Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
The botnet world is booming
How ending exclusivity agreements would change the telecom industry
How to use electrical outlets and cheap lasers to steal data
EMC distances rival NetApp
Crime lab saves energy costs by turning up heat in the data center
IBM security software masks confidential info
Google Native Client provides hints on Chrome OS gambit
Ericsson signs deal to run Sprint wireless, wireline networks
Verizon helping companies assess application vulnerabilities
Internet's biggest issue? IPv6 transition, new ARIN CEO says
Gmail, other Google apps, out of beta
Microsoft may have known about critical IE bug for months
Symantec de-duplication strategy targets data growth, virtual machines
Windows 7 ramp-up will be sharp
Applications /

Reviews /

Heavy-lifting help for your Active Directory move

Today's breaking news
Send to a friendFeedback

Advertisement:

Aelita's Enterprise Suite tops our list

By DENNIS WILLIAMS
Network World, 08/16/99

Windows 2000 and its brand-new Active Directory are on their way into your network. While Active Directory offers many of the benefits of a real directory service, it requires a change in philosophy and a potentially stressful migration of your existing domains.

Microsoft will eventually offer tools to help users through this migration process. However, these utilities will not be integrated into Windows 2000 in time for its initial release, now set for sometime in October.

Fortunately, there are several tools already on the market that can help you plan for and pull off the transition as smoothly - and with as few surprises - as possible. All the tools we reviewed address three different processes in the migration: the clean up of existing NT 4.0 domains by removing nonexistent, expired and redundant user names, accounts and objects; the consolidation of multiple NT 4.0 domains into a single domain; and the migration itself. In addition, some tools provide a reliable mechanism to roll back the entire process if necessary.

Blue Ribbon winner

With a complete set of migration utilities and the ability to back out of any part of the process of moving NT domains to Windows 2000 Active Directory, Aelita's Enterprise Suite captured our Blue Ribbon Award.
Aelita Software Group's Enterprise Suite won our Blue Ribbon Award because it offers the cleanest, most complete migration and provides extensive undo options. Mission Critical Software's OnePoint Domain Administrator - parts of which Microsoft has licensed to include in subsequent versions of Windows 2000 - did nearly as well, but its ability to clean up domains and its management interface fell short of Aelita's suite. FastLane Technologies' DM/Suite was a solid, well-rounded product, but we felt it was slightly less polished than its competitors.

We also beta-tested a feature-incomplete version of Entevo's DirectManage. Once complete, we expect this product will offer some unique features, such as the ability to migrate from one Windows 2000 server to another, offering users a way to make changes to their Active Directory configurations.

Best of the lot: Aelita's Enterprise Suite

Aelita's Enterprise Suite won our confidence as the product we would choose to migrate our NT domains to Active Directory. There are seven separate tools in this NT management suite, but those directly related to domain migration are Virtuosity, Domain Migration Wizard and Delegation Manager.

Virtuosity is a database-driven management utility that comprises comprehensive auditing, reporting and domain clean-up tools.

The auditing tool is part of the Journal feature that is used for analyzing database content and creating reports. Not only can you view reports using this utility, but you can also initiate corrective actions from the on-screen report itself.

The reporting tool uses information stored in the database to display user, security and network information. It incorporates a security analyzer feature that checks account policies, lists users with administrative privileges, shows inappropriate names and performs other similar tasks.

The domain clean-up tool allows you to modify users, groups, access permissions and file shares. You can make these changes to individual user accounts or en masse. Virtuosity also lets you backup and restore information about local and global users in a domain, including file access permissions. This way, if any information is lost, configured incorrectly or corrupted, it can be restored to its original state quickly and easily.

The second component of Enterprise Suite, Domain Migration Wizard, helps move you from a multidomain structure to a single domain - a good first step in the process of moving to Active Directory. It automates the migration of users, groups and accounts. The wizard first scans the network and lets you select from a discovered list of source and target domains. It then collects user and group information from the domains and stores it in a database. You select which users and groups you want transferred from the source domain to the target. The wizard scans for duplicate user and group names and lets you rename or replace redundant names. It then applies the modifications. Though this process changes the actual domain, you can still undo the changes with a click of the mouse.

Domain Migration Wizard also lets you create an Active Directory structure and test it in a controlled environment. It is a helpful tool to test different Active Directory structures, such as directory organization by geography or business function (marketing, sales, engineering and others). Domain Migration Wizard tracks the migration process and because it is database-driven, lets you roll back to a previous point so you can modify your configuration and try again.

We tried several different scenarios and found that no matter how hastily or sloppily we created the target directory, we were able to migrate to it easily and back out of it just as easily.

Overall, we liked using Domain Migration Wizard because it took most of the apprehension out of migrating our directory and never left us wondering what to do next.

The third tool in Enterprise Suite, Delegation Manager, allows you to delegate administrative tasks on the network. This common initial step helps you prepare for migration. Even if you do not intend to fully migrate to Active Directory - where delegated administration is mandated - for some time, you can still get used to the new management approach on your NT 4.0 network. When you do decide to complete your migration, you will already have a distributed management plan in place.

Our only complaint about Enterprise Suite is that the different tools are not integrated, other than being linked to the same database. With no common interface, each tool is accessible from multiple, nested menu items.

OnePoint Domain Administrator

Despite Microsoft's decision to integrate some of Mission Critical's technology into its Windows 2000 base product, Mission Critical officials say they will continue selling all their OnePoint suite components as stand-alone products.

The Mission Critical product we examined for this review, OnePoint Domain Administrator 1.0, comprises the Windows 2000 OU Populator and Domain Migrator utilities. OnePoint Domain Administrator taps into your existing NT 4.0 domain model and allows you to test multiple Active Directory structures using company information without actually altering or affecting your domain. Once you decide how you want to structure your Active Directory, OnePoint Domain Administrator helps you begin the migration process.

You use OU Populator to set up an Active Directory tree structure on the existing NT 4.0 server. If you don't like that structure, you can modify it or start over - nothing's lost or changed on your network. OU Populator allowed us to use ActiveViews, templates for creating and populating Organizational Units in the Windows 2000 Active Directory. These groupings let us create entire Organizational Unit trees and sub-Organizational Units in the Active Directory hierarchy.

Additionally, this tool allowed us to run our NT 4.0 domain and our newly created Windows 2000 Active Directory in parallel with synchronized passwords. This makes it easier to "ease" into Active Directory rather than requiring that you pull the plug on the old system before the new one is up and running dependably.

The second component of the Mission Critical suite, Domain Migrator, allows you to copy user accounts, groups and computer accounts to another domain or to your new Active Directory structure. This will help you resolve any file, directory or sharing issues encountered during domain consolidation.

A third utility that ships with the product, NetWare Migrator, offers Novell Directory Services (NDS) users tools for making the move to Active Directory. While we did not test this component because it went beyond the scope of our test, we think the tool is useful because it helps users resolve the directory fields between NDS and Active Directory. After migrating user accounts and groups, NetWare Migrator also allows you to copy files and directories, including the access permissions for each file and directory, from a Net-Ware server to a Windows NT server.

OnePoint Domain Administrator did not score as high as Aelita's Enterprise Suite, but it is a good set of tools.

FastLane's DM/Suite

Although it didn't make us feel like we were cruising the autobahn in a high-performance sports car, FastLane's DM/Suite did help us cruise through a few Active Directory traffic jams better than the average commuter. DM/Suite includes three primary applications: DM/Manager for domain consolidation; DM/Administrator for the delegation of administration tasks; and DM/Reporter for displaying security status and aiding in the enforcement of security policies.

All the products are installed separately and can be bought individually, and all are accessed individually under different folders in the menu. Nevertheless, they do comprise a suite - if you move users from one domain to another in DM/Manager, the change is reflected in DM/Administrator.

All products use an Explorer-like interface that shows source and target domains. This feature makes it easy to replicate user and group objects when working in DM/Manager, the domain consolidation and account migration application. This common interface makes it simple to move accounts among NT domains or from NT domains to Windows 2000 Active Directory. But the feature lacked the ability to easily undo or revert to the old domain structure, which Enterprise Suite and OnePoint Domain Administrator provided.

We tested DM/Manager to consolidate our NT 4.0 domains and found it easy to use and intuitive. However, once we had a consolidated domain, we found it hard to figure out how to migrate the data to Active Directory using DM/Suite's tools. The documentation provided revealed how to configure DM/Manager's rules-based approach to migration, but we found that this process is not as intuitive as the migration process of its competitors.

FastLane's DM/Manager currently moves users and groups from one domain into another pretty well, updating all access rights and computer resources so users have the same privileges they did before migration. Updated properties includes local group memberships, NT profiles and user rights. Though you can currently perform domain-to-Active Directory migrations, a new version of DM/Suite to be released at the end of September will make the process easier by better representing the hierarchical structure of an Active Directory domain.

DM/Administrator also allows for the delegation of administration. We used it to assign specific administrative rights based on Windows 2000's hierarchical structure. This ability provides badly needed granularity in the administration of NT networks and helps prepare selected users for new administrative roles.

DM/Reporter offers about 150 canned reports, making it easy to assess and audit your network. We found this tool convenient and fast; we were able to quickly and easily create user and group management and security assessments. You can generate any of the included reports just by clicking on one, or you can modify existing reports to suit your specific needs.

One minor annoyance is that DM/ Suite's manager service flashes an update screen on the console at a regular interval, interrupting your work and train of thought. After placing a service call to FastLane, we learned you cannot suppress the service screen completely but you can schedule it to pop-up at more infrequent intervals.

Because Windows 2000 has not yet been officially released, third-party vendors trying to make the migration to that new operating system as easy as possible are aiming at a moving target. We kept that state of fluctuation in mind as we examined these products.

Nevertheless, in terms of what all three companies have right now, we would have to place our bets on Aelita's offering. Enterprise Suite stands slightly above the pack in terms of how it helps you clean up your NT 4.0 domains, how you structure Active Directory and how you eventually migrate your data. And just as important as what it does to help you move forward with your Active Directory migration, Enterprise Suite stands heads above its competition in terms of giving you a way to back out of any action that yields unexpected or undesirable results.

RELATED LINKS

Williams is a freelance writer and product improvement consultant in Alpine, Utah. He can be reached at dennis@ productreviews.com

Scorecard and NetResults
How we ranked the apps in key areas, pricing and vendor contact info.

Entevo readies Active Directory migration tool set
Although the final version of Entevo's DirectManage 2.0 will not be ready until later this month, we beta-tested the product to see if the company is headed in the right direction.

Closing the Active Directory gap
Things to think about before you make the move from NT 4.0 domains to Active Directory. Network World, 6/28/99.

Active Directory support systems come to the fore
If there is any doubt that Microsoft's forthcoming Active Directory will be a huge technology challenge for enterprises, look no further than the rash of support packages springing to life to aid in the directory's rollout. Network World, 7/19/99.

Tips on using Active Directory Service
Network World Fusion Focus on NT, 6/21/99.

Forum: Active Directory users could learn from NDS
See what Microsoft and Novell users have to say.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.