Migrating NIS to Active Directory Domain Services

Migrating NIS to Active Directory

During migration, Server for NIS can migrate each Network Information Service (NIS) domain and preserve it as a separate domain in Active Directory Domain Services (AD DS). It can also merge the data in an existing domain, however. This domain can be one of the previously migrated domains or a special NIS domain that is created when Server for NIS is installed.

One of the advantages of migrating NIS maps to Windows is to merge UNIX and Windows users and objects to create a common name space. Another advantage is that objects common in two networks can have a unique identity.

During migration, you must specify the AD DS container in which migrated objects must be created. It is strongly recommended that you create these objects in the same container as the other Windows objects. If the container is not specified, new objects are created in the default container that is the same as the Windows container.

If you migrate passwd, groups, or host maps to a container other than the default container, migrated entities do not show by default in Active Directory Users and Computers. To view all objects, select Advanced features on the View menu of the Active Directory Users and Computers console.

Windows user accounts created as a result of the migration are disabled. After performing the migration, you must enable the accounts when you are ready for them to be used. For security reasons, it is recommended that you also assign a temporary password to these accounts and instruct users to change their Windows passwords as soon as possible.

See Server for NIS Troubleshooting for information about handling migration problems.

Staged migration

After maps are migrated to the AD DS domain controller, other UNIX-based subordinate servers can be migrated to other domain controllers in the same Windows domain. Migration of subordinate servers does not require migration of the data, because AD DS allows domain controllers in the Windows domain to share the same AD DS schema and database, and subordinate domain controllers already have access to the NIS data. After Server for NIS is installed on a domain controller in the same Windows domain, the domain controller is ready to act as a subordinate NIS server for the NIS domain.

The following are the steps in the migration of a subordinate NIS server.

  1. Verify that the master server of the NIS domain is migrated to Server for NIS.

  2. Install Server for NIS on another AD DS domain controller. The subordinate NIS server that you want to migrate to Windows can continue to operate as before. Subnets can have more than one subordinate NIS server.

  3. Disable the subordinate NIS server on the UNIX-based computer.

The NIS map source files of an NIS domain need not be migrated all at once. (NIS map source files are the plain text files from which the NIS map databases are compiled.) Each NIS map for a domain is migrated separately. The administrator can specify the domain name to which this map will be migrated. If a domain with the specified name does not exist, Server for NIS creates a new NIS domain with that name.

After you migrate NIS maps to Server for NIS, a delay can occur before the migrated data is available to Server for NIS.

Migrating multiple NIS domains

The migration utility or migration wizard allows migration of multiple NIS domains to AD DS. During migration of a map, the administrator must specify the domain from which the data is being migrated. Server for NIS preserves the name of the original domain with the map entries created in AD DS. As a result, migrated map entries are returned to clients or subordinate servers from the specified domain only.

The migration wizard can also merge a map from one domain into another NIS domain. This can be one of the previously migrated NIS domains, or a special domain that is created when Server for NIS is installed. The administrator must specify the name of the NIS domain to which the data will be migrated.

If you migrate multiple domains, you can manage individual domains by using the Identity Management for UNIX management console.

Server for NIS supports a maximum of 960 unique combinations of NIS domains and maps. For example, Server for NIS cannot support more than 64 domains with 15 maps each (64×15=960).