What are the recommended steps or best practices for performing a domain migration with Domain Migration Administrator (DMA)?
Domain Migration Administrator 7.x
We strongly recommend that you review Chapter 2 - 'Planning and Performing Your Migration' in the DMA User Guide. The following is from the migration 'Workflow' section and is a condensed/paraphrased example to help you devise and test your own workflow. The following sample workflow identifies some important steps to consider:
1. If you want to implement a new computer naming convention, use the Rename Computers wizard to rename workstations and member servers.
2. Create migration projects for unique sets of objects. Each project allows you to define a set of objects that you will migrate and track as one unit and process in a similar manner.
a. If you want to distribute the project creation part of the migration process, you can use delegation mode.
b. Periodically back up your project .mdb files to save the settings for future reference and problem resolution.
c. Periodically compact and repair the Domain Migration Administrator (DMA) database files to improve performance.
3. If you have service accounts that you want to migrate to the new domain and you need to update the services to use the new accounts, collect service account information with Reports and the Service Account Configuration wizard.
4. Run the Domain Status reports to help identify account naming conflicts.
5. If you need to modify user accounts and groups as part of your migration, you can set options to add a prefix or suffix to each migrated account name. You can also use database modeling and scripting to customize the migration process to meet your specific needs.
6. If you need to adjust your group structure and memberships, use the Map and Merge Groups wizard.
7. Migrate the appropriate groups (local and global) using the Group Migration wizard. If possible, you should migrate with SID History to ensure continued access to files, shares, printers, system registries, Microsoft Exchange mailboxes, and other resources.
8. Migrate the appropriate user accounts using the User Migration wizard. If possible, you should migrate with SID History to ensure continued access to files, shares, printers, system registries, Exchange mailboxes, and other resources.
9. If you did not migrate with SID History, use the Security Translation wizard to add permissions for the new target accounts. Translate security on all computers, including workstations and member servers.
10. If you want to migrate user workstations and member servers to the new domain, use the Computer Migration wizard to migrate computers from one domain to another. You can also use Server Consolidator to move the important data from a computer in the source domain to a computer in the target domain.
Please see the remainder of the 'Workflow' section in Chapter 2 of the DMA User Guide for removing SID History and decommissioning the source domain.
For more information on how to use some of the features discussed in this article, please refer to the following NetIQ Knowledge Base articles:
NETIQKB1181: "What are some of the general Gotchas or Helpful Hints one might want to know when migrating User, Group, and Service accounts with NetIQ's DMA tool?"
NETIQKB1138: "What are some of the general Gotchas or Helpful Hints one might want to know when migrating Computer accounts and Translating Security with NetIQ's DMA tool?"
NETIQKB8331: "What are the best practices for log-on credentials when using the Migrate Trusts wizard?"
NETIQKB1434: "What is the best practice in terms of logon account permissions necessary to successfully migrate computers?"
NetIQ also provides migration white papers, which can be found at https://www.netiq.com/products/dma/whitepapers.asp..