Migrating Contacts
The Contact Actions screen allows contacts to be synchronized to the target.
Sync Contacts
To sync Contacts to the target:
- Select one or more Contacts in the list.
- Select Sync Enabled from the Actions menu and click the Apply Action button. The Sync Status column displays "Sync Enabled" for the selected Contacts. The selected Contacts are synced during the next synchronization cycle (scheduled in Directory Sync Pro for Active Directory or triggered manually with the Run Sync button in Migrator Pro for Active Directory).
- To prevent the contacts from syncing, select the Contacts, select Sync Disabled in the Actions menu, and click the Apply Action button.
Admin Agent Menu Actions
If any Admin Agent actions have been created for Contacts, they will appear in the Actions menu:
- Select one or more Contacts in the list.
- Select an Admin Agent action from the Actions menu and click the Apply Action button.
- In the Job Options window, check Do not start before and enter a date and time if you do not want the job to begin immediately. Select the Admin Agent and the Agent Admin Credentials to use from the drop-down lists.
- Click OK. The Queue Summary appears.
- Click OK.
Contact Columns
The following columns appear on the Contact Actions screen by default:
- Migration Wave - The Migration Wave name. Use the Actions menu Set Migration Wave option to change.
- First Name - The first name attribute of the source Contact.
- Last Name - The last name attribute of the source Contact.
- Distinguished Name - The distinguished name attribute of the source Contact.
- Target Distinguished Name - The distinguished name attribute of the target contact. This column is populated when a Contact is synced.
- Description - The description attribute of the source Contact.
- Blacklisted - This column is checked if the Contact is currently on the exclusion list. Use the Actions menu Add to Exclusion list option or Remove from Exclusion list option to change.
- Sync Status - This column displays "Sync Enabled" if the contact is currently ready to sync. Use the Actions menu Sync Enabled option or Sync Disabled option to change.
- Created - This column is checked if the Contact has been created in the target.
- Last Sync - Displays the date/time of the last sync.
The following additional fields can be displayed by customizing the columns:
- ID - SQL record number
- Migration Wave ID
- Alias
- Assistant
- Company
- Country
- Country Code
- Country Name
- Deleted Item Flags
- Delivery Content Length
- Department
- Department Number
- Division
- Employee ID
- Employee Number
- Employee Type
- Extension 1 - 15
- Manager
- Object SID
Migrating Groups
The Group Actions screen allows Groups to be synchronized to the target.
|
How different types of groups (Domain Local, Global, and Universal Group) are created on the target and how group collisions are handled is defined on the AD Target Options of the synchronization profile. |
Sync Groups
To sync Groups to the target:
- Select one or more Groups in the list.
- Select Sync Enabled from the Actions menu and click the Apply Action button. The Sync Status column displays "Sync Enabled" for the selected Groups. The selected Groups are synced during the next synchronization cycle (scheduled in Directory Sync Pro for Active Directory or triggered manually with the Run Sync button in Migrator Pro for Active Directory).
- To prevent the Groups from syncing, select the Groups, select Sync Disabled in the Actions menu, and click the Apply Action button.
Admin Agent Menu Actions
If Admin Agent actions have been created for Groups, they will appear in the Actions menu:
- Select one or more Groups in the list.
- Select an Admin Agent action from the Actions menu and click the Apply Action button.
- In the Job Options window, check Do not start before and enter a date and time if you do not want the job to begin immediately. Select the Admin Agent and the Agent Admin Credentials to use from the drop-down lists.
- Click OK. The Queue Summary appears.
- Click OK.
Group Columns
The following columns appear on the Group Actions screen by default:
- Migration Wave - The Migration Wave name. Use the Actions menu Set Migration Wave option to change.
- sAMAccountName - the sAMAccountName attribute of the source group account.
- Group Type - The type of group of the source group account.
- Distinguished Name - The distinguished name attribute of the source group account.
- Target Distinguished Name - The distinguished name attribute of the target group account. This column is populated when a group is synced.
- Description - The description attribute of the source group account.
- Blacklisted - This column is checked if the Group is currently on the exclusion list. Use the Actions menu Add to Exclusion list option or Remove from Exclusion list option to change.
- Sync Status - This column displays "Sync Enabled" if the Group is currently ready to sync. Use the Actions menu Sync Enabled option or Sync Disabled option to change.
- Created - This is checked if the group account has been created in the target.
- Last Sync - This column displays the date/time of the last sync.
The following additional fields can be displayed by customizing the columns:
- ID - SQL record number
- Migration Wave ID
- Alias
- Assistant
- Company
- Country
- Country Code
- Country Name
- Deleted Item Flags
- Delivery Content Length
- Department
- Department Number
- Division
- Extension 1 - 15
- Managed By
- Object SID
Migrating Computers
Workstations and Servers are referred to as Computers in Migrator Pro for Active Directory. The Computer Actions screen allows the administrator to register Computers, change the agent polling interval, set the ReACL profile, upload Computer migration logs, make a Computer an Admin Agent, and manage the Computer Discovery, ReACL, Cutover, and Cleanup processes.
|
The Migrator Pro for Active Directory Agent must be installed on a computer before it can be registered or have any actions applied to it. Refer to Installing the Migrator Pro for Active Directory Agent on Computers for more information. |
Job Options
The Job Options view allows the administrator to effectively manage the server and workstation environment during the migration event by scheduling computer jobs to run at specific points of time in the future. Each job, when applied to a Computer, will open the Job Options view giving the option to set a “Do not start before” date and time. If a job is scheduled for a later date and time, then it sits in the job queue and is not considered an active job for that Computer when the agent polls for jobs.
View Jobs
To view Computer Jobs:
- Select one or more Computers in the list.
- Select View Jobs from the Actions menu and click the Apply Action button. The Computer Jobs window appears.
- The Computer Jobs table includes the following columns:
- Job ID - The ID of the job.
- Queued Timestamp - The date and time the job was queued.
- Do Not Start Before - The date selected if using the "Do not start before" option.
- Command Name - The command name of the job.
- Admin Agent - The Admin Agent computer the command will run on.
- NAS - The NAS computer the job is run on.
- Status - The current status of the job.
- Cancel Requested - This column is checked if a cancel of the job has been requested
- Message - Result codes and messages for the job
- Timeout (sec) - The timeout in seconds.
- Retry Count - The number of times the job has been retried.
- Rollback Status - The status of a rollback.
- Rollback Message - The status of a rollback.
-
To cancel a job, select the job and click the Cancel button or select Cancel from the Actions menu and click the Apply Action button. To refresh the jobs list, click the Refresh button.
|
Jobs can be canceled when the Status or Rollback Status is either Queued, Scheduled, Started, or In Progress. |
View Properties
After the Discovery process has been completed for a Computer, you view the properties of that Computer.
To view a Computer's discovered properties:
- Click on the table row to select a computer in the list.
-
Select View Properties from the Actions menu and click the Apply Action button. The Computer Properties window appears displaying the properties of the Computer and the user profiles associated with the Computer.
- Click the Export All button to export the content of the window in Excel, text, CSV, or HTML format.
Polling Interval
By default the agent polling interval is set to 900 seconds (15 minutes). The polling interval tells the agent how frequently to contact the Migrator Pro for Active Directory Server and check for jobs. If the polling interval is set to a high number, such as 14400 seconds (4 hours), it is possible that any command sent to that computer may not execute for up to four hours. Setting a Computer’s polling interval to a high number until close to the cutover date can help minimize load on the web servers. However, to ensure adequate response time on the day of cutover, it is recommended that you decrease the polling interval in advance of the Cutover process. Note: In large scale environments, having too many agents polling the same server for jobs all at the same time may accidentally result in DDoS against that server, so additional planning of agent polling and cutover is recommended.
Computers will only obtain an updated polling interval when next contacting the Migrator Pro for Active Directory web service according to their currently configured polling interval.
To set polling interval:
- Select one or more Computers in the list.
- Select Set Polling Intervalfrom the Actions menu and click the Apply Action button. The Set Polling Interval window appears.
-
Edit the Polling Interval (seconds) field and click Apply.
|
The polling interval default for all newly registered computers can be changed in SQL in the ADM_Setting table field PollIntervalSeconds. |
Set Device ReACL Profile
To set Device ReACL Profile:
- Select one or more Computers in the list.
- Select Set Device ReACL Profilefrom the Actions menu and click the Apply Action button. The Set Computer Processing Profile window appears.
- Select the Computer Processing Profile and click Apply.
Make Admin Agent
An agent currently running on a computer can be changed to be an Admin Agent to allow the computer to perform custom admin functions. Once changed to an Admin Agent, the computer will be removed from the Computers list and will appear in the Admin Agent list in Settings and will be able to only perform admin actions. Admin Agents cannot be changed back to a regular Computer agent.
To make a Computer an Admin Agent:
- Select one or more Computers in the list.
- Select Make Admin Agentfrom the Actions menu and click the Apply Action button. The confirmation window appears.
- Click Yes. The Computer is removed from the computers list and appears in the in the Admin Agent list in Settings and can only be used to run custom admin functions.
Discovery
The Discovery process gathers properties (OS versions, network properties, and so on) from the computer to allow additional future functionality. The first discovery process begins for a computer when the computer becomes registered with the Migrator Pro for Active Directory server which will automatically occur after the Computer Agent has been installed, as long as the environment is properly configured.
To start the computer Discovery process manually:
- Select one or more Computers in the list.
- Select Discovery from the Actions menu and click the Apply Action button.
- In Job Options window, click Apply to begin the Discovery process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Discovery Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
-
The Queue Summary window appears.
-
Click OK. The Discovery Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs for the specific Computer.
ReACL
The ReACL process updates the Computer’s domain user profiles for use by the matching target user after cutover.
|
It is recommended to remove or disable anti-virus software immediately prior to the ReACL process and only after a recent clean scan has been completed. |
|
At least one group must be migrated to populate the map.gg file or the ReACL process will fail.
Before ReACL can occur, the target Users and Groups which have permissions set on the Computer must be migrated to the target. |
To start the Computer ReACL process:
- Select one or more Computers in the list.
- Select ReACLfrom the Actions menu and click the Apply Action button.
- In the Job Scheduling Options window, click Apply to begin the ReACL process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the ReACL Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
- The Queue Summary window appears.
- Click OK. The ReACL Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs.
|
Two checks are performed at the start of the ReACL process. The first check is for invalid Source Profiles, which will be logged as a WARNING and those profiles will be skipped. The second check is for invalid Target Profiles, where a user may have created a profile with the target account before their machine is ReACL’d and cutover. By default, this is logged as a FATAL ERROR and will halt the ReACL process. However, it can be changed to a WARNING with the –t switch passed by editing the command in SQL.
The ReACL Agent will automatically create two files on the computer being ReACL’d, map.usr and map.gg. These files are used to find the source permissions and add the appropriate target permissions during the ReACL process. System groups, such as Domain\Domain Admins and Domain\Domain Users are included in the map.gg file for updating the group permissions during the ReACL process. If the Active Directory environment is non-English, the values in the sAMAccountName column of the BT_SystemGroup table in the SQL database will need to be changed after Directory Sync Pro for Active Directory is installed to have the appropriate non-English values.
If the Mapped Network Drive is being mapped via GPO or using an integrated credential such as the current Windows logon session, ReACL will create a warning entry in the log “…WARNING: The UserName value for drive U was empty and could not be mapped to the target user.” This warning does not mean that the mapped drive cannot be accessed after Cutover. |
|
For Windows 10 and Windows Server 2016 computers, the ReACL process is decoupled from the actions against files, folders, and the registry.
A ReACL against a Windows 10 or Windows Server 2016 computer will update all files and folders and registry entries found on the machine except for the user profile specific registry keys in HKLM, ntuser.dat, and usrclass.dat even if the user profiles option is selected in the ReACL profile.
After a ReACL has been run against a Windows 10 or Windows Server 2016 computer, the user profile components will not be prepared during a cleanup process.
The prepare and cleanup process should be completed along with the remaining ReACL activities against the user profile specific registry keys in HKLM, ntuser.dat and usrclass.dat at time of computer cutover (prior to domain join command). |
Cutover
The Cutover process moves a Computer from the source domain to the new target domain.
To start the Cutover process:
- Select one or more Computers in the list.
- Select Cutoverfrom the Actions menu and click the Apply Action button.
- The Cutover Options window appears. Select a Cutover Credential, Network Profile, and Migration Option from the drop-down lists.
- Check Ignore ReACL Status to cutover the computer regardless of the ReACL status (otherwise the cutover process will not proceed if there is an error with ReACL process).
- Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Cutover Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date. The Cutover process will begin as soon as possible if not using this option.
- Click the Apply button.
- The Queue Summary window appears.
- Click OK. The Cutover Status column is populated with the current status. Use the Actions menu View Jobs option or double-click on a row to view the list of jobs.
|
Computers should not be ReACL'd once they have been cutover to the Target. This is not a best practice and is not supported as this can cause problems with the registry and user profiles.
The Cutover Options are set on the Settings screen. |
Rollback
The Rollback process moves a Computer back to the original source domain and restores any modified network settings. The Computer must have attempted Cutover for this explicit Rollback process to work.
To start the Rollback process:
- CSelect one or more Computers in the list.
- Select Rollbackfrom the Actions menu and click the Apply Action button.
- In the Job Options window, click Apply to begin the Rollback process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
- The Queue Summary window appears.
- Click OK. The selected Computers are sent back to their original domain and any modified network settings are restored. The Cutover Status column is updated with the current status.
Cleanup
The Cleanup process removes the Source SIDs after the Cutover process completes.
|
Cleanup should be done when the migration project is completed. Before running the Cleanup process if a trust is in place, the trust can be broken to test if any application permissions are broken. |
To start the Cleanup process:
- Select one or more Computers in the list.
- Select Cleanup from the Actions menu and click the Apply Action button.
- In the Job Options window, click Apply to begin the Cleanup process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Cleanup Status will be displayed as Queued in the Computers table and the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
- The Queue Summary window appears.
- Click OK. The Cleanup Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs.
ReACL Rollback
The ReACL Rollback process rolls back all changes made by the ReACL process. ReACL Rollback can be performed on Computers that have completed the ReACL process.
To rollback ReACL:
- Select one or more Computers in the list.
- Select ReACL Rollbackfrom the Actions menu and click the Apply Action button.
- In the Job Options window, click Apply to begin the ReACL Rollback process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the "Do Not Start Before" column in the Computer Jobs table will be populated with the selected date.
- View rollback results by viewing the Computer's job view.
Cache Credentials
The Cache Credentials process assigns a Cache Credentials job to workstation(s). See the Credential Cache and Offline Domain Join topic for more information.
Offline Domain Join
The Offline Domain Join process is similar to the Cutover process for machines that are directly connected to the network. See the Credential Cache and Offline Domain Join topic for more information.
|
WARNING: Do not perform the Cutover process on Offline Domain Join workstations. The Offline Domain Join process takes the place of Cutover for workstations connecting via VPN. |
Admin Agent Menu Actions
If any Admin Agent menu actions have been created for Computers, they will appear in the Actions menu:
- Select one or more Computers in the list.
- Select an Admin Agent action from the Actions menu and click the Apply Action button.
- In the Job Options window, check Do not start before and enter a date if you do not want the job to begin immediately. Select the Admin Agent and the Agent Admin Credentials to use from the drop-down lists. The Cutover options will also appear if the selected Admin Agent action includes the Cutover action.
- Click Apply. The Queue Summary appears.
- Click OK.
ComputerS List Columns
The following columns appear on the Computer Actions screen by default:
- Migration Wave - The Migration Wave name. Use the Actions menu Set Migration Wave option to change.
- sAMAccountName - The sAMAccountName attribute of the source computer.
- Distinguished Name - The distinguished name attribute of the source computer.
- Registered - This column is checked if the computer is registered with the Migrator Pro for Active Directory server.
- Agent Version - The version of the Migrator Pro for Active Directory Agent installed on the computer.
- Operating System Version - The version of the Computer's operating system.
- Agent Last Contact - This column displays the time and date of the last contact between the agent and the Migrator Pro for Active Directory Server.
- Description - The description attribute of the source computer.
- Blacklisted - This column is checked if the Computer is currently on the exclusion list. Use the Actions menu Add to Exclusion list option or Remove from Exclusion list option to change.
- Polling Interval - The time interval (in seconds) between polls. This is set to 900 seconds (15 minutes) by default. Use the Actions menu Set Polling Interval option to change. The Migrator Pro for Active Directory Agent will pick up the new polling interval value the next time it contacts the Web Service.
- Discovery Status - The status of the discovery process. Use the Actions menu Discovery option to start the Discovery process.
- ReACL Status - The status of the ReACL process. Use the Actions menu ReACL option to start the ReACL process.
- ReACL Profile - The ReACL Profile set for the Computer. Use the Actions menu Set ReACL Profile option to change. Device ReACL Profiles are defined in Settings.
- Cache Credential Status - The status of the Cache Credentials process for use with Offline Domain Join. Use the Actions menu Cache Credentials option to start the Cache Credential process.
- Offline Domain Join Status - The status of the Offline Domain Join process. Use the Actions menu Offline Domain Join option to start the Offline Domain Join process.
- Cutover Status - The status of the Cutover process. Use the Actions menu Cutover option to start the Cutover process.
- Cleanup Status - The status of the Cleanup process. Use the Actions menu Cleanup option to start the Cleanup process.
- Last Job Message - The last job status.
The following additional fields can be displayed by customizing the columns:
- ID - SQL record number
- Migration Wave ID - The Migration Wave ID.
Upload Logs
Log files from the Migrator Pro for Active Directory Agent can be uploaded to the Migrator Pro for Active Directory Web Server using Microsoft BITS. To enable this functionality, the installer enables BITS Server Extensions for IIS and create a virtual directory called ComputerLogs where all uploaded files will be stored.
To upload Log files from the Migrator Pro for Active Directory Agent:
- Select one or more Computers in the list.
- Select Upload Logs from the Actions menu and click the Apply Action button.
-
In the Job Options window, click Apply to begin the Upload Logs process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Do Not Start Before column in the Computer Jobs table will be populated with the selected date.
- The logs will be stored at the following location: C:\Program Files\Binary Tree\ADPro\DeviceLogs
- The computer logs will be zipped, and the file names will be in the following format with a unique file name: SMART-WIN7X86-1_201573111235.zip
Migrating File Shares
The File Share Actions screen allows you to ReACL File Share computers via a network share.
Add a File Share
To add a File Share computer:
-
- Select Add File Share from the Actions menu and click the Apply Action button. The File Share window appears.
- Enter values in the following fields:
- UNC Path - the UNC path that will be the starting location for ReACL on the File Share computer
- Device - The name of the Computer used to access the File Share computer. This computer must be local (same network, region, and so on) to the File Share device. This is a sAMAccountName, not an FQDN.
- Username - The username to access the File Share device. UserPrincipalName values (user@domain.dom) or domain\username format are supported.
- Password - the Password to credential access the File Share computer
- Click OK. The File Share computer is added to the list.
Edit a File Share
To edit a File Share computer:
- Select a File Share computer in the list.
- Click the Edit button or select Edit from the Actions menu and click the Apply Action button. The Network Access Storage window appears.
- Edit the values.
- Click OK. The File Share computer is updated in the list.
Delete a File Share
To delete a File Share computer:
- Select one or more File Share devices in the list.
- Click the Delete button or select Delete from the Actions menu and click the Apply Action button. The File Share computer(s) are removed from the list.
Set File Share Processing Profile
To set File Share Processing Profile:
- Select one or more File Share computers in the list.
- Select Set File Share Processing Profilefrom the Actions menu and click the Apply Action button. The File Share Processing Profile window appears.
- Select the File Share Processing Profile and click Apply.
ReACL
The ReACL process updates the File Share’s domain user profiles for use by the matching target user after cutover.
To start the File Share ReACL process:
- Select one or more File Share computers in the list.
- Select ReACLfrom the Actions menu and click the Apply Action button.
- In the Job Options window, click Apply to begin the ReACL process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the ReACL Status will be displayed as Queued in the File Share table and the "Do Not Start Before" column in the File Share Computer Jobs table will be populated with the selected date.
- The Queue Summary window appears.
- Click OK. Use the Actions menu View Jobs option to view the list of jobs.
Cleanup
To start the Cleanup process:
- Select one or more File Share devices in the list.
- Select Cleanupfrom the Actions menu and click the Apply Action button.
- In the Job Options window, click Apply to begin the Cleanup process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Cleanup Status will be displayed as Queued in the File Share table and the "Do Not Start Before" column in the File Share Computer Jobs table will be populated with the selected date.
- The Queue Summary window appears.
- Click OK. The Cleanup Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs.
View Jobs
To view File Share computer jobs:
- Select one or more File Share computers in the list.
- Select View Jobsfrom the Actions menu and click the Apply Action button. The Computer Jobs window appears.
- The Computer Jobs table includes the following columns:
- Job ID - The ID of the job.
- Queued Timestamp - The date and time the job was queued.
- Do Not Start Before - The date selected if using the Do Not Start Before option.
- Command Name - The command name of the job.
- Status - The current status of the job.
- Cancel Requested - This column is checked if cancellation of the job has been requested.
- Message - Result codes and messages for the job.
- Timeout (sec) - The timeout in seconds.
- Retry Count - The number of times the job has been retried.
- Rollback Status - The status of a rollback process.
- Rollback Message - The status of a rollback process.
- To cancel a job, select the job and click the Cancel button or select Cancel from the Actions menu and click the Apply Action button. To refresh the jobs list, click the Refresh View button.
ReACL Rollback
The ReACL Rollback process rolls back all changes made by the ReACL process. ReACL Rollback can be performed on File Share computers that have completed the ReACL process.
To rollback ReACL:
- Select one or more File Share computers in the list.
- Select ReACL Rollbackfrom the Actions menu and click the Apply Action button.
- In Job Options window, click Apply to begin the ReACL Rollback process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Do Not Start Before column in the File Share Computer Jobs table will be populated with the selected date.
- View rollback results by viewing the File Share computer's job view.
File Share Columns
The following columns appear on the File Share Actions screen by default:
- ID - The migration ID.
- Device Name - The name of the device used to access the File Share computer. This device must be local to the File Share computer.
- File Share Path - The UNC path to the network share used to access the File Share computer.
- Username - The username to access the File Share computer.
- ReACL Status - The status of the ReACL process. Use the Actions menu ReACL option to start the ReACL process.
- Profile - The ReACL Profile set for the File Share computer. Use the Actions menu Set File Share Processing Profile option to change. Profiles are defined in Settings.
- Cleanup Status - The status of the Cleanup process. Use the Actions menu Cleanup option to start the Cleanup process.