What are the requirements to install Domain Migration Administrator (DMA) and Server Consolidator? (NETIQKB2017)

  • 7702017
  • 02-Feb-2007
  • 05-Sep-2007

Resolution

goal
What are the requirements to install Domain Migration Administrator (DMA) and Server Consolidator?

goal
What are the hardware requirements for Domain Migration Administrator (DMA) and Server Consolidator?

goal
What issues should I consider before migrating accounts with SID history?

fix
The following requirements are for installing either Domain Migration Administrator alone, or with Server Consolidator as well.

Hardware

  • Pentium II or later CPU
  • At least 100 MB free disk space available
  • 128 MB required 256 MB recommended RAM
  • 10 MB & (4 Kb per user migrated) available RAM
  • Access 2000 (Runtime version provided, Full version needed to do Data Modeling)

Environment Setup

  • Install the DMA console computer at minimum on a Windows 2000 member server or Professional computer, however, a Windows 2000 Domain Controller (DC), Windows 2003 or Windows XP is required to migrate with SID History. If DMA is installed on a Windows 2000 Professional or XP machine, then the client is limited to 10 network connections (per Microsoft NT limitations).
  • Install DMA on a Native mode Windows 2000 DC, 2003 Server, or XP in the Target domain, to be able to Translate Security for Accounts with SID History.
  • DMA runs under the security context of the user logged on to the console machine, therefore provide the logged on user Administrator permissions in the Source and Target Domains on each computer you migrate and/or translate security on and on each computer where DMA must install an agent to perform migration tasks.
  • All migrations require a two-way trust and a constant connection between the Source and Target domains. You cannot use DMA to migrate with the console computer connected to the Source Domain, then remove this connection and join the console computer to the Target domain to complete the migration.
  • DMA will not migrate data through a firewall unless the RPC locator TCP port 135 (could be any one of 135-139) is opened. Note: As an added security measure, we strongly recommend that if customers open these ports on their firewall that they only do so on a controlled basis, only allow communication over those ports between the hosts involved in the migration and no others.

Possible migrations: Source Domain OS to Target Domain OS

  • Windows NT 4 to Windows NT 4

  • Windows NT 4 to Windows 2000 Mixed/Native

  • Windows 2000 Mixed/Native to Windows 2000 Mixed/Native (INTER and INTRA forest scenarios included)

Specifics on migrating accounts with SID History:

  1. To implement SID History, the Source domain must trust the Target domain. This is a requirement of the API and the only way to perform the migration on a target Domain Controller is with an account in the Target\Domain Admins global group that is also a member of the Source\Administrators local group.
  2. To move workstations from the Source domain to the Target domain, the Target must trust the Source. The Source\Domain Admins global group should be a member of the Administrators Local Group on all workstations in the domain that you wish to migrate. In order to perform the migration with an account that is an Administrator on every local machine, the path of least resistance is to be logged in as a member of the Source\Domain Admins Global Group.

Customers that want to implement SID History and migrate workstations and/or member servers will end up performing the migration in 2 phases with 2 different IDs [Target\Domain Admins account for the migration of SID History and Source\Domain Admin account for the migration of computers] unless the Target\Domain Admins Global Group is a member of the Administrators Local Group on all machines to be migrated.

The most important requirement for a migration is you must have sufficient permissions to perform the action. Migrating accounts with SID History requires the logged in account to have membership in the Target\Domain Admins Global Group. Changing the Domain Membership of a .
computer requires local Administrator privileges on that computer.

If all of the above requirements have been met yet you're still unable to migrate with SID History, then check to see that domain name resolution is functioning properly on the network. You should also investigate WINS to see if it is the cause of any connectivity issues.

For more information, contact Technical Support at  at www.netiq.com/support. You can create a Support Request for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.

.


Additional Information

Formerly known as NETIQKB2017