Thinking about migrating from Novell to Active Directory? Then this post will hopefully give you some advice of what I experienced going through the process over the last couple months.Novell is a dying company, sadly that is. It was acquired by Attachmate a few years ago then again Attachmate was bought out by another company. Novell has cut so many staff over the years that it can't fix existing problems with their software. Novell has lost some of their largest clients in the last couple of years because of these issues.
We felt it was time to move our organization to Active Directory due to the existing problems with Zenworks and the lack of integration with other web services. Our login times on computers were very long and if we made a group policy change through Zenworks it would take 20 minutes to login to every computer that would be affected for the first time. It was becoming very frustrating, along with Zenworks imaging only wanting to work about half the time. To give an idea of our environment, we have 1800+ Windows based systems and around 3500 users.
Setting up Server 2012
An excellent video walk through of setting up Server 2012, Directory Services, DHCP, DNS, file servers, and user management can be found here, Windows Server 2012. This video series was put together by Eli the Computer Guy, he has an excellent channel of videos related to I.T. content. I highly recommend subscribing to his channel, very valuable resources over there.
Once the domain, DHCP, and DNS was up and running I needed to get some file servers online. I created two file servers which I used simple and short names. For example, FILE01 and FILE02. I created folders on each server called "Share" where I gave out file permissions to users. From there I used a computer that was authenticated to both Active Directory and Novell's eDirectory where I was able to access all file shares. I began the migration process of copying the data from our old Novell servers to the new Windows file shares. This was the most time consuming process as we had a few terabytes of data to move.
The nice part about having a DNS server, which we didn't have before, is not worrying about host files. In the past we had to utilize a login script to push out updated host files to ensure computers knew where server names pointed to. Now everything is done through A.D. in terms of host names and we created A records for all of our internal websites.
Importing Users
Getting a list of users imported out of eDirectory is just about impossible, if you use Groupwise there are a few ways you can export the user names out into a csv file. Luckily we already migrated to Gmail from Groupwise a few years ago so I was able to do an export from the GAFE admin console with a list of users for each of our organizational units.
There are a few scripts out there or third party software for purchase that allows mass importing of users into Active Directory, I was trying to find the simplest way to import our staff into A.D.. After doing some research I read about an older piece of software called Active User Manager that a individual made for free back in the server 2003 days. Sadly his website was no longer around but I was able to find out the information I needed to get the software. In the web archive I was able to find a saved copy of his website which can be found here and a copy of the manual. I found a download link for the software still available from this website. The software is free if you use the activation code available on the saved website. Active User Manager allows you to import users with the import user wizard by OU. It can also help with the creation of home folders and permissions.
Management
I highly recommend that you install Remote Server Administration Tools (RSAT) on your computer to manage A.D. remotely. Information on setting up RSAT and download locations for each version of Windows can be found here.
I found creating group policies so much easier with Active Directory compared to eDirectory. I would recommend being very specific with the name of each of the GPO policies you create so you will know what they are when you need to go back and fix something. The best thing for us was being able to do just about everything through GPOs and not having to use login scripts.
We purchased PDQ Deploy to help push out applications to computers and it works really well. We also purchased PDQ Inventory for asset tracking. Both of these packages are cheap compared to most software out there that does remote software installations. We purchased Dameware remote control software to have the ability to remote control workstations for help desk support. Effectively by purchasing these tools we were able to replace just about everything that Zenworks was doing for our environment. The last thing on my list is to setup a FOG server for computer imaging since that was something we were doing in the past with Zenworks.Overall we are happy with the switch over and seeing the benefits of using Active Directory. The only issues we had was users getting new profiles that had saved documents locally instead of using their home folder. We also increased user password security so users had to strengthen up their passwords. Several forgot their new passwords within the first week.
