Microsoft Directory Tool Has Limits

FRAMINGHAM (03/16/2000) - Microsoft Corp. has released a promised directory migration tool, but large companies will need something extra to complete the move to Active Directory in Windows 2000.

The Active Directory Migration Tool (ADMT) is a wizard-driven tool that migrates users, groups and resources from Windows 3.51 and NT 4.0 to Active Directory. While Microsoft says the free tool will appeal to the majority of customers, the company defines those customers as having a small number of NT 4.0 domains and a simple network infrastructure.

Large enterprises have seen their NT 4.0 domains grow bloated and sloppy over the years, and will want to clean out the clutter in those domains and collapse them into fewer domains before migrating, experts say.

Those customers also are likely to migrate user data into Active Directory from other systems, such as human resources and payroll databases or other directories, and will want to create model environments to test their directory structures before going live. All those needs will require third-party tools from such vendors as Aelita, Entevo, FastLane and Mission Critical Software.

"ADMT is a bulk tool without a lot of controls," says a systems engineer with a multinational corporation who requested anonymity. "There is no way to do the testing and consolidation you need before migrating."

Others have turned to ADMT only after using other tools.

"I wrote my own tool to do modeling routines for the directory," says Eric Craig, network architect for Continental Airlines. "We then used ADMT and ClonePrincipal as we moved users and groups." ClonePrincipal is a feature of ADMT that allows NT 4.0's secure IDs, or SIDS, to be appended to user records in Active Directory so those users can still access resources in NT 4.0 domains that are active during a migration.

Microsoft makes no bones about the limitations of ADMT, although it contends it will fit the needs of 75% of users.

Some of the limitations of ADMT include the need to upgrade every NT 4.0 domain controller within an individual domain at once. Users must do that to support ClonePrincipal so they can maintain access to NT 4.0-based domains that have yet to be upgraded. Users also will have to migrate any applications in the upgraded domains to Win 2000. Users also can't do NT 4.0-to-NT 4.0 domain migrations as a way to restructure domains.

"ADMT assumes you will completely migrate to Win 2000," says Olivier Thierry, vice president of product management for Mission Critical, which licensed the base code for ADMT to Microsoft. "There is no content sanity-check before you migrate, you don't do anything intelligent with the data. Users will want to clean up their naming structures and orphan accounts before they move, not after."

Join the newsletter!

Error: Please check your email address.

More about AelitaContinental AirlinesEntevoMicrosoftOlivier

Show Comments