Task 2: Migrate NIS Maps to Active Directory
Applies To: Windows Server 2003 R2
Server for Network Information Service (NIS) allows NIS map data to be migrated to Active Directory. After the migration, and upon receiving NIS requests from clients or other servers, Server for NIS searches Active Directory to reply to NIS queries.
This topic contains the following sections:
Planning for NIS Migration
Migrate NIS Maps to a Windows-based Server
Configure UNIX NIS Servers to use Server for NIS as the Master Server
Creating the Structure of Nonstandard Maps
Additional Server for NIS Configuration Steps
Planning for NIS Migration
Before beginning NIS migration to Server for NIS, it is strongly recommended that you read Checklist: NIS migration to Active Directory using the NIS Data Migration wizard.
Steps in a Typical Migration
Migration consists of the following three procedures:
Migrate NIS maps to a Windows-based server.
Using a command line
Server for NIS includes a command-line tool called nis2ad to migrate maps from UNIX-based NIS servers to Active Directory–based Server for NIS.
Using the Windows interface
Server for NIS includes a migration wizard that extracts the information necessary to perform the migration. Even when using the migration wizard, however, you must complete steps 2 and 3, which follow.
The migration wizard and the nis2ad command read map data from NIS map source files, which are the plain text files from which the NIS map databases are compiled. These source files must be stored in a location that can be accessed by the domain controller during migration, such as on a disk on the domain controller or in a shared directory accessible by the domain controller.
If the map you want to migrate is a nonstandard NIS map, create the structure using the procedure Creating the Structure of Nonstandard Maps below.
Configure UNIX NIS Servers to Use Server for NIS as the Master Server.
After the migration, the original UNIX-based NIS server must send an update of maps to all subordinate NIS servers, with the name of the new master server in the maps.
Disable the original NIS server.
UNIX-based subordinate NIS servers can continue to work as before; however, they will receive map updates from the Windows-based computer running Server for NIS instead of the UNIX-based computer. Client computers running UNIX-based operating systems can be configured to get NIS maps or data from the new master server.
Read more about NIS Migration
Before you begin migrating NIS map data, it is recommended that you read the following conceptual topics that discuss NIS migration:
Migrating NIS to Active Directory
Migrating standard and nonstandard maps
Handling special users during migration to Active Directory
Migrate NIS Maps to a Windows-based Server
Perform the following steps to migrate NIS maps to a Windows-based server on which Server for NIS has been installed.
Using the Windows interface
Using a command line
Using the Windows interface
Open the Identity Management for UNIX management console by doing one of the following:
Click Start, click Administrative Tools, and then click Identity Management for UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and click to highlight the Server for NIS node.
Start the NIS Data Migration Wizard by doing one of the following:
Right-click the Server for NIS node, and then click NIS Data Migration Wizard.
With the Server for NIS node highlighted, click NIS Data Migration Wizard in the Actions pane.
On the Actions menu, click NIS Data Migration Wizard.
Follow the step-by-step directions in the wizard.
Note
Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration are disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.
Using a command line
Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd in the Open text box, and click OK.
At a command prompt, type:
nis2ad -y UNIXNISDomain **-a **ActiveDirectoryNISDomain [Options] MapfileToMigrate
The following arguments are required:
| Argument | Description |
|---|---|
-y UNIXNISDomain |
Specifies the name of the NIS domain that contains the map to migrate. |
-a ActiveDirectoryNISDomain |
Specifies the NIS domain name in Active Directory. |
MapfileToMigrate |
Specifies the name of the NIS map source file to migrate. NIS map source files are the plain text files from which the NIS map databases are compiled. |
The nis2ad command accepts the following options.
| Option | Description |
|---|---|
-m |
Perform the migration. If this option is omitted, the program finds and reports conflicts but does not actually perform the migration. |
-c FileName |
Specifies the file where conflict details are written. Uses a default file (%windir%\idmu\nis\conflicts.log) if not specified. |
-t TargetContainer |
Specifies the target container name. Applicable only when creating a new NIS domain. If not specified, uses the default or uses the container of the target domain. |
-f FileName |
Specifies the name of the log file. If not specified, nis2ad uses a default file (%windir%\idmu\nis2ad.log). |
-r yes|no |
Replace object in Active Directory with object being migrated. Default is no. |
-n |
Resolves conflicts by changing the Windows account name in Active Directory. If objects of different types have the same name, the names of both objects are changed before the data is migrated. |
-p Password |
If needed and if not specified, the user will be prompted. |
-d Directory |
Specifies the path of the directory that contains NIS map source files. |
-s Server |
Specifies the domain controller server hosting Active Directory. Otherwise use the current server. |
-u User |
Specifies the name of the user having administrator privileges on this computer. If not specified, nis2ad uses the current user. Even if you specify another user by using the -u option, the currently logged-on user must have write permissions for the folder that will contain the log and conflict files. If necessary, modify the permissions on the folder to grant write access to the user who will be running the nis2ad utility, before running the utility. |
Note
To view the complete syntax for this command, at a command prompt, type nis2ad /? You can migrate only one map at a time using nis2ad. To migrate more than one map at a time, use the NIS Data Migration Wizard. Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration will be disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.
Configure UNIX NIS Servers to use Server for NIS as the Master Server
To change a UNIX-based NIS server from a master server to a subordinate (also known as slave) server, follow these steps:
Migrate NIS maps to a Windows-based computer running Server for NIS.
Transfer the maps from the old master server to other subordinate NIS servers by providing the name of the new Server for NIS for each map. At a command prompt, type:
ypxfr –h newserver mapname
where newserver is the name of the new NIS master server, and mapname is the name of the map to be transferred.
Run this command for each map on each of the subordinate servers. After this step, the UNIX subordinate servers will recognize the new Server for NIS master server.
Creating the Structure of Nonstandard Maps
You can migrate nonstandard maps to Server for NIS using either the Windows-based NIS Data Migration Wizard, or a command-line environment.
Using the NIS Data Migration Wizard
Using the command line
Important
After the map structure is created using this procedure, there is no way to remove it. This structure applies to all NIS domains, so it is important to ensure that the format is consistent across all NIS domains.
Using the NIS Data Migration Wizard
Open the Identity Management for UNIX MMC snap-in by doing one of the following:
Click Start, click Administrative Tools, and then click Identity Management for UNIX.
Click Start, click Run, type idmumgmt.msc in the Open text box, then click OK.
In the hierarchy tree, open the Microsoft Identity Management for UNIX node, and click to highlight the Server for NIS node.
Start the NIS Data Migration Wizard by doing one of the following:
Right-click the Server for NIS node, and then click NIS Data Migration Wizard.
With the Server for NIS node highlighted, click NIS Data Migration Wizard in the Actions pane.
On the Actions menu, click NIS Data Migration Wizard.
Follow the step-by-step directions in the wizard.
On the NIS Map Selection panel, click New.
In the Add Nonstandard Map dialog box, do the following:
In the Map name string box, enter the name of the existing nonstandard map you want to migrate to Server for NIS. The map migration process assigns the same name to a new file containing your map structure.
In the Separator string box, type the single character you want to use to delimit or separate fields in your map structure. Suggested characters include a semicolon (;) or a dash (-).
In the Key field string box, type the number of the column you want to use as the map key. Use Arabic numeral characters; do not spell out the number.
Click Next.
In the Location of UNIX NIS Map Source Files window, enter the directory path name in which the map file you created in Step 6 is located, and then click Next.
Click Finish to start migrating map data from the existing nonstandard map to the new map file.
Note
Password file entries with names longer than eight characters will not be migrated. Windows user accounts created as a result of the migration are disabled. After performing the migration, you must enable the accounts. For security reasons, it is recommended that you assign a temporary password to these accounts and instruct the affected users to change their Windows password as soon as possible.
Using the command line
Open a Command Prompt window in one of the following two ways:
Click Start, and then click Command Prompt on the Start menu.
Click Start, click Run, type cmd into the Open text box, and click OK.
At a command prompt, type:
nismap create –i fieldNumber –g "separator" mapName
Note
Do not use the hash character (#) as a field separator because this character is used in standard maps to mark the beginning of a comment.
The following table shows the acceptable arguments for the nismap create command.
| Argument | Description |
|---|---|
fieldNumber |
The number of the field that contains the key to the map. |
"separator" |
The character used to separate fields, in quotation marks. To specify a space as a separator, enclose the space in double quotation marks (" "). For example: nismap create –i 1 –g " " Phones creates a map called Phones in which the key field is the first field and the separator character is a space. Other white-space characters, such as tab, are also accepted. |
mapName |
The name of the map. |
Note
To view the complete syntax for this command, at a command prompt, type: nismap /?
Additional Server for NIS Configuration Steps
When you have successfully completed NIS data migration, proceed to Task 3: Set the Frequency of Map Propagation to configure the time interval at which you want NIS maps propagated across the domain.
If you encountered problems during migration, see Server for NIS Troubleshooting.
See Also
Other Resources
Migrating NIS to Active Directory
Migrating standard and nonstandard maps
Remove a nonstandard NIS map
Internet Engineering Task Force Web site