Chatee ahora con Soporte
Chat con el soporte

Power365 Current - SID History Synchronization Quick Start Guide

Migrating Computers

Workstations and Servers are referred to as Computers in Migrator Pro for Active Directory. The Computer Actions screen allows the administrator to register Computers, change the agent polling interval, set the ReACL profile, upload Computer migration logs, make a Computer an Admin Agent, and manage the Computer Discovery, ReACL, Cutover, and Cleanup processes.

The Migrator Pro for Active Directory Agent must be installed on a computer before it can be registered or have any actions applied to it. Refer to Installing the Migrator Pro for Active Directory Agent on Computers for more information.

Job Options

The Job Options view allows the administrator to effectively manage the server and workstation environment during the migration event by scheduling computer jobs to run at specific points of time in the future. Each job, when applied to a Computer, will open the Job Options view giving the option to set a “Do not start before” date and time. If a job is scheduled for a later date and time, then it sits in the job queue and is not considered an active job for that Computer when the agent polls for jobs.

View Jobs

To view Computer Jobs:

  1. Select one or more Computers in the list.
  2. Select View Jobs from the Actions menu and click the Apply Action button. The Computer Jobs window appears.
  3. The Computer Jobs table includes the following columns:
    • Job ID - The ID of the job.
    • Queued Timestamp - The date and time the job was queued.
    • Do Not Start Before - The date selected if using the "Do not start before" option.
    • Command Name - The command name of the job.
    • Admin Agent - The Admin Agent computer the command will run on.
    • NAS - The NAS computer the job is run on.
    • Status - The current status of the job.
    • Cancel Requested - This column is checked if a cancel of the job has been requested
    • Message - Result codes and messages for the job
    • Timeout (sec) - The timeout in seconds.
    • Retry Count - The number of times the job has been retried.
    • Rollback Status - The status of a rollback.
    • Rollback Message - The status of a rollback.

  4. To cancel a job, select the job and click the Cancel button or select Cancel from the Actions menu and click the Apply Action button. To refresh the jobs list, click the Refresh button.

    Jobs can be canceled when the Status or Rollback Status is either Queued, Scheduled, Started, or In Progress.

View Properties

After the Discovery process has been completed for a Computer, you view the properties of that Computer.

To view a Computer's discovered properties:

  1. Click on the table row to select a computer in the list.

  2. Select View Properties from the Actions menu and click the Apply Action button. The Computer Properties window appears displaying the properties of the Computer and the user profiles associated with the Computer.

  3. Click the Export All button to export the content of the window in Excel, text, CSV, or HTML format.

Polling Interval

By default the agent polling interval is set to 900 seconds (15 minutes). The polling interval tells the agent how frequently to contact the Migrator Pro for Active Directory Server and check for jobs. If the polling interval is set to a high number, such as 14400 seconds (4 hours), it is possible that any command sent to that computer may not execute for up to four hours. Setting a Computer’s polling interval to a high number until close to the cutover date can help minimize load on the web servers. However, to ensure adequate response time on the day of cutover, it is recommended that you decrease the polling interval in advance of the Cutover process. Note: In large scale environments, having too many agents polling the same server for jobs all at the same time may accidentally result in DDoS against that server, so additional planning of agent polling and cutover is recommended.

Computers will only obtain an updated polling interval when next contacting the Migrator Pro for Active Directory web service according to their currently configured polling interval.

To set polling interval:

  1. Select one or more Computers in the list.
  2. Select Set Polling Intervalfrom the Actions menu and click the Apply Action button. The Set Polling Interval window appears.

  3. Edit the Polling Interval (seconds) field and click Apply.

    The polling interval default for all newly registered computers can be changed in SQL in the ADM_Setting table field PollIntervalSeconds.

Set Device ReACL Profile

To set Device ReACL Profile:

  1. Select one or more Computers in the list.
  2. Select Set Device ReACL Profilefrom the Actions menu and click the Apply Action button. The Set Computer Processing Profile window appears.
  3. Select the Computer Processing Profile and click Apply.

Make Admin Agent

An agent currently running on a computer can be changed to be an Admin Agent to allow the computer to perform custom admin functions. Once changed to an Admin Agent, the computer will be removed from the Computers list and will appear in the Admin Agent list in Settings and will be able to only perform admin actions. Admin Agents cannot be changed back to a regular Computer agent.

To make a Computer an Admin Agent:

  1. Select one or more Computers in the list.
  2. Select Make Admin Agentfrom the Actions menu and click the Apply Action button. The confirmation window appears.
  3. Click Yes. The Computer is removed from the computers list and appears in the in the Admin Agent list in Settings and can only be used to run custom admin functions.

Discovery

The Discovery process gathers properties (OS versions, network properties, and so on) from the computer to allow additional future functionality. The first discovery process begins for a computer when the computer becomes registered with the Migrator Pro for Active Directory server which will automatically occur after the Computer Agent has been installed, as long as the environment is properly configured.

To start the computer Discovery process manually:

  1. Select one or more Computers in the list.
  2. Select Discovery from the Actions menu and click the Apply Action button.
  3. In Job Options window, click Apply to begin the Discovery process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Discovery Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.

  4. The Queue Summary window appears.

  5. Click OK. The Discovery Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs for the specific Computer.

ReACL

The ReACL process updates the Computer’s domain user profiles for use by the matching target user after cutover.

It is recommended to remove or disable anti-virus software immediately prior to the ReACL process and only after a recent clean scan has been completed.

At least one group must be migrated to populate the map.gg file or the ReACL process will fail.

Before ReACL can occur, the target Users and Groups which have permissions set on the Computer must be migrated to the target.

To start the Computer ReACL process:

  1. Select one or more Computers in the list.
  2. Select ReACLfrom the Actions menu and click the Apply Action button.
  3. In the Job Scheduling Options window, click Apply to begin the ReACL process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the ReACL Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
  4. The Queue Summary window appears.
  5. Click OK. The ReACL Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs.

Two checks are performed at the start of the ReACL process. The first check is for invalid Source Profiles, which will be logged as a WARNING and those profiles will be skipped. The second check is for invalid Target Profiles, where a user may have created a profile with the target account before their machine is ReACL’d and cutover. By default, this is logged as a FATAL ERROR and will halt the ReACL process. However, it can be changed to a WARNING with the –t switch passed by editing the command in SQL.

The ReACL Agent will automatically create two files on the computer being ReACL’d, map.usr and map.gg. These files are used to find the source permissions and add the appropriate target permissions during the ReACL process. System groups, such as Domain\Domain Admins and Domain\Domain Users are included in the map.gg file for updating the group permissions during the ReACL process. If the Active Directory environment is non-English, the values in the sAMAccountName column of the BT_SystemGroup table in the SQL database will need to be changed after Directory Sync Pro for Active Directory is installed to have the appropriate non-English values.

If the Mapped Network Drive is being mapped via GPO or using an integrated credential such as the current Windows logon session, ReACL will create a warning entry in the log “…WARNING: The UserName value for drive U was empty and could not be mapped to the target user.” This warning does not mean that the mapped drive cannot be accessed after Cutover.

For Windows 10 and Windows Server 2016 computers, the ReACL process is decoupled from the actions against files, folders, and the registry.

A ReACL against a Windows 10 or Windows Server 2016 computer will update all files and folders and registry entries found on the machine except for the user profile specific registry keys in HKLM, ntuser.dat, and usrclass.dat even if the user profiles option is selected in the ReACL profile.

After a ReACL has been run against a Windows 10 or Windows Server 2016 computer, the user profile components will not be prepared during a cleanup process.

The prepare and cleanup process should be completed along with the remaining ReACL activities against the user profile specific registry keys in HKLM, ntuser.dat and usrclass.dat at time of computer cutover (prior to domain join command).

Cutover

The Cutover process moves a Computer from the source domain to the new target domain.

To start the Cutover process:

  1. Select one or more Computers in the list.
  2. Select Cutoverfrom the Actions menu and click the Apply Action button.
  3. The Cutover Options window appears. Select a Cutover Credential, Network Profile, and Migration Option from the drop-down lists.
  4. Check Ignore ReACL Status to cutover the computer regardless of the ReACL status (otherwise the cutover process will not proceed if there is an error with ReACL process).
  5. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Cutover Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date. The Cutover process will begin as soon as possible if not using this option.
  6. Click the Apply button.
  7. The Queue Summary window appears.
  8. Click OK. The Cutover Status column is populated with the current status. Use the Actions menu View Jobs option or double-click on a row to view the list of jobs.

Computers should not be ReACL'd once they have been cutover to the Target. This is not a best practice and is not supported as this can cause problems with the registry and user profiles.

The Cutover Options are set on the Settings screen.

Rollback

The Rollback process moves a Computer back to the original source domain and restores any modified network settings. The Computer must have attempted Cutover for this explicit Rollback process to work.

To start the Rollback process:

  1. CSelect one or more Computers in the list.
  2. Select Rollbackfrom the Actions menu and click the Apply Action button.
  3. In the Job Options window, click Apply to begin the Rollback process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
  4. The Queue Summary window appears.
  5. Click OK. The selected Computers are sent back to their original domain and any modified network settings are restored. The Cutover Status column is updated with the current status.

Cleanup

The Cleanup process removes the Source SIDs after the Cutover process completes.

Cleanup should be done when the migration project is completed. Before running the Cleanup process if a trust is in place, the trust can be broken to test if any application permissions are broken.

To start the Cleanup process:

  1. Select one or more Computers in the list.
  2. Select Cleanup from the Actions menu and click the Apply Action button.
  3. In the Job Options window, click Apply to begin the Cleanup process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Cleanup Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
  4. The Queue Summary window appears.
  5. Click OK. The Cleanup Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs.

ReACL Rollback

The ReACL Rollback process rolls back all changes made by the ReACL process. ReACL Rollback can be performed on Computers that have completed the ReACL process.

To rollback ReACL:

  1. Select one or more Computers in the list.
  2. Select ReACL Rollbackfrom the Actions menu and click the Apply Action button.
  3. In the Job Options window, click Apply to begin the ReACL Rollback process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
  4. View rollback results by viewing the Computer's job view.

Cache Credentials

The Cache Credentials process assigns a Cache Credentials job to workstation(s). See the Credential Cache and Offline Domain Join topic for more information.

Offline Domain Join

The Offline Domain Join process is similar to the Cutover process for machines that are directly connected to the network. See the Credential Cache and Offline Domain Join topic for more information.

WARNING: Do not perform the Cutover process on Offline Domain Join workstations. The Offline Domain Join process takes the place of Cutover for workstations connecting via VPN.

Admin Agent Menu Actions

If any Admin Agent menu actions have been created for Computers, they will appear in the Actions menu:

  1. Select one or more Computers in the list.
  2. Select an Admin Agent action from the Actions menu and click the Apply Action button.
  3. In the Job Options window, check Do not start before and enter a date if you do not want the job to begin immediately. Select the Admin Agent and the Agent Admin Credentials to use from the drop-down lists. The Cutover options will also appear if the selected Admin Agent action includes the Cutover action.
  4. Click Apply. The Queue Summary appears.
  5. Click OK.

ComputerS List Columns

The following columns appear on the Computer Actions screen by default:

  • Migration Wave - The Migration Wave name. Use the Actions menu Set Migration Wave option to change.
  • sAMAccountName - The sAMAccountName attribute of the source computer.
  • Distinguished Name - The distinguished name attribute of the source computer.
  • Registered - This column is checked if the computer is registered with the Migrator Pro for Active Directory server.
  • Agent Version - The version of the Migrator Pro for Active Directory Agent installed on the computer.
  • Operating System Version - The version of the Computer's operating system.
  • Agent Last Contact - This column displays the time and date of the last contact between the agent and the Migrator Pro for Active Directory Server.
  • Description - The description attribute of the source computer.
  • Blacklisted - This column is checked if the Computer is currently on the blacklist. Use the Actions menu Add to Blacklist option or Remove from Blacklist option to change.
  • Polling Interval - The time interval (in seconds) between polls. This is set to 900 seconds (15 minutes) by default. Use the Actions menu Set Polling Interval option to change. The Migrator Pro for Active Directory Agent will pick up the new polling interval value the next time it contacts the Web Service.
  • Discovery Status - The status of the discovery process. Use the Actions menu Discovery option to start the Discovery process.
  • ReACL Status - The status of the ReACL process. Use the Actions menu ReACL option to start the ReACL process.
  • ReACL Profile - The ReACL Profile set for the Computer. Use the Actions menu Set ReACL Profile option to change. Device ReACL Profiles are defined in Settings.
  • Cache Credential Status - The status of the Cache Credentials process for use with Offline Domain Join. Use the Actions menu Cache Credentials option to start the Cache Credential process.
  • Offline Domain Join Status - The status of the Offline Domain Join process. Use the Actions menu Offline Domain Join option to start the Offline Domain Join process.
  • Cutover Status - The status of the Cutover process. Use the Actions menu Cutover option to start the Cutover process.
  • Cleanup Status - The status of the Cleanup process. Use the Actions menu Cleanup option to start the Cleanup process.
  • Last Job Message - The last job status.

The following additional fields can be displayed by customizing the columns:

  • ID - SQL record number
  • Migration Wave ID - The Migration Wave ID.

Upload Logs

Log files from the Migrator Pro for Active Directory Agent can be uploaded to the Migrator Pro for Active Directory Web Server using Microsoft BITS. To enable this functionality, the installer enables BITS Server Extensions for IIS and create a virtual directory called ComputerLogs where all uploaded files will be stored.

To upload Log files from the Migrator Pro for Active Directory Agent:

  1. Select one or more Computers in the list.
  2. Select Upload Logs from the Actions menu and click the Apply Action button.

  3. In the Job Options window, click Apply to begin the Upload Logs process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Do Not Start Before column in the Computer Jobs table will be populated with the selected date.

  • The logs will be stored at the following location: C:\Program Files\Binary Tree\ADPro\DeviceLogs
  • The computer logs will be zipped, and the file names will be in the following format with a unique file name: SMART-WIN7X86-1_201573111235.zip
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación