Workstations and Servers are referred to as Devices in SMART AD Migrator. The Devices screen allows you to register devices, change the polling interval, and manage the device Discovery, ReACL, Cutover, and Cleanup processes.
The SMART AD Migrator Agent must be installed on the device before a device can be registered or any actions taken on it. Refer to Installing the SMART AD Migrator Agent on Devices topic for more information.
Job Scheduling Options
The Job Scheduling option allows the administrator to effectively manage the server and workstation environment during the migration event by scheduling device jobs to run at specific points of time in the future. Each job that is available by right-clicking a device will surface the ability to set a “Do not start before” date and time. If a job is scheduled, then it sits in the queue and is not an active job for the device as it polls in looking for jobs based on the configured polling interval.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 75 View Jobs
To view device jobs:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select View Jobs. The Device Jobs window appears.
3. The Device Jobs table includes the following columns:
o Job ID - the ID of the job
o Queued Timestamp - the date and time the job was queued o Command Name - the command name of the job
o Status - the current status of the job
o Cancel Requested - checked in a cancel of the job has been requested o Message - Result codes and messages for the job
o Timeout (sec) - the timeout in seconds
o Retry Count - the number of times the job has been retried o Rollback Status - the status of a rollback
o Rollback Message - the status of a rollback
4. To cancel a job, select the job and click the Cancel button or select Cancel from the right-click menu. To refresh the jobs list, click the Refresh button.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 76
Jobs can be canceled when the Status or Rollback Status is either Queued, Scheduled, Started, or In Progress.
View Properties
After the Discovery process has been completed for a device, you view the properties of the device.
To view a device’s properties:
1. Click on table rows to select a device in the list.
2. Right-Click to view the options menu and select View Properties. The Device Properties window appears displaying the properties of the device and the user profiles associated with the device.
3. Click the Export All button to export the content of the window in Excel, text, CSV, or HTML format.
Polling Interval
The polling interval is set to 900 seconds (15 minutes) by default. The polling interval tells devices how frequently to contact the SMART AD Migrator Server and check for jobs. If the polling interval is set to a high number, such as 14400 seconds (4 hours), it is possible that any command sent to the device may not execute for up to four hours. You may decide to set the polling interval to a high number to keep the load off of the web servers until devices are closer to the actual date of cutover.
A lengthy time between sending a command to a device and the device executing the command is not likely to be effective on the day of cutover. To ensure adequate response time on the day of cutover, it is recommended to decrease this interval in advance of the Cutover process.
Devices will only obtain an updated polling interval when next contacting the SMART Active Directory Migrator web service.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 77
To set polling interval:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-click to view the options menu and select Set Polling Interval. The Set Polling Interval window appears.
3. Edit the Polling Interval (seconds) field and click Save.
The polling interval default for all newly registered devices can be changed in SQL in the ADM_Setting table field PollIntervalSeconds.
If upgrading from a release prior to SMART Active Directory Migrator 9.2, the polling interval default was 14400 seconds. This default value will not be changed during an upgrade and will need to be updated in the
ADM_Setting table per above.
Set ReACL Profile
To set ReACL Profile:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-click to view the options menu and select Set ReACL Profile. The Set ReACL Profile window appears.
3. Select the ReACL Profile and click Save.
Discovery
The Discovery process gathers properties (OS versions, network properties, and so on) from the device to allow additional future functionality. The first discovery process begins for a device when the device becomes registered which will automatically occur after the Device Agent has been installed, as long as the environment is properly configured.
To start the device Discovery process manually:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select Discovery.
3. In Job Scheduling Options window, click OK to begin the Discovery process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Discovery Status will be displayed as Queued in the Devices table and the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 78
4. The Queue Summary window appears.
5. Click OK. The Discovery Status column is populated with the current status. Use the Right-click View Jobs option or double-click a row in the Devices table to view the list of jobs for the specific Device.
ReACL
The ReACL process updates the device’s domain user profiles for use by the matching target user after cutover.
At least one group must be migrated to populate the map.gg file or the ReACL process will fail.
Before ReACL can occur, the target users and groups which have permissions set on the device must be migrated to the target.
To start the device ReACL process:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select ReACL.
3. In Job Scheduling Options window, click OK to begin the ReACL process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the ReACL Status will be displayed as Queued in the Devices table and the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
4. The Queue Summary window appears.
5. Click OK. The ReACL Status column is populated with the current status. Use the Right-click View Jobs option or double-click a row to view the list of jobs.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 79
Two checks are performed at the start of the ReACL process. The first check is against invalid Source Profiles, which will be logged as a WARNING and those profiles will be skipped. The second check is against invalid Target Profiles, where a user may create a profile with the target account before their machine is ReACL’d and cutover. By default, this is logged as a FATAL ERROR and will halt the ReACL process. However, it can be changed to a WARNING with the –t switch passed by editing the command in SQL.
The ReACL Agent will automatically create two files on the device being ReACL’d, map.usr and map.gg. These files are used to find the source permissions and add the appropriate target permissions during the ReACL process. System groups, such as Domain\Domain Admins and Domain\Domain Users are included in the map.gg file for updating the group permissions during the ReACL process. If the Active Directory environment is non-English, the values in the sAMAccountName column of the BT_SystemGroup table in the SQL database will need to be changed after SMART Directory Sync is installed to have the appropriate non-English values.
If the Mapped Network Drive is being mapped via GPO or using an integrated credential such as the current windows logon session, ReACL will create a warning entry in the log “…WARNING: The UserName value for drive U was empty and could not be mapped to the target user.” This warning does not mean that the mapped drive cannot be accessed after Cutover.
Cutover
The Cutover process moves a device from the source domain to the new target domain.
To start the Cutover process:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select Cutover.
3. The Cutover Options window appears. Select Cutover Credentials, a Network Profile, and Migration Option from the drop-down lists.
4. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Cutover Status will be displayed as Queued in the Devices table and the Do Not Start Before column in the Device Jobs table will be populated with the selected date. The Cutover process will begin as soon as possible if not using this option.
5. The Queue Summary window appears.
6. Click OK. The Cutover Status column is populated with the current status. Use the Right-click View Jobs option or double-click a row to view the list of jobs.
The Cutover Options are set on the Settings screen.
Rollback
The Rollback process moves a device back to the original source domain and restores any modified network settings.
The device must have attempted Cutover for this explicit Rollback process to work.
To start the Rollback process:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select Rollback.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 80
3. In Job Scheduling Options window, click OK to begin the Rollback process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
4. Click OK. The Queue Summary window appears.
5. Click OK. The selected devices are sent back to their original domain and any modified network settings are restored. The Cutover Status column is updated with the current status.
Cleanup
The Cleanup process removes the Source SIDs after the Cutover process completes.
Cleanup should be done when the migration project is completed. Before running the Cleanup process, it is
recommended to disable SID filtering/quarantine to verify there are no issues with application access before completing the cleanup process.
To start the Cleanup process:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select Cleanup.
3. In Job Scheduling Options window, click OK to begin the Cleanup process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Cleanup Status will be displayed as Queued in the Devices table and the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
4. The Queue Summary window appears.
5. Click OK. The Cleanup Status column is populated with the current status. Use the Right-click View Jobs option or double-click a row to view the list of jobs.
ReACL Rollback
The ReACL Rollback feature rolls back all changes made by the ReACL process. ReACL Rollback can be performed on devices that have completed the ReACL process.
To rollback ReACL:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-click to view the options menu and select ReACL Rollback.
3. In Job Scheduling Options window, click OK to begin the ReACL Rollback process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
4. View rollback results by viewing the device's job view.
Device Columns
The following columns appear on the Devices screen by default:
o Migration Group - The Migration Group name. Use the Right-click Set Migration Group option to change.
o sAMAccountName - the sAMAccountName attribute of the source device
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 81
o Distinguished Name - the distinguished name attribute of the source device o Registered - This is checked if the device is registered with the server.
o Agent Last Contact - Displays the time and date of the last contact between the agent and the SMART AD Migrator Server.
o Description - the description attribute of the source device
o Polling Interval - The time interval (in seconds) between polls. This is set to 900 seconds (15 minutes) by default.
Use the Right-click Set Polling Interval option to change. The SMART AD Migrator agent will pick up the new polling interval value the next time it contacts the Web Service.
o Discovery Status - The status of the discovery process. Use the Right-click Discovery option to start the Discovery process.
o ReACL Status - The status of the ReACL process. Use the Right-click ReACL option to start the ReACL process.
o ReACL Profile - The ReACL Profile set for the device. Use the Right-click Set ReACL Profile option to change.
Device ReACL Profiles are defined in Settings.
o Cutover Status - The status of the Cutover process. Use the Right-click Cutover option to start the Cutover process.
o Cleanup Status - The status of the Cleanup process. Use the Right-click Cleanup option to start the Cleanup process.
o Last Job Message - The last job status.
The following additional fields can be displayed by customizing the columns:
o ID - SQL record number
o Migration Group ID - The Migration Group ID.
o Agent Version - The version of the agent installed on the device.
o Blacklisted - checked if the device is currently on the blacklist. Use the Right-click Add to Blacklist option or Remove from Blacklist option to change.
Upload Logs
Log files from the AD Migrator Device Agent can be uploaded to the AD Migrator Web Server using Microsoft BITS. To enable this functionality, the installer will enable BITS Server Extensions for IIS and create a virtual directory called DeviceLogs where all uploaded files will be stored.
To upload Log files from the AD Migrator Device Agent:
1. Click on table rows to select one or more devices in the list (Use Ctrl-Click to select more than one row).
2. Right-Click to view the options menu and select Upload Logs.
3. In Job Scheduling Options window, click OK to begin the Upload Logs process as soon as possible. Check Do not start before and then enter or select a date and time when the process will begin. If using the Do not start before option, the Do Not Start Before column in the Device Jobs table will be populated with the selected date.
4. Review the device jobs to see when the Upload Logs job has completed.
SMART ACTIVE DIRECTORY MIGRATOR 9.2 USER GUIDE 82
The logs will be stored at the following location: C:\Program Files\Binary Tree\ADMigrator\DeviceLogs
The device logs will be zipped, and the file names will be in the following format with a unique file name:
SMART-WIN7X86-1_201573111235