Migrating from NetWare to NT

The Migration Tool for NetWare helps you transfer your NetWare file servers to an NT environment

One potato, two potato, three potato, four. NetWare? NT? NetWare? NT? Sound familiar? If so, you're one of a growing number of network administrators wrestling with the Novell NetWare vs. Windows NT Server dilemma. As NT Server comes of age and NetWare's market share falters, more of today's small, midsize, and large network sites are asking themselves which network operating system will take them into the twenty-first century. This decision is complex, but if your company decides to switch from NetWare to NT, as the network administrator, you will need to find a way to make it happen. (For an overview of NT and NetWare coexistence, see Michael D. Reilly, "Living with Novell NetWare,"October 1997.)

Enter Migration Tool for NetWare. Included with NT Server 4.0, MigrationTool for NetWare lets you transfer your existing NetWare 2.x, 3.x, and 4.x fileservers to an existing NT Server environment. In addition, with a few clicks ofthe mouse, Migration Tool for NetWare lets you transfer your NetWare users,groups, individual volumes, files, and directories. Even if your site has only afew users and files, Migration Tool for NetWare can greatly reduce the time andeffort required to successfully migrate to NT. Without Migration Tool forNetWare, you must manually add each user and group account to the NT server andselectively copy each file and directory--a daunting prospect.

If the destination NT server is running Microsoft's File and Print Servicesfor NetWare (FPNW) you can also migrate user logon scripts. FPNW lets an NTserver function as both a standard NT server and a NetWare file-and-printserver. Therefore, NetWare 2.x and 3.x clients can access both servers withoutadditional software or configuration changes to the client. (Note: FPNWis an add-on for NT Server that you must purchase separately. For a detaileddescription of FPNW, see John Enck, "Behind the Scenes of FPNW,"December 1995.)

Let me take you step by step through a sample migration from NetWare 4.11to NT Server 4.0. I will tell you how to configure user and group information,handle duplicate names, assign passwords, and migrate individual files anddirectories. Most important, I'll show you how to perform a trial migrationbefore doing the real thing.

Before you start the migration, you need to get a few things in order onthe NT Server side. First, the destination server must be either a PrimaryDomain Controller (PDC) or a Backup Domain Controller (BDC). This requirementmakes sense because NT application servers don't participate in logonauthentication and don't know or care about user or group accounts or how tohandle them. Second, the destination NT server must be running the NWLinkIPX/SPX Compatible Transport and the Gateway and Client Services for NetWare(GSNW). IPX/SPX is the default network protocol in the NetWare world and lets NTcommunicate with the NetWare server. Finally, as an option, you can install NTFSon the destination server. NTFS grants NetWare trustee rights for files anddirectories that you want to migrate. Because the migration process makessignificant changes to the destination server, be sure you have a solid,verified backup before continuing. With these preparations complete, here we go.

Migration Tool
You can run Migration Tool for NetWare from three locations: the destinationserver, a remote NT server, or a system running NT Workstation. To run MigrationTool for NetWare on a remote system, you must copy the following files:nwconv.exe, nwconv.hlp, logview.exe, and logview.hlp from the %systemroot%/System32server folder. You start the migration on the NT system from which youare running the migration. If you choose to run the migration from a remote NTsystem (server or workstation), make sure you have a valid connection to thedestination NT server. In addition, you must run the Microsoft NetWare client onthe system where you run nwconv.exe. I ran this sample migration using NetWare4.11 as the source and NT Server 4.0 as the destination. I ran Migration Toolfor NetWare on the destination server, not a remote system.

To begin the migration, from the Start menu, select Programs,Administrative Tools, Migration Tool for NetWare. The first time you runMigration Tool for NetWare, the Select Servers For Migration dialog box appears,as you see in Screen 1. Use this screen to select a NetWare file server tomigrate and a destination NT server. If you have run Migration Tool for NetWarebefore, the program saved your configuration information and automatically loadsit when the program starts. The Select NetWare Server dialog box appears andlists all NetWare servers it finds.

An important fact about Migration Tool for NetWare is that it does notwork with Novell Directory Services (NDS). This limitation is significantbecause in a NetWare 4.x environment, NDS is how you manage objects orresources. Migration Tool for NetWare handles connections to NetWare 4.x serversrunning NDS through bindery emulation. Older NetWare 2.x and 3.x serversmaintain a flat file database called the bindery. Unlike NDS, eachbindery server is a separate entity and knows nothing about the outside world.In these circumstances, Migration Tool for NetWare treats 4.x servers the sameas 2.x and 3.x servers.

This serious shortcoming leads to some interesting issues during themigration. For instance, when you select a 4.x server from the list, you willsee the name of your current context. In Novell terms, your current context isyour position in the NDS tree; your current context is the same as your currentdirectory in DOS. You can see files only in the current directory, and you cansee objects only in the current context. Also, be aware that you cannot changeyour context from within the NetWare server selection screen. If you do not seeany NetWare servers listed, check to make sure you have NWLink IPX/SPXCompatible Transport and GSNW loaded on the NT server.

When you have selected your source and destination servers, click OK. Ifyou have not already been authenticated to the NetWare server when you logged onto the NT server, the program will ask you to provide a Supervisor-equivalentaccount name and password. Notice that NetWare uses the term Supervisorand not Administrator. Because I connected using bindery emulation, theNetWare 4.x systems did not recognize the Admin account but interpreted my Adminlogon as a Supervisor-equivalent account. The account must be Supervisorequivalent because you need complete NetWare system access and control.Similarly, for NT you must log on as Administrator or equivalent.

At this point, you will see the main Migration Tool for NetWare screen,shown in Screen 2, page 116. The screen lists all NetWare and NT serversselected for migration. (You can have multiple source and destination servers.)From this screen, you can make all necessary migration configurationmodifications. You can add servers to be migrated, delete servers, set user andgroup options, set file and folder options, view log files, run the migration,and most important, run a trial migration. From the File menu, you can restore apreviously saved configuration file, save current configuration settings, orclear everything by selecting Restore Default Config. By default, theconfiguration files have a .cnf extension and are located in the%systemroot%/System32 directory. You can't read the configuration files with atext viewer--I tried.

To add servers to the list, click Add on the main Migration Tool forNetWare screen and add your NetWare and NT servers, just like you did whenMigration Tool for NetWare first started. You must log on to each NetWare serveryou select even though you might have done so when you first logged on. Todelete a set of servers, select the set from the list and click Delete. A wordof caution: The program won't ask whether you really want to delete the server;it simply does it.

Users and Groups
After you select your list of servers, you configure user and group optionsby clicking User Options on the Migration Tool screen. You configure specificelements of the migration process by using the four tabs (Passwords, Usernames,Group Names, and Defaults) on the User and Group Options screen, as you see inScreen 3. By default, Migration Tool for NetWare transfers users and groupsduring the migration. To exclude users and groups, clear the Transfer Users andGroups check box at the top of the screen.

Map files (which tell Migration Tool for NetWare how to process usernames,passwords, and group names during the migration) give you more control over themigration process. Without map files, you would need to use Migration Tool forNetWare's internal migration methods. The map file lets you list each NetWareaccount, the new NT account name, and the corresponding password. The format ofthe file is old_name, new_name, password. The map file also has a section forgroup names that follows the same format (excluding the password field). To usethis option, select the Use Mappings in File: check box on the User and GroupOptions screen.

You can choose to create the map or edit an existing map file. Map fileshave a .map extension, and the program stores them by default in the %systemroot%System32directory. You can view them with any text viewer. To create amap file, first select the Use Mappings in File: option, and then click Createto bring up the Create Mapping File screen. By default, the program includesusername information in the map file. If you want to exclude user accounts,clear the Include User Names option. Similarly, if you want to exclude groupinformation, clear the Include Group Names option at the bottom of the screen.

Next, and perhaps most important, is the default password option. You havethree choices: No Password, Password is Username, and Password is (the same password for everyone). I don't like any of the choices, but anotheroption saves the day: If you check User Must Change Password on the Passwordstab, your users must input a new password the first time they log on.Interestingly, no one can read NetWare passwords after a NetWare server savesand encrypts them. This restriction means that Migration Tool for NetWare can'tmigrate user passwords; you must reassign them. You can see the work that'sinvolved if you have a large number of users.

After you have selected a map file and set the default password option,click OK. A dialog box will appear to let you know that Migration Tool forNetWare created the file and ask whether you want to edit it. If you select Yes,Notepad will start and automatically load the map file. If you intend to usemapping, I suggest checking the map file to make sure everything looksright--user and group accounts are correct and unnecessary information has beendeleted. You will probably see user or group names that you don't need tomigrate. The map file has a [USERS] section for user accounts and [GROUPS]section for group names. You can fully edit the file and make necessary changes,such as adding the passwords you will use when creating NT accounts. What'spretty slick about the map file is that it automatically picks up all NetWareuser/group accounts and writes them to the file.

If you forgo the map file, you must configure password, user, and groupparameters manually. On the Passwords tab, you can set the default password anddetermine whether users need to change their password the first time they logon. As I mentioned earlier, you have three choices for the default password: NoPassword, Password is Username, and Password is --the same forall users. Because all these options can lead to some interesting securityproblems, I strongly suggest keeping the default option of users changing theirpassword the first time they log on.

The Usernames and Group Names tabs each contain options for handlingduplicate NetWare and user and group names. Both sections let you log the error,ignore the duplicate name, or add a prefix of your choice. Only with usernamescan you choose to overwrite existing NT accounts with the new NetWareinformation. If errors occur during the migration, Migration Tool for NetWarewill write them to the Error.LOG file.

Use the Defaults tab to configure the migration of administrative rights.The default is Use Supervisor Defaults; this option lets Migration Tool forNetWare overwrite the current Administrator account policy restrictions on theNT server with those from the NetWare Supervisor account. The policy settingsinclude intruder lockout, password uniqueness, required password change,password aging, and minimum password length. The second option, Add Supervisorto the Administrators Group, determines whether the program adds NetWareSupervisor-equivalent users to the NT Administrators Group. By default, thisoption is not selected.

You can transfer NetWare account information to a master domain by clickingthe Advanced button on the User and Group Options screen, then selecting theTransfer Users to Trusted Domain option. You use this option to transfer NetWareaccount information to the domain controller of the master domain. However,Migration Tool for NetWare still transfers file and folder information to thecurrently selected NT server. If you transfer groups to the master domain,Migration Tool for NetWare creates the groups as global groups in the masterdomain and as local groups on the selected server.

Files and Folders
After you have successfully configured user and group information, you needto configure the migration of files and folders. From the Migration Tool forNetWare screen, select File Options. By default, Migration Tool for NetWaretransfers all files and folders from the NetWare server during the migrationprocess, with the exceptions of system or hidden files and three of the defaultdirectories created on a NetWare server: the LOGIN, SYSTEM, and ETC folders.If you want to include these files or folders, you can select them from theFiles, Files to Transfer screen. You can also exclude files or folders from themigration by clearing the Transfer Files check box.

By default, the Source Files listing on the File Options screen makesavailable all volumes on the NetWare system. You can delete or add these volumesby clicking Delete or Add. After you select a NetWare volume, you must specifyits destination NT volume, share name, and folder by clicking Modify. In theModify dialog box, you can transfer the NetWare volume files and folders to anexisting share, or you can create a new share. To change a share's directorypath, click Properties. To transfer data to a directory under an existing share,type the full path in the Subdirectory field. However, from this screen, youcan't change the path for existing shares, only for new shares.

Selecting individual files and folders for transfer is straightforward.After you select the appropriate NetWare volume from the Source Files listing,choose the folder you want to view; then select specific files from the folder,as you see in Screen 4. Migration Tool for NetWare transfers folders and filesthat are selected. If a user creates a file on a NetWare volume after youcomplete the migration configuration, Migration Tool for NetWare will transferthat file if you are moving other files in the same folder.

Log Files
Now you have finished configuring the migration process. You have taken careof users, groups, files, and folders. The only other element to consider is logfiles. Log files help you determine whether a migration ran successfully. To setoptions for log files, select Logging on the main Migration Tool for NetWarescreen. The default option is Verbose User/Group Logging. This option recordsthe most information during a migration and includes summary information forfiles and folders and complete activity for users and groups. To reduce the sizeof the log file, you can clear this check box, so that you will record only usernames and groups. The second logging option, Popup on Errors, causes themigration process to stop on each error and requires manual intervention. TheVerbose File Logging option records all files and folders transferred and theirsource and destination directories.

You can view log files by first clicking Logging... on the main MigrationTool for NetWare screen. Then, click View Log Files to start the logview.exeprogram. Logview.exe displays the three log files that Migration Tool forNetWare creates during a migration: Error.LOG, Summary.LOG, and LogFile.LOG. Asyou see in Screen 5, page 122, Error.LOG contains a list of all errors thatoccurred. These errors include system errors, network errors, and user accountnames that were not transferred because of a conflict. Summary.LOG is astatistical file that contains migration information such as total running time,number of users and groups transferred, number of files transferred, number ofname conflicts, and the total number of errors. LogFile.LOG contains a record ofwhat successfully transferred and what failed as a result of an error. The filehas sections pertaining to Supervisor defaults, user/group information,transfer options, and file information.

As I stated earlier, if the destination NT server is running FPNW,Migration Tool for NetWare can transfer user logon scripts. For this feature towork properly, you must transfer the necessary file and folders from the NetWaresystem, especially the MAIL directory, where the login script files are stored.When the user logs on to the NT server, the logon script will run as the user'spersonal logon script.

Trial Migration
The best feature of Migration Tool for NetWare by far is its ability toperform a trial migration. The trial migration lets you tweak the configuration;you can run trials as many times as you like. A word to the wise: Use the trialmigration. Treat it as your friend. It can save your career if you inadvertentlyset your migration options to walk over the top of your existing NT environment.During the trial migration, Migration Tool for NetWare doesn't transferinformation between the source and destination systems; it only creates logfiles to inform you how the process went. The trial run creates the same threelog files (Error.LOG, Summary.LOG, and LogFile.LOG) as the real thing. Each timeyou run the trial migration, Migration Tool for NetWare creates new log filesand renames the previous log files, replacing the extension with an incrementalnumber.

To start the trial migration, click Trial Migration on the main MigrationTool for NetWare window. Be warned that the program doesn't ask you to verifythis action; the trial starts immediately. When the Verifying Information dialogbox appears, the migration program is verifying user, group, file, directory,and volume information on the source NetWare system. When the verification iscomplete, the trial conversion begins. You can follow the progress of theconversion on a monitor, as you see in Screen 6.

The Real Thing
When you have successfully run the trial migration with no errors, you'reready to go for the real thing. The real migration is the same as the trialmigration, except that it takes considerably longer. To start the migration,click Start Migration on the main Migration Tool for NetWare screen. As with thetrial migration, no verification screen will ask whether you really want tostart the process, although you can click Cancel at any time. On NetWare systemswith many users, groups, files, or folders, the migration process can take quitea long time. Although migration time will vary with machine speed, memory, andnetwork bandwidth, I've seen migrations that involve 1000 users and more than100 groups take more than two hours to complete; so schedule accordingly.

When the migration process is finished, a final dialog box (shown in Screen 7) shows you statistics, including the number of users and groups transferred, the number of files transferred, and the total number of errors. If you have errors, check the log files to see what corrective action is necessary. If forsome reason the migration fails, remember that you still have a complete andintact NetWare server that you can use to try again. Also, realize that youmight have some significant work to do on the destination NT server to clean upuser, group, file, and folder information.

Simplifying Migration
Migrating a NetWare 4.11 server to NT Server 4.0 is not difficult, but youcan't take the process lightly. When used correctly, the Migration Tool forNetWare can save you hours of work and unnecessary headaches. I hope you can rest easier knowing that if you must ever migrate your NetWare servers to NT, you have the knowledge and the tools to do the job.