfer Wizard to backup and restore the files. When a direct migration is complete, the Novell client must be removed from the workstation. This is easily accomplished manually, or it can be performed by a script that is executed by a group policy. If you have a small installation and enough IT personnel, manually remove the client. If the personnel investment is too great, develop a Group Policy to remove the client. For more information about Group Policy and scripts, visit the Group Policy portal, As covered earlier in this presentation, use Group Policy to replace ZENworks’ logon script and policy application. Consulte microsoft.com/technet/itsolutions/techguide/mso/bdd/ default.mspx

68 Migrar recursos de archivo Prepararse para la migración
Plan para migrar estaciones de trabajo Configuraciones del usuario Cliente Archivo de comando y políticas de inicio de sesión Impresoras Volver a crear en Windows Aplicar el servicio del cliente para NetWare Capacitación del usuario [BUILD2] Printers can not be automatically migrated from NDS to Windows. The best long-term solution is to recreate printers in Active Directory before you migrate users who need them. If you do not have the resources immediately available to recreate printers, it will be necessary to maintain Novell Client or Microsoft Client Services for NetWare on the workstation to access printers in the NDS tree. Keep in mind that over the long-term the cost of maintaining both systems is much greater than the time cost of migrating. [BUILD3] Users will have a slightly different experience upon logging on to Active Directory instead of their accustomed NDS experience. Printers, file shares, and collaboration will vary slightly from their typical experience. This variation will result in support calls. Minimize the cost of user support by communicating with the user base about the upcoming change. If at all possible, maintain file locations, such as drive mappings and redirected folders, as you migrate. </SLIDESCRIPT> <SLIDETRANSITION> This is an overview of what File Migration Utility can do. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM>Migrating Novell NetWare to Windows Server 2003 </ITEM> <ITEM> </ITEM></ADDITIONALINFORMATION> Consulte microsoft.com/technet/itsolutions/techguide/mso/bdd/ default.mspx

69 Migrar recursos de archivo Descripción de la utilidad de migración de archivos
Acelera los procesos de migración Mueve los archivos NetWare a Active Directory Soporte a múltiples volúmenes Soporte a múltiples destinos <SLIDETITLE> File Migration Utility Overview </SLIDETITLE> <KEYWORDS> FMU, File Migration Utility, Services for NetWare </KEYWORDS> <KEYMESSAGE> File Migration Utility automates the process of moving files and file rights from NDS to AD. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] In order to reduce the costs and simplify the process of migrating off NetWare, Microsoft’s File Migration Utility provides a service to migrate NetWare files to Windows Server 2003. Migration can be a time-consuming task that is typically performed manually or with expensive third-party tools. The File Migration Utility reduces the time and cost of migration by copying multiple NetWare files to one or more Windows 2003 servers automatically. [BUILD2] The File Migration Utility also copies those files while preserving the permissions and ACLs associated with each file. Through granular mapping support and integration with MSDSS, files and the rights they have inherited or been assigned in NetWare are calculated and maintained in the Windows 2003-based network, preserving security and minimizing the time-consuming and treacherous process of reassigning file rights and permissions. [BUILD3] The File Migration Utility migrates files simply, as well as quickly and securely, by providing a central point of administration for migration management. As such, administrators can monitor which files have been migrated and which haven’t in a detailed report on status. Incremental migration support also allows customers to perform a gradual migration. Finally, both the TCP/IP and IPX/SPX protocols are supported to allow the migration of NetWare files and their permissions from the most recent versions of NetWare. </SLIDESCRIPT> <SLIDETRANSITION> The next graphic shows how FMU will accelerate the migration process. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Migrating Novell NetWare to Windows Server 2003, page 10.</ITEM> </ADDITIONALINFORMATION> Mantiene los permisos de archivo y ACLs Soporte granular de correlación Integrado con el servicio de sincronización de MSDSS Conserva la información de control de acceso Un punto central de administración Soporte incremental de migración Respalda los protocolos TCP/IP e IPX/SPX y varias versiones de NetWare Simplifica la administración de migración

70 Migrar recursos de archivo Acelerar el proceso de migración
Windows Server Servidor de archivo NetWare Servidor de archivos A B SLIDETITLE> Accelerates the Migration Process </SLIDETITLE> <KEYWORDS> File Migration Utility, Services for NetWare </KEYWORDS> <KEYMESSAGE> The File Migration Utility Accelerates the Migration Process. </KEYMESSAGE> <SLIDEBUILDS> 0 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Migrations from one platform to another are often time-consuming, costly, and risky. To minimize the time and expense required to migrate from a NetWare NOS to the Windows Server 2003 platform, Microsoft provides a file migration tool. FMU reduces the time, cost, and inconvenience of migration by copying groups of NetWare files from either one or several NetWare file and print servers to one or many “destination” Windows 2003 servers. This capability is known as one to many and many to many support. [BUILD2] The FMU management console displays a summary view of files. Through this console multiple groups of folders from multiple servers (in this case A and B) can be simultaneously copied and migrated to a Windows 2000 Server. [BUILD3] Once migration is complete, the NetWare files that existed only on the NetWare server are now present on both. Once this is done the NetWare servers can be retired, upgraded to Windows Server 2003, or otherwise repurposed for use in other functions. It is important to not allow users to access both versions of data after the migration. Unlike MSDSS, file information is not under an ongoing synchronization. They will quickly experience versioning confusion if they access the NetWare version of a file one day, and then access the Active Directory version the next. Perform the file migration section of the migration just before you migrate the users. Users may access the data during the migration process. </SLIDESCRIPT> <SLIDETRANSITION> In addition to files, the related permissions are transferred by FMU. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>File Migration Utility Help File </ITEM> </ADDITIONALINFORMATION> FMU C Carpeta A1 Carpeta A2 Carpeta B3 Carpeta B4 Carpeta A1 Carpeta A2 Carpeta B3 Carpeta B4 D FMU permite migrar múltiples archivos de NetWare Fileserver con rapidez a los servidores Windows Soporte a múltiples destinos

71 Migrar recursos de archivo Transferir derechos de NDS a Active Directory
Derechos del titular de la confianza NetWare Servidor de archivos Windows Server Servidor de archivo <SLIDETITLE> Transfer NDS Rights to Active Directory </SLIDETITLE> <KEYWORDS> FMU, NDS, ACL </KEYWORDS> <KEYMESSAGE> FMU Preserves File Information </KEYMESSAGE> <SLIDEBUILDS> 2 </SLIDEBUILDS> <SLIDESCRIPT> One of the most time-consuming aspects of migration is not the time required to copy files from one server to another but to recreate the permissions and rights associated with those files present in the source file server to the new destination server. [BUILD1] FileMigrate addresses this issue by preserving the file permissions that may have already been set up in NetWare, eliminating the need to re-ACL or redefine file permissions post-migration. [BUILD2] In this diagram the files migrated from NetWare to Active Directory have preserved the same access rights they had in NetWare. File security is preserved as well as file associations to particular groups through granular object mapping. </SLIDESCRIPT> <SLIDETRANSITION> FMU simplifies the migration process. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Microsoft Services for NetWare 5.03 White Paper</ITEM> </ADDITIONALINFORMATION> A B FMU C Permisos de Windows Carpeta A1 Carpeta A2 Carpeta B3 Carpeta B4 Carpeta A1 Carpeta A2 Carpeta B3 Carpeta B4 D

72 Migrar recursos de archivo Simplifica el proceso de migración
Punto central de la administración de migración a través de un cliente conectado a un servidor Windows Generación de informes con un soporte incremental de migración Acceso ininterrumpido del usuario al archivo Es compatible con los protocolos TCP/IP e IPX/SPX y varias versiones de NetWare <SLIDETITLE> Simplifies Migration Process </SLIDETITLE> <KEYWORDS> FMU, migration, IPX </KEYWORDS> <KEYMESSAGE> Although not the only way to migrate data, File Migration Utility can simplify the NDS to AD migration process. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] FMU has a central point of administration for all file migration tasks through a wizard-based UI so you can configure where specific shares and folders are coming from and where they are being transferred to. [BUILD2] FMU is administered through a wizard-based console and is installed as a service on a Windows server. With FMU you do not have to migrate the entire NetWare file system at one time. It might be best to perform an incremental migration, moving and supporting one department or location at a time. [BUILD3] In addition, file access is supported even during the migration process so that users have uninterrupted access to their files. Regardless, the resource intensity of FMU is such that it is often preferable to perform the migration overnight or in a low-network use time. [BUILD4] Finally, FMU supports the two major NetWare network protocols, IPX/SPX and TCP/IP, so that files from NetWare 3.x, 4.x, or 5.x can be migrated in the same way for customers with a variety of NetWare versions or protocols. </SLIDESCRIPT> <SLIDETRANSITION> NDS Trustee rights and Active Directory permissions are slightly different. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>Microsoft Services for NetWare 5.03 White Paper </ITEM> </ADDITIONALINFORMATION>

73 Leer Analizar archivos
Migrar recursos de archivo Derechos del titular de la confianza de NDS para los permisos de AD NetWare Active Directory Escribir Crear Escribir Leer Analizar archivos Leer Modificar Leer o leer y escribir Eliminar Borrar Control de acceso Cambiar permisos <SLIDETITLE>NDS Trustee Rights to AD Permission</SLIDETITLE> <KEYWORDS>NDS, Active Directory, Trustee, Permissions, ACL </KEYWORDS> <KEYMESSAGE> Some of the rights in NDS do not directly translate to AD permissions. </KEYMESSAGE> <SLIDEBUILDS>5</SLIDEBUILDS> <SLIDESCRIPT> Most of the permissions in Active Directory easily correlate to NDS rights. [BUILD1] The Active Directory permissions that are included in “Write” are divided into “Write” and “Create” in NDS. Create is the right to create files and folders. The Write setting gives the user the ability to open and change the contents of a file or folder. A user with Write but not Create rights in NDS would be able to modify existing files in a folder but would not be able to create new ones. Since these two categories are combined in Active Directory, FMU assigns any NDS user with one of these rights the combined AD write permission after migration. [BUILD2] In File Migration Utility, the NDS right “File Scan” is mapped to Read. Like the NDS Create and Write settings, the File Scan and Read NDS rights are combined in the Active Directory Read permission. [BUILD3] In NDS, Modify grants the right to change the attributes or name of the folder or file, but does not grant the right to change its contents. There is no related right in Active Directory. The Modify NDS right can either be mapped to Read or Read/Write at the administrator’s discretion. [BUILD4] NDS Erase and Active Directory Delete are both the right to delete a folder or file. [BUILD5] FMU migrates the NDS right “Access Control” to the Active Directory advanced security setting “Change Permissions.” They are similarly the right to change other users’ control of a share. </SLIDESCRIPT> <SLIDETRANSITION> This is the process of migrating with MSDSS and FMU. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> File Migration Utility Help File </ITEM></ADDITIONALINFORMATION>

74 Migrar recursos del archivo Proceso de la sincronización de la migración
NDS de una sola vez para sincronización de AD Crea grupos para cada OU Agrega todos los contenedores de la OU como miembros Creación del archivo de registro Crea usos compartidos de Active Directory Utilidad de migración de archivos <SLIDETITLE> Migration Synchronization Process </SLIDETITLE> <KEYWORDS> FMU, MSDSS </KEYWORDS> <KEYMESSAGE> The File Migration Process involves running MSDSS and then File Migration Utility. </KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> This is the process for migrating users and shares using MSDSS and FMU: [BUILD1] First, using MSDSS, perform a one-time migration synchronization. The MSDSS wizard will guide you through the process. [BUILD2] The migration synchronization is different from the one-way or two-way synchronization. For each OU, a security group is formed that contains all the users in that OU and any nested OUs, since Active Directory assigns rights through groups instead of through OUs, as NDS does. These security groups will be used by FMU to assign rights. The MSDSS migration creates a text log file that FMU will use to assign rights. FMU must refer to the users that were migrated and their group membership. [BUILD3] Next, create Active Directory shares that will hold the migrated files and folders. The administrator will need to have full control of that share. [BUILD4] Finally, run File Migration Utility. With File Migration Utility you will map a folder location in NDS with a folder location in AD and import the MSDSS log file to interpret ACLs. </SLIDESCRIPT> <SLIDETRANSITION> Now apply the File Migration Utility to the Sydney Branch Office. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM>Migrating Novell NetWare to Windows Server 2003 </ITEM></ADDITIONALINFORMATION>

75 Migrar recursos de archivos El escenario de Sydney
Equipo de ventas Se migra totalmente de inmediato Conserva los grupos Se mantienen los permisos de archivo Continuidad de la experiencia del usuario <SLIDETITLE> The Sydney Scenario </SLIDETITLE> KEYWORDS> Sydney, Contoso </KEYWORDS> <KEYMESSAGE> The sales department at the Sydney office is ready for a full migration, including files and access permissions. </KEYMESSAGE> <SLIDEBUILDS> 5 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] The Sales team in the Sydney office does not have any resource requirements that would preclude it from migrating fully to Active Directory. [BUILD2] It has decided to perform a direct migration to shorten the migration cycle and reduce the cost of migrating. [BUILD3] It is important for the team to preserve the existing groups, used to delegate permissions and collaborate. [BUILD4] Of course, file permissions must be maintained. [BUILD5] The cost of supporting the migration will rise if users experience a complicated migration. Preserve the user experience as best you can by auditing users’ experience and replicating it in the new environment. </SLIDESCRIPT> <SLIDETRANSITION> On to the demo. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

76 demo Migrar recursos de archivo Prepararse para la migración
Sincronizar la migración Prepararse para la utilidad de migración de archivos Utilidad de migración de archivos Confirmar derechos Reorganizar usuarios migrados Comandos de conexión <SLIDETITLE>Demonstration</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

77 Agenda Prepararse para los Servicios para Netware
Sincronización y migración del directorio Migrar recursos de archivo Estaciones de trabajo y resolución de problemas <SLIDETITLE>Agenda</SLIDETITLE> <KEYWORDS> This is the Agenda. </KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The next item is Workstation Setup and Migration Troubleshooting. </SLIDESCRIPT> <SLIDETRANSITION> During the course of the migration you will need to alter the workstation. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

78 Estaciones de trabajo y resolución de problemas En la estación de trabajo
Eliminar el Cliente Novell 32 Eliminar IPX (en caso de estar presente) Unir dominios Restaurar configuraciones Configuraciones locales Correlaciones de la red <SLIDETITLE> On the Workstation </SLIDETITLE> <KEYWORDS> Novell Client, File and Settings Wizard </KEYWORDS> <KEYMESSAGE> Upon migrating to Active Directory, remove the Novell Client and IPX, then join the domain. </KEYMESSAGE> <SLIDEBUILDS> 4 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Since users no longer connect to the Novell network after migrating, remove Client 32 from the workstation. If you are performing a staged migration, either remove the client and install Windows Client Services for NetWare or leave Novell Client in place until NDS is entirely retired. For a long-term synchronization, leave the client in place or substitute Client Services for NetWare. [BUILD2] The IPX network protocol is a standard that is often present on a NetWare network. Although it will not cause any direct problems or interference on the network, it can cause unnecessary traffic on network equipment. It is a best practice to remove it from the workstation. [BUILD3] Join the workstation to the domain. This creates the computer object in Active Directory that correlates to the workstation and allows that computer to log on to the Active Directory network. [BUILD4] When you join the workstation to the domain, users may experience some confusion when their local files and settings, such as their wallpaper, are “lost.” In fact, a new user has been created for the domain. The old, “local” user is still in place, but the domain user does not maintain those settings by default. Use the File and Settings Transfer Wizard to migrate the settings from the local user to the domain user. </SLIDESCRIPT> <SLIDETRANSITION> If you are migrating the desktops from an older operating system, use the User State Migration Tool to transfer files and settings. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> Migrating Novell NetWare to Windows Server 2003, page 20. </ITEM></ADDITIONALINFORMATION>

79 Estaciones de trabajo y resolución de problemas Herramienta de migración del estado del usuario
ScanState: Captura las configuraciones de configuración de un sistema heredado LoadState: Se restaura en una estación de trabajo Windows 2000/XP Las configuraciones incluyen: Mostrar configuraciones (tapiz, colores, fuentes) Configuraciones IE v4.x / v5.x Unidades correlacionadas Opciones de la carpeta Configuraciones de la red de marcación Configuraciones del "perfil" de Outlook <SLIDETITLE> User State Migration Tool </SLIDETITLE> <KEYWORDS> user state migration tool, scanstate, loadstate </KEYWORDS> <KEYMESSAGE> USMT can migrate users from older operating systems to Windows 2000 and XP. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> If you are going to upgrade and standardize workstations to Windows XP, use the Windows User State Migration Tool. With USMT, you can automate the process of moving user settings to the new operating system. USMT can be scripted to automate the process. [BUILD1] First, run the USMT tool “ScanState” on the old workstation. It will collect configuration information on any Windows 9x or NT4 workstation and store it in a local or network file. [BUILD2] Once you have upgraded the workstation to XP, run “LoadState” to restore the configuration settings for the user. [BUILD3] User experience settings, such as wallpaper and font preferences, are restored, as well as Internet Explorer settings, mapped drives, dial-up networking settings (which will be important to your mobile users), folder options, and Outlook profiles which store account information. </SLIDESCRIPT> <SLIDETRANSITION> Some possible problems can occur with synchronization. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM>http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/usermigr.mspx </ITEM> </ADDITIONALINFORMATION>

80 Estaciones de trabajo y resolución de problemas Problemas de sincronización
Sincronización de una vía: NDS fuera de sincronía Resincroniza los objetos problema Utiliza un administrador protegido en NDS Conectividad Utiliza ipxroute para resolver problemas con IPX Tráfico de la red <SLIDETITLE>Synchronization Problems </SLIDETITLE> <KEYWORDS>MSDSS, FMU, synchronization </KEYWORDS> <KEYMESSAGE> Avoid these synchronization problems. </KEYMESSAGE> <SLIDEBUILDS>2</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Potentially, items in NDS could be unintentionally altered or deleted. If you have a one-way synchronization in place, these items will not synchronize back to Active Directory, and MSDSS will not push the original settings to them, since the forward synchronization only affects attributes that are changed in Active Directory, not the entire object. Create a reverse synchronization that runs one time to reestablish the object in the Active Directory. The original synchronization session will then be able to manage the object. [BUILD2] Occasionally, you may have connectivity problems within MSDSS. If the NetWare environment is running on an IPX network, you may have some problems connecting. Use the Windows command-line tool ipxroute to view and troubleshoot the IPX routing tables. Services for NetWare, particularly reverse synchronization and File Migration, are very network intensive. Provide a robust LAN link between the MSDSS server and the NDS network. If you are having problems with that process slowing down, isolate that leg of the network from other network traffic. </SLIDESCRIPT> <SLIDETRANSITION> MSDSS can be customized to suit your environment. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> </ITEM> <ITEM> Migrating Novell NetWare to Windows Server 2003, page 14. </ITEM> </ADDITIONALINFORMATION>

81 Estaciones de trabajo y resolución de problemas Personalizar MSDSS
Configuraciones de registro UseMemberAttribute Para membresías del grupo AD de “Miembros” NDS Común en modo Bindery SyncIntervalForward/SyncIntervalReverse Reenvío predeterminado: 15 minutos Revocación predeterminada: 24 horas SAMRename – sincronización de dos vías <SLIDETITLE> Customizing MSDSS</SLIDETITLE> <KEYWORDS> MSDSS, Registry </KEYWORDS> <KEYMESSAGE> Customize MSDSS with registry settings. </KEYMESSAGE> <SLIDEBUILDS>4</SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] MSDSS can be customized to suit your environment. It is customized by altering registry settings on the domain controller that the application runs on. The registry keys are located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDSS\Parameters. [BUILD2] When migrating groups from Novell Directory Services or eDirectory to Active Directory, by default MSDSS reads the "security equal to me" attribute and migrates those group members to Active Directory. Some NetWare administration tools (particularly those that operate in Bindery mode) add members only to the "member" attribute. This causes a discrepancy between the group memberships as displayed in NDS, eDirectory, and Active Directory after some migrations. If you experience this, set the value to 1 to allow NDS and eDirectory group members that are not marked as "security equal to me" to be migrated to Active Directory. Set this value to 1 to migrate group memberships using the "member" attribute of the group object. If you set the value to 0, you use the "security equal to me" attribute. [BUILD3] By default, the forward synchronization occurs every 15 minutes, and a reverse synchronization occurs every 24 hours. If the synchronizations create too much network traffic, or if you need the synchronizations to be more responsive, alter these registry settings.

82 Estaciones de trabajo y resolución de problemas Personalizar MSDSS
Configuraciones de registro UseMemberAttribute Para membresías del grupo AD de “Miembros” NDS Común en modo Bindery SyncIntervalForward/SyncIntervalReverse Reenvío predeterminado: 15 minutos Revocación predeterminada: 24 horas SAMRename – sincronización de dos vías [BUILD4] Active Directory, NDS, and eDirectory handle logon names differently. Active Directory provides separate attributes for logon name (samAccountName) and object naming in the directory hierarchy (that is, the relative distinguished name). NDS and eDirectory use the same attribute (that is, CN) for both purposes. The initial release of MSDSS synchronizes the directory object name (that is, the relative distinguished name maps to the CN) but does not synchronize the logon names. This update to MSDSS provides an option for synchronizing logon names between Active Directory, NDS, and eDirectory. Setting the value to 1 enables MSDSS to keep both the samAccountName and relative distinguished name attributes of a user object in Active Directory synchronized with the CN attribute of the corresponding NDS or eDirectory user object. The session must be a two-way synchronization session to synchronize changes in NDS or eDirectory to Active Directory. For instance, if you are performing two-way synchronizations and create a user object in NDS or eDirectory, samAccountName and the relative distinguished name of the new Active Directory user object is set to the CN of the new NDS or eDirectory user, thereby synchronizing the logon names. The same is true if you rename an object in NDS. Similarly, if you create a user object in Active Directory it is often created with different values for the relative distinguished name and the samAccountName. Due to internal synchronization processing, this is handled in two steps. First, a user object is created in NDS or eDirectory with the CN set to the Active Directory user's original relative distinguished name. At the same time, the relative distinguished name of the Active Directory object is changed to match the samAccountName. At the next Active Directory-to-NDS or eDirectory synchronization, the rename of the Active Directory object is synchronized to NDS or eDirectory. As a result, both user objects have the samAccountName as their logon name, despite the original configuration when the user was created. </SLIDESCRIPT> <SLIDETRANSITION> You can also customize FMU with registry settings. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> MSDSS help file </ITEM></ADDITIONALINFORMATION>

83 Estaciones de trabajo y resolución de problemas Personalizar FMU
Heredar FilesInheritAlways FilesInheritUnlessIRF DirectoriesInheritAlways DirectoriesInheritUnlessIRF MigrateACLsOnly MigrateDirsOnly ReplaceNTFSRootACL <SLIDETITLE> Customizing FMU </SLIDETITLE> <KEYWORDS> Registry, File Migration Utility </KEYWORDS> <KEYMESSAGE> Customize FMU with registry settings. </KEYMESSAGE> <SLIDEBUILDS>3</SLIDEBUILDS> <SLIDESCRIPT> FMU is also customizable through registry settings. [BUILD1] Previous versions of FMU stamped the effective set of rights specifically on each file. With Service Pack 1 (SP1) for Windows 2000, FMU began to use Windows 2000 NTFS file system security descriptor inheritance to achieve the same permissions without stamping every file. To override this and reset FMU to its previous behavior of specifying the setting for each file, set the following four registry values to 0: FilesInheritAlways FilesInheritUnlessIRF DirectoriesInheritAlways DirectoriesInheritUnlessIRF Keep in mind that the future management of your data permissions will be more difficult if each file has its own security descriptor. [BUILD2] If the file structure and the data are already in place on the Windows Server, you can use FMU to apply the NDS security settings to them. If you set this value to 1, you can set just the security descriptors on files that have been copied from Novell NetWare to Windows 2000 or Windows Server 2003 by some external method such as a backup\restore process. [BUILD3] Set MigrateDirsOnly to 1 to migrate only the directory structure and directory-level security descriptors. You can then copy the file data into the directory structure by an external method such as a backup\restore process. Files copied into the directory structure inherit security descriptors from the parent directory. This setting is also a good way to perform a low bandwidth test of the migration.

84 Estaciones de trabajo y resolución de problemas Personalizar FMU
Heredar FilesInheritAlways FilesInheritUnlessIRF DirectoriesInheritAlways DirectoriesInheritUnlessIRF MigrateACLsOnly MigrateDirsOnly ReplaceNTFSRootACL [BUILD4] The default setting for FMU merges the existing security descriptor on the NTFS target root directory with the migrated security descriptor. The existing access control entries (ACEs) apply to the root directory and any files or subdirectories until an inherited rights filter (IRF) or rights reduction causes the flag "allow inheritable permissions from parent to propagate to this object" to be cleared. If you set the value to 1, you replace the existing security descriptor on the target directory with the security descriptor migrated from NetWare. Other information about registry modification and MSDSS is available in the help file. </SLIDESCRIPT> <SLIDETRANSITION> Now apply the desktop and troubleshooting lessons to the Sydney branch office. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM> FMU help file </ITEM></ADDITIONALINFORMATION>

85 Estaciones de trabajo y resolución de problemas El escenario de Sydney
Oficina sucursal de Contoso Sydney Migración del PC Personalizar servicios de migración <SLIDETITLE> The Sydney Scenario </SLIDETITLE> <KEYWORDS> Sydney, Contoso, migration, Novell </KEYWORDS> <KEYMESSAGE> Troubleshoot potential problems at the Sydney office. </KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT> [BUILD1] Now we will look one more time at the Contoso branch office in Sydney. [BUILD2] The Contoso office is migrating to a new domain, so it needs to remove the Novell Client from workstations, join the workstations to the domain, and restore user settings. [BUILD3] The office needs a more responsive synchronization schedule as well. </SLIDESCRIPT> <SLIDETRANSITION> On to the demo. </SLIDETRANSITION> <ADDITIONALINFORMATION> <ITEM></ITEM> </ADDITIONALINFORMATION>

86 demo Configuración de la estación de trabajo y resolución de problemas de migración Eliminar cliente Netware Eliminar IPX Reestablecer la sincronización con un usuario NDS eliminado Crear un administrador de sólo lectura <SLIDETITLE>Demonstration</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> </SLIDESCRIPT> <SLIDETRANSITION> Now summarize the session. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

87 Resumen de la sesión Utilice MSDSS para sincronizar Usuarios, Grupos y UOs entre NDS y AD. Utilice FMU para mover archivos y sus permisos a AD desde NDS. Planee la migración con profundidad para identificar y mitigar los problemas. <SLIDETITLE>Summary</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE> Session Summary</KEYMESSAGE> <SLIDEBUILDS> 3 </SLIDEBUILDS> <SLIDESCRIPT>In the session today, we covered [BUILD1] Using MSDSS to synchronize the core functions of the NDS tree to Active Directory. You can use MSDSS either for long-term synchronization or to aid in migration from NDS to AD. [BUILD2] We covered using File Migration Utility to move files and their permissions from a NetWare environment to a Windows environment. [BUILD3] We also covered the important planning process that will assure a successful migration. </SLIDESCRIPT> <SLIDETRANSITION> If you want more information about the information I presented today, here are some resources. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

88 Para mayores informes www.microsoft.com/technet/tnt1-130
Visite TechNet enwww.microsoft.com/technet Para obtener información adicional sobre los libros, cursos y otros recursos de la comunidad que respalden esta sesión visite <SLIDETITLE>More Information</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> For the most comprehensive technical information on Microsoft products, visit the main TechNet website at Additionally, visit for more concise information on books, courses, certifications, and other community resources that relate directly to this particular session. </SLIDESCRIPT> <SLIDETRANSITION> What other resources are available from TechNet? </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

89 Microsoft Press Información interna para profesionales de informática
<SLIDETITLE>Microsoft Press</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>1</SLIDEBUILDS> <SLIDESCRIPT> Here are some books that would be helpful to you: Active Directory® for Microsoft® Windows® Server 2003 Technical Reference, by Stan Reimer and Mike Mulcare, ISBN Microsoft® Windows® Server 2003 Administrator's Companion by Charlie Russel, Sharon Crawford, and Jason Gerend, ISBN </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Para encontrar los títulos más recientes, visite

90 Publicaciones de terceros Publicaciones complementarias para los profesionales de informática
<SLIDETITLE>Non-Microsoft Books</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> For more information, look at the Active Directory Cookbook by Robbie Allen, ISBN </SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Estos libros se pueden encontrar y adquirir en todas las librerías de prestigio y tiendas al menudeo en línea

91 Microsoft Learning Recursos de capacitación para los Profesionales de informática
Título Disponible 2282 Diseñar una infraestructura de Active Directory y red de Microsoft Windows Server 2003 Actualmente 2270 Actualizar las habilidades de soporte desde Microsoft Windows NT 4.0 a la familia Windows Server <SLIDETITLE>Microsoft Learning</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Talk about the eLearning Course.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Microsoft Learning (formerly Microsoft Training & Certification, and Microsoft Press) develops courseware called Microsoft Official Curriculum (MOC), which includes eLearning, Microsoft Press Books, workshops, clinics, and Microsoft Skills Assessment. MOC is offered in instructor-led environments; it offers comprehensive training courses for IT professionals, as well as support and implementation solutions using Microsoft products and technologies. The courses that best supports this session is Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure which is available currently, and Updating Support Skills from Microsoft Windows NT 4.0 to the Windows Server Family, which is available currently. For more information please visit </SLIDESCRIPT> <SLIDETRANSITION>There is also an assessment program available that can help you test you knowledge. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Para ver el programa detallado o para encontrar un proveedor de capacitación, visite

92 Evalue su Preparación Evaluación de habilidades de Microsoft
¿Qué es la evaluación de habilidades de Microsoft? Una herramienta de aprendizaje de auto estudio para evaluar la preparación respecto a las soluciones de productos y tecnología, en lugar de roles de trabajo (certificación) Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 Sin costo, en línea, sin supervisión y disponibles para cualquiera Responde a la pregunta: “¿Estoy listo?” Determina las diferencias en habilidades y proporciona planes de estudio con cursos de Microsoft Official Curriculum Coloque su Calificación más alta para ver cómo se compara con los demás visite <SLIDETITLE>Skills assessment</SLIDETITLE> <KEYWORDS>Assessment, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Microsoft Learning provides a free online learning tool.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> Microsoft Skills Assessment is a free online learning tool. It’s an easy way for IT professionals to check their skills. You can quickly check your skills for implementing or managing Microsoft product or business solutions. Just take a short, 30-question assessment and see how well you know your stuff. The Skills Assessment includes a Personalized Learning Plan, which includes links to Microsoft Official Curriculum, specific TechNet articles, Microsoft Press books, and other Microsoft learning content. There’s also a way to measure how well you did compared with others who took the same assessment. Microsoft Skills Assessment is an expanding learning platform. Assessments for Windows Server 2003, including security and patch management, Exchange Server 2003, Windows Storage Server, Office 2003, and Visual Studio .NET, are available now. <SLIDETRANSITION>If you want to take your skills assessment to the next level, a number of certification programs are available.</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

93 Conviértase en un Microsoft Certified Systems Administrator (MCSA)
¿Qué es la certificación MCSA? Para los Profesionales de informática que manejan y mantienen redes y sistemas basados en Microsoft Windows Server ¿Cómo me convierto en un MCSA de Microsoft Windows Server 2003? Apruebe 3 exámenes básicos Apruebe un examen opcional o dos certificaciones CompTIA ¿Dónde obtengo mayores informes? <SLIDETITLE> MCSA Certification </SLIDETITLE> <KEYWORDS>MSCA, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Prove your skills administering a Windows Environment.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The Microsoft Certified Systems Administrator (MCSA) certification is designed for professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows Server Implementation responsibilities include installing and configuring parts of the systems. Management responsibilities include administering and supporting the systems. For more information about the MCSA certification, please visit: <SLIDETRANSITION>The MCSE Certification is also available. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

94 Conviértase en un Microsoft Certified Systems Engineer (MCSE)
¿Qué es la certificación MCSE? Certificación Premier para los Profesionales de informática que analizan los requisitos, diseñan, planean e implementan la infraestructura para las soluciones empresariales con base en Microsoft Windows Server System ¿Cómo me convierto en un MCSE en Microsoft Windows 2003? Apruebe 6 exámenes básicos Apruebe uno de los exámenes opcionales de una lista completa ¿Dónde obtengo mayores informes? <SLIDETITLE> MCSE Certification </SLIDETITLE> <KEYWORDS>MSCE, Microsoft Learning, Certification</KEYWORDS> <KEYMESSAGE>Prove your skills at designing, planning, and implementing the Windows Server System.</KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT> The Microsoft Certified Systems Engineer (MCSE) credential is the premier certification for professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. Implementation responsibilities include installing, configuring, and troubleshooting network systems. For more information about the MCSE certification, please visit: <SLIDETRANSITION>Here are some other certifications available. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

95 ¿Qué es TechNet? Pone las respuestas correctas a su alcance
El conjunto completo de recursos para ayudar a que los profesionales de informática planeen, implementen y administren productos Microsoft con éxito Suscripción a TechNet Actualizaciones mensuales proporcionadas en DVD o CD El recurso definitivo para ayudar a evaluar, implementar y mantener productos Microsoft <SLIDETITLE>What is TechNet</SLIDETITLE> <KEYWORDS>TechNet</KEYWORDS> <KEYMESSAGE>TechNet information </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>While the monthly subscription software is the most obvious component of TechNet, there’s much more. The TechNet website gives subscribers access to valuable information as well as threaded discussion pages and online seminars. Many subscribers use the Web as frequently as they use the software. In the subscribers-only section, subscribers can access the Online Concierge Chat Support service. A Microsoft support specialist can help them locate technical information quickly and easily. TechNet Plus subscribers also get access to our Managed Newsgroups Support Service. You can post questions in more than 90 IT-related public newsgroups, and Microsoft will ensure that you get a response within 72 hours. TechNet Flash is a bi-weekly newsletter subscribers can register for. It gives them up-to-date information on the latest postings to the website. With TechNet Events TechNet subscribers have access to free events that explain how to use Microsoft products and technologies at a technical level. </SLIDESCRIPT> <SLIDETRANSITION> Here is where you can get TechNet. </SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION> Sitio Web de TechNet Disponible en Recursos y comunidad en línea Servicios en línea sólo para suscriptores TechNet Flash Boletín de noticias electrónico quincenal Actualizaciones de seguridad, recursos nuevos y ofertas especiales Eventos TechNet y difusiones por el Web Resúmenes informativos sobre los productos y tecnologías más recientes de Microsoft Información práctica Comunidades TechNet Grupos de usuarios Grupos de noticias moderados

96 ¿Dónde puedo obtener ayuda?
Chats y difusiones por el Web gratuitas Lista de grupos de noticias Sitios de la comunidad de Microsoft Eventos de la comunidad
 Columna de la comunidad <SLIDETITLE>Community Help</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE>Where to get more help </KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT>A number of free community resources available on TechNet. You can attend a regular chat with members of the products groups or technology specialists from Microsoft, or you can attend a webcast where you can see sessions like the one you’ve just watched but presented live and with the ability to ask questions as you go. You can also locate or post questions in the public newsgroups. The newsgroup page lists the available groups and provides an interface for you to read and post into. TechNet Plus subscribers can use these groups to post questions that, through their subscription ID, will be answered by Microsoft within 24 hours. The main community site provides a comprehensive list of resources available, more than we can cover on this slide, plus the page has some dynamic features with continually updating content. The events page provides dates and details about live TechNet events. These events take place worldwide and provide you the opportunity to talk to Microsoft specialists face-to-face. Finally, TechNet columns provide a variety of topics written by industry authors. </SLIDESCRIPT> <SLIDETRANSITION>[Thanks the audience for attending and sign off]</SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

97 <SLIDETITLE>Tag line</SLIDETITLE>
<KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION><ITEM></ITEM></ADDITIONALINFORMATION>

98 Créditos de la sesión Autor: Joel Barker
Productor/Editor: Alan Le Marquand Especialistas técnicos Pete Lammers <SLIDETITLE>Credits</SLIDETITLE> <KEYWORDS></KEYWORDS> <KEYMESSAGE></KEYMESSAGE> <SLIDEBUILDS>0</SLIDEBUILDS> <SLIDESCRIPT></SLIDESCRIPT> <SLIDETRANSITION></SLIDETRANSITION> <ADDITIONALINFORMATION></ADDITIONALINFORMATION> <ITEM></ITEM>


Descargar ppt "TNT1-130 <SLIDETITLE>Entry Slide</SLIDETITLE>"

Presentaciones similares


Anuncios Google