On Demand Migration Current - Active Directory User Guide

The first step towards success on a project using Active Directory is to understand the product architecture and how this architecture will operate in your environment.

Active Directory consists of the following components:

A directory synchronization engine

A REST based web service

A management interface

A lightweight agent for workstations and member servers

The directory synchronization engine, the web service, and the management interface will all access the same SQL database. In most scenarios, these components will be installed on the same system. In larger or more complex network environments, the components can be distributed across multiple systems.

The directory synchronization engine is provided by Directory Sync. Directory Sync is included as part of Active Directory.

User workstations, member servers and computers are collectively referred to as Devices in Active Directory. Computers communicate with the Active Directory web service using the Active Directory Agent. The Active Directory Agent is a lightweight application that installs as a service on Windows computers.

To ensure that no firewall exceptions are required, the web service does not “call” the Devices to be migrated. Instead, the Active Directory Agents contact the web service at defined polling intervals, using standard HTTPS or HTTP requests to collect jobs. Jobs include key tasks such as system discovery, updating the operating system, file system, and user profile permissions, and migrating the computer to the new domain.

Standard Configuration

In the Standard Configuration for Active Directory the Agent is deployed to each Device to be migrated. Those Agents communicate outbound to the Active Directory webserver in Azure over ports 80/443 every 4 hours, when a job is available, or when initially registering. They also communicate outbound to the Active Directory Agent job availability cache in Azure over UDP on port 3030 every 2 minutes.

Web Proxy Configuration

In the Web Proxy Configuration for Active Directory the Agent is deployed to each Device to be migrated and use of a web proxy is enabled. Those Agents communicate outbound through the defined proxy port to the Active Directory webserver in Azure over port 443 every 4 hours, when a job is available, or when initially registering. They also communicate outbound through the defined proxy port to the Active Directory Agent job availability cache in Azure on port 80 every 2 minutes.

Troubleshooting

Problem: What do you do when a user tries to use a network printer post ReACL process and/or Cutover and receives an access denied error?

Solution: Synchronize the SID History for that User to resolve the problem.

Problem: Observed Access Denied error when trying to ReACL a Windows NAS Shared Drive.

Solution: To fix this:

Add the user credential in the NAS Profile screen in the Active Directory Pro Console. This user should be installed on a workstation with Local Admin Rights
After the Agent is installed on the workstation, change the Active Directory Pro Agent Service account from Local System to the user credential specified in step 1. This user should also be logged in on the workstation as well
Turn off UAC on the workstation
ReACL the Windows NAS Shared Drive

Problem: A workstation that has been successfully cutover no longer responds to any additional jobs, such as Cleanup.

Solution: If a workstation that has been successfully cutover now fails to respond to any additional jobs, such as Cleanup, check the Application event log. If you see a "The remote name could not be resolved" error, this most likely means that the SRV record for the Active Directory Pro Server can no longer be resolved due to a DNS lookup failure.

If you cannot "Ping" the Migrator Pro for Active Directory server from any other machines in the target domain, then you will need to remedy this on a more global scale, such as creating a conditional forwarder on the target machines' current DNS server pointing to the appropriate location.

If you are able to "Ping" the Migrator Pro for Active Directory server, then check the Network Profile that was used during the Cutover to verify that the DNS settings were correct in that profile.

Cutover Job Result Codes

Result Code	Error	Rollback Possible
1	Unidentified Error - PowerShell Command Error	No
2	Source Domain could not be contacted	No
4	Bad Source Credentials	No
8	Target Domain could not be contacted	No
16	Bad Target Credentials	No
32	Target DNS Server could not be contacted or could not resolve the target DNS domain	No
64	Change Obtain DNS by DHCP
128	Set DNS Server IPs
256	Set WINS Servers
512	Register NIC with DNS
1024	Clear DNS Suffix Search List / Set to use NIC
2048	Set Alternate DNS Suffix List
4096	Enable Dynamic DNS Registration
8192	Set NIC Specific DNS Suffix
16384	Domain Disjoin Failed
32768	Domain Join Failed
65536	Source domain name does not match the system's domain	No
131072	Computer Reboot failed
262144	Target Domain Name could not be resolved via existing DNS, and new DNS Servers were not provided	No

Note: An odd numbered result code represents an error running the Cutover PowerShell script. The most common cause of an odd numbered result code during Cutover is that the computer either has no network card with a default gateway or more than one network card with a default gateway.

Note: Result codes are additive. There are likely multiple errors if the result code is not represented in the table.

Upload Logs Result Codes

This table includes result codes for BT-UploadLogs PowerShell jobs.

Result Code	Error	Rollback Possible
32	(zip folder) could not be created.	No
64	Failed to Zip log files on computer.	No
128	Upload failed to contact the server. Please verify the URL (url) is correct and BITS is enabled.	No

제품을 선택하십시오.

더 나은 서비스 제공을 위해 채팅 목적을 작성해 주십시오.

문제에 대한 권장 솔루션