Checklist: Migrating NIS Maps to Active Directory Domain Services

Applies To: Windows Server 2003 R2

Notes

Migration consists of the following three steps:

1. Migrate the NIS maps to a Windows-based server.

   • Using the command line

     Identity Management for UNIX includes a command-line tool called nis2ad to migrate maps from UNIX-based NIS servers to AD DS–based Server for NIS.

   • Using the migration wizard

     The NIS Data Migration wizard in Identity Management for UNIX extracts the information necessary to perform the migration. Even when using the migration wizard, however, you must complete steps 2 and 3, which follow.

   The migration wizard and the nis2ad command read map data from NIS map source files, which are the plain text files from which the NIS map databases are compiled. These source files must be located in a location that can be accessed by the domain controller during migration, such as on a disk on the domain controller or in a shared directory accessible by the domain controller.

2. Inform the existing subordinate (also known as slave) NIS servers of the new master NIS server.

   After the migration, the original UNIX-based NIS server must send an update of maps to all subordinate NIS servers with the name of the new master server in the maps.

3. Disable the original NIS server.

UNIX-based subordinate NIS servers can continue to work as before; however, they receive map updates from the Windows-based computer instead of the UNIX-based computer. Client computers continue to get NIS maps or data from the new master.

	Step	Reference
	Read more about Network Information Service (NIS) migration.	Understanding NIS Data Migration
	Back up your Windows domain controllers, or use a test domain controller.
	Log on as a member of the Domain Administrators group.
	Identify the NIS domain to migrate and how it will be migrated, keeping in mind the following: You can migrate only one NIS domain at a time, but you can merge the NIS domain with a previously migrated NIS domain. If you do not merge the domain, you can preserve the existing domain name or create a new name for the migrated domain. You should migrate an NIS domain to only one AD DS domain.	Migrating NIS to Active Directory Domain Services
	Make sure that the source files for the NIS maps that you want to migrate can be accessed by the computer running the NIS Data Migration Wizard. (NIS map source files are the plain text files from which the NIS map databases are compiled.) You can make the files available to the Windows-based computer by using network file system (NFS), or by copying them to the Windows-based computer through File Transfer Protocol (FTP). All standard and nonstandard map source files should be in the same directory.	Understanding NIS Data Migration
	Determine which standard NIS maps to migrate, and the directory paths to the map source files, keeping in mind the following: You can migrate maps in steps, that is, migrate one map first, then another, and so on. You should migrate the passwd map before migrating other maps (such as group or shadow maps) that rely on it. You must migrate the networks map before migrating netmasks.	Migrating and Managing Standard and Non-standard Maps
	Determine any nonstandard NIS maps to migrate, their formats, and the directory paths to their map source files. All standard and nonstandard map source files should be in the same directory.	Migrating and Managing Standard and Non-standard Maps
	Examine NIS map source files for multiple entries having the same primary key (for example, more than one user with the same user identifier (UID) in the passwd file) and eliminate the duplicate primary keys.	Resolving Migration Conflicts
	Determine AD DS containers to which you will migrate the NIS domain.
	Decide on the strategy to migrate using one of the following two alternatives. If there are conflicts between the existing map entry and the entry being migrated during the migration process, you can choose one of the following methods: Overwrite the existing entry with data from the entry being migrated. Preserve data from the existing entry and ignore the entry being migrated. Resolve conflicts by changing the Windows account name in Active Directory. If objects of different types have the same name, the names of both objects are changed before the data is migrated.	Best Practices for Server for NIS
	Determine whether you want to run the NIS Data Migration wizard first without migrating to examine all events that will take place during migration (recommended), or migrate all data the first time the wizard is run. The migration wizard can be configured to log all the migration steps without actually migrating the data to Active Directory.	Best Practices for Server for NIS
	Migrate NIS maps to Active Directory on a computer running Windows Server and Active Directory.	Migrating NIS domains
	Review the log files after migration for errors or conflicts. Resolve log conflicts and migrate the resolved entries again.	Resolving Migration Conflicts
	Configure any UNIX NIS subordinate (also known as slave) servers to use Server for NIS as the master NIS server.	Configuring a UNIX NIS Server to Use Server for NIS as the Master Server
	Configure any UNIX NIS client computers to use Server for NIS as the master NIS server.	Configuring UNIX Clients to Use Server for NIS as the Master Server
	Set the passwords of new Windows user accounts (created as a result of the NIS migration) to a known, temporary value, inform the users of the temporary password and instruct them to change their Windows password as soon as possible.

Additional references

For more information about Server for NIS, see:

• The Windows Server TechCenter for Active Directory Domain Services (https://go.microsoft.com/fwlink/?LinkId=48547)