.htm_cmp_tvtoons110_bnr.gif)
|
These tool listings are primarily based on Microsoft Course 2010 (Migrating from NT to Active Directory) |
|||||||
|
Name of Tool |
Primary
Purpose of Tool |
Features |
Any
Limitations? |
Where
Found/Obtained? |
Courseware
or other Reference (Course MS2010 unless otherwise noted) |
GUI or
Command Line (CL) |
Syntax
(if CL) |
| ADMT |
Migrates Objects from one Domain to another (copies
& moves). Both cloning (users & groups) & moving (computers). As
such it facilitates intra-Forest and inter-Forest migration operations. |
The most powerful
& comprehensive migration tool. Can configure to disable either
the source or target accounts. Can move Security Principals including computer
accounts and uses sIDHistory. The recommended tool for
cloning shared local groups, as it is simpler than ClonePrincipal and
membership is maintained. Can identify and establish appropriate Trusts. Can set
cloned passwords as “complex”, or, same as username.
|
Win2K Resource Kit, also from http://www.microsoft.com/windows2000
|
Mod. 5, pp. 26-28 |
GUI |
N/A |
|
| Clone Principal |
Sidhist.vbs, copies the SID of a source
principal to the sIDHistory of an existing principal
Clonepr.vbs, copies the properties of a
source principal and copies the source SID to the sIDHistory of the
destination object. The destination object need not exist.
Clonegg.vbs, clones all global groups
in a domain, including well known accounts, but excluding built-in accounts.
Cloneggu.vbs, clones all global groups
and users in a domain, including well-known accounts, but excluding built-in
accounts.
Clonelg.vbs, clones all local groups in
a domain, including well-known accounts, but excluding built-in accounts. |
A suite of sample VBScripts facilitating inter-Forest
migration. |
Source accounts are automatically disabled. Cloned
passwords are set to “null” by default. Doesn’t copy all account properties. These scripts are quite long and usually only for
experienced Scripters.
|
Win2000 Server CD, CD\support\tools (must install the Support Tools) and are subsequently found in x:\program files\support tools |
Mod 5., p. 11, p.. 26, pp. 29-31 |
CL/Script |
N/A |
| MoveTree.vbs | Moves Active Directory security principal objects,
such as groups and users between Domains |
CAN retain Security Principals sIDHistory. |
Only supports Single Forest operations, (intra-Forest
migrations). Don't use this for computer accounts. See NetDom below. |
Win2000 Server CD, CD\support\tools |
Mod. 5, p. 26 |
CL | |
| NetDOM.exe | Queries a domain for trust relationships, create new
trusts. Can add, move, and query computer accounts in a Domain. |
Facilitates both inter-Forest and intra-Forest
migration operations. |
Use this for moving computer accounts to
new domains instead of MoveTree. |
Win2000 Server CD, CD\support\tools |
Mod. 5, p. 26 |
CL | |
| LBridge.cmd | Used to keep the NETLOGON share in Win2000
synchronized with the Win2000 export server. |
Files are copied from the Win2000 NETLOGON share to
the WinNT4.0 export structure. This script is about two pages long (mainly
comments) and calls ROBOCOPY.exe, which is a command line utility |
The copy only works in one direction |
Win2K Resource Kit |
Mod. 7, p. 12 |
CL | |
| RoboCopy.exe | A turbo XCOPY (for use with LBRIDGE.CMD). |
Preferred because it can also detect file system
deletions. |
Mod. 5, p. 12 |
CL | |||
| GPolMig.exe |
Determines what settings from System Policy need to be
applied to upgraded clients. Migrates System Policy Settings to Group Policy |
SAME |
Win2000 Resource Kit |
Course 2010, Mod. 4, p. 13, Mod. 7 p. 16 |
CL | ||
| Active Directory Connector (ADC) |
Extends the AD Schema to include attributes from
Exchange 5.5 to support Win2K migration |
Uses “Connection Agreements”, which define the servers
to replicate with, object classes to replicate with, target containers,
and replication schedule. Multiple CAs can exist on a single ADC One and Two-way CAs can be created. From Windows (2K) it replicates
Users/Contacts/Groups back. From Exchg. 5.5 it replicates
Mailboxes/CustRecips/DLs/ and possibly Public Folders. |
No more than 50-75 CAs should be managed by one ADC,
but generally only one is needed. |
Win2000 Server CD, |
Mod. 7, p. 29 |
GUI |
|
| ADCClean |
Maps new, target SIDs to source account SID |
Exchange Server |
Mod. 7, p. 28 - 29 |
||||
| LDP |
Displays Active Directory object attributes, including
SIDs and sIDHistory |
Win2000 Server CD, |
Mod. 5, p. 26 |
GUI | |||
| PermCopy |
Copy the permissions from the source share to the new
share in the target Domain. |
Win2K Rezkit |
Mod. 5, p. 26, p. 57 (Lab A) |
||||
| CryptoAPI |
Use this to migrate PStore settings (most apps don’t
use PStore) |
N/A |
Mod. 7, p. 27 |
||||
| ShowACLs.exe |
Assistance in documenting permissions |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| SubinACL.exe |
Assistance in documenting permissions |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| Perms.exe |
Assistance in documenting permissions |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| Global.exe |
Assist in documenting groups and their memberships |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| Local.exe | Assist in documenting groups and their memberships |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| FindGrpl.exe | Assist in documenting groups and their memberships |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| ShowMbrs.exe | Assist in documenting groups and their memberships |
Can also identify empty groups; can also show the
number of groups a user is a member of |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
|||
| ShowGrp.exe | Assist in documenting groups and their memberships |
NT & Win2K Rezkits |
Mod. 6, p. 14 |
||||
| UsrStat.exe |
Determine when a user last logged in. |
NT & Win2K Rezkits |
Mod. 6, p. 15 | ||||
| NetSH (NetShell) |
Can be used to export current DHCP settings to a text file,
which can be used for imporation elsewhere |
Inherent in Wn2K Operating System |
Mod. 7, p. 8 |
||||
| Write an ADSI Script |
Use to assist in documenting permissions and group
memberships |
N/A |
Script |
||||
Recommended Web Links:
www.microsoft.com/windows2000