Step by Step: Novell NetWare to Windows NT Migration
ID: Q187789
|
The information in this article applies to:
-
Microsoft Windows NT Server versions 3.51, 4.0
SUMMARY
This article describes how to migrate accounts and resources from a Novell
NetWare server to a computer running Microsoft Windows NT Server using the
Migration Tool for NetWare. It also discusses the options that are
available and how NetWare permissions and rights interoperate with Windows
NT.
MORE INFORMATION
The Migration Tool for NetWare (NWConv.exe) is included with Windows NT
Server versions 3.51 and 4.0 and File and Print Services for NetWare
(FPNW).
NOTE: Gateway Services for Netware (GSNW) must be installed on the
computer running Windows NT Server in order for the Migration Tool for
NetWare to run.
Using the Migration Tool for NetWare, you can transfer NetWare accounts
and/or files and directories from NetWare volumes to a Windows NT Server
domain controller. When you transfer users to a Windows NT domain with
FPNW installed, the Maintain NetWare Compatible Login option is
automatically selected for the users.
NOTE: It is recommended that you perform the migration in two steps:
- Migrate user accounts.
- Migrate file resources.
When NetWare accounts and volume data are transferred to a computer
running Windows NT Server, the NetWare permissions and security
information is also migrated, assuming NetWare file and directory
resources are transferred to NTFS volumes. Additionally, migrated volumes
are automatically shared for Microsoft network client users and NetWare
clients when FPNW is installed.
Starting the Migration Tool for NetWare
To start the Migration Tool for NetWare, follow these steps:
- In Windows NT 3.51, open Program Manager, and then click Run on the
File menu. Type "NWCONV" (without quotation marks), and then click OK.
-OR-
In Windows NT 4.0, click the Start button, click Programs, click
Administrative Tools, and then double-click Migration Tool for NetWare.
- In Select Servers For Migration, in the From NetWare Server
box, do one of the following:
Type the name of the Novell server to be migrated.
-OR-
Click the ellipses (...), and then click the appropriate Novell NetWare
server to be migrated.
- In Select Servers For Migration, in the To Windows NT Server box, do
one of the following:
Type in the name of the Windows NT Domain Controller to which the
Novell NetWare server listed above will be migrated.
-OR-
Click the ellipses (...) button, then click the appropriate Windows NT
Domain name and Windows NT Domain Controller to which the Novell
NetWare server listed above will be migrated.
NOTE: The computer running Windows NT Server that you select must be a
Domain Controller.
Overview of Migration Tool for NetWare Dialog Buttons
ADD : This option allows you to migrate multiple servers at
the same time.
DELETE : This option removes the selected NetWare and Windows
NT Servers currently selected in the Server for
Migration list.
USER OPTIONS : This option is used to specify how the migration will
affect each user account and group.
FILE OPTIONS : This option is used to determine which folders and/or
files are migrated to the computer running Windows NT
Server, and to specify the new location for these
resources.
START MIGRATION: This option begins the migration. This actually brings
information over from the NetWare server.
TRIAL MIGRATION: This option starts a rehearsal migration. The benefit of
this option is that it behaves just like the real
migration would, except that it does not actually
perform the migration. You can analyze error logs after
a trial migration and make any corrections before doing
the real migration.
LOGGING : Specifies error login detail level.
NOTE: The Error.log, Summary.log, and Logfile.log files are located in the
%systemroot%\system32 directory.
Details of the User Options Button
Passwords
Use this section to determine the passwords for the migrated accounts.
NOTE: Make sure that the password option you select conforms to the
password policy set in User Manager for Domains; otherwise, errors may
occur when you perform the migration.
Usernames
Use this section to specify the action to be taken when a duplicate
account name is found in the Windows NT domain being migrated to.
Group Names
Use this section to specify the action to be taken when a duplicate group
name is found on the Windows NT domain being migrated to.
Default
Use this section to specify account policies to be used and whether or not
NetWare Supervisor rights should be transferred to the Windows NT domain.
NOTE: The Migrate NetWare Specific Account Information option on the
Defaults tab is only available if File and Print Services for NetWare
(FPNW) is installed on the computer from which you are running the
Migration Tool for NetWare.
Advanced
Click the Advanced button to specify a trusted domain that you want to
migrate users to.
Transfer Users and Groups
When this check box is selected, the tool transfers NetWare-specific
account information including grace logins, limiting concurrent
connections, and station restrictions.
NOTE: User disk volume restrictions are not supported, nor are they
transferred. Also, when transferring NetWare accounts, new passwords must
be set for the accounts because Windows NT cannot read users' passwords,
as they are stored in encrypted form.
Use Mappings in File
When this option is selected, the mapping file specifies how account
information is transferred to Windows NT. The mapping file will only
transfer those user accounts and groups that are included in the mapping
file.
You can create a new mapping file, or edit an existing file when you
transfer user or group account information. The mapping file also has a
comma-delimited format that makes it easier to transfer the information
into a spreadsheet. The format is as follows:
<old name>, <new name>, <password>
When you create a new mapping file, it is created as a text file and is
automatically stored in the %SystemRoot%\System32 folder as a *.MAP file.
To create a mapping file when you transfer accounts, follow these steps:
- In the Migration Tool for NetWare, click User Options.
- In the User and Group Options dialog box, click the Use Mappings in
File check box to select it, and then click Create.
- In the Create Mapping File dialog box, type a name for the mapping file
in the Use Mappings in File field.
NOTE: You can also click the ellipses (...) button to browse for a
file.
- Click to select the Include User Names check box to include user names
in the mapping file.
- Click to select one of the following password options:
- No password: User accounts are transferred with a blank password.
- Password is Username: The new password is the same as the user name.
- Password is <field>: The text entered here is used for all passwords.
- To include group names in the mapping file, click the Include Group
Names check box to select it.
- Click OK, and you should receive the following message:
Mapping file created successfully. Do you want to edit it?
NOTE: Clicking Yes opens the mapping file in Notepad.exe and allows you to
remove user accounts that you do not want transferred by deleting those
user names. You may also change users' names and passwords, as needed.
Details of the File Options Button
Clicking File Options in the Migration Tool for NetWare allows you to
customize what resources, such as files and folders, are to be migrated.
Transfer Files
In the upper left-hand corner is a check box for the Transfer Files
option. If you click to clear this check box, the migration process
migrates only user groups and individual users. No directories or files
from the NetWare server are migrated. Therefore, to ensure files migrate
from NetWare to Windows NT, do not click this check box to clear it.
Below the Transfer Files check box is a double-column list box. On the
left side is the NetWare server from which information will be migrated.
On the right side is the computer running Windows NT Server to which the
information will be migrated.
ADD : This button allows you to select NetWare volumes to migrate.
Because all volumes are selected for migration by default, this
button is unavailable unless a volume has been previously
deleted.
DELETE: This button deletes the currently selected NetWare volume and
Windows NT Server share that is highlighted in the list.
MODIFY: This option allows you to modify the location where resources
will be located on the computer running Windows NT Server. Also,
a new share can be created in this dialog box.
FILES : This option allows you to selectively pick which files and
folders are to be migrated.
Security: NetWare Migrated to Windows NT
When the NetWare volumes are migrated to a computer running Windows NT
Server, permissions on files and folders are only preserved if the volume
is migrated to an NTFS volume.
In NetWare, a user with explicit trustee rights to a low-level folder in
the tree is automatically allowed read and file scan access to folders
higher than that low-level folder, even if they are not given trustee
rights to do so. However, Windows NT Server enforces security at every
folder level. On a computer running Windows NT Server, if a user has no
permissions for a high-level folder, then the user cannot access that
folder or see its contents.
So that NetWare users do not lose the ability to browse the tree if they
have permissions on lower-level folders, the Migration Tool for NetWare
checks whether trustee rights are set at the root of the NetWare volume
being transferred. If there are no trustee rights set at that level, then
the Migration Tool for NetWare grants the Domain Users group the Read
Execute (RX) permissions for every folder of the transferred volume,
allowing users to browse the volume.
If you want to change these permissions after the volume has been
transferred, you should use the CACLS tool. Using CACLS, you can
use a single command to revoke the permissions granted to Domain Users
throughout the tree, without altering any other permissions granted at any
level in the tree.
To use CACLS to revoke the permissions of Domain Users for all folders in
the volume, change to the root of the volume and type the following
command:
CACLS /T /E /R "domain users"
In this command, the /T switch specifies to revoke the permissions for
every subfolder of the current folder, the /E switch specifies to not
change permissions granted to other groups or users in those folders, and
the /R "domain users" switch revokes the permission granted to domain
users.
Permissions: NetWare Migrated to Windows NT
The individual permissions (and their abbreviations) are:
Read (R)
Execute (X)
Change Permissions (P)
Write (W)
Delete (D)
Take Ownership (O)
Directory Permission Explanation
No Access User cannot access the directory in any way, even
if the user is a member of a group that has been
granted access to the directory.
List (RX) User can only list the files and subdirectories in
this directory and change to a subdirectory of this
directory. User cannot access new files created in
this directory.
Read (RX) User can read the contents of files in this
directory and can run applications in the
directory.
Add (WX) User can add files to the directory but cannot read
or change the contents of current files.
Add & Read (RWX) User can add files and change the contents of
current files.
Change (RWXD) User can read and add files and change the content
of current files.
Full Control (All) User can read and change files, add new ones,
change permissions for the directory and its files,
and take ownership of the directory and its files.
Directory Rights
| NetWare Directory Rights |
Corresponding Windows NT Directory Permissions |
|---|
| Read (R) |
Read (RX) |
| Write (W) |
Write (W) |
| Create (C) |
Write (W) |
| Erase (E) |
Delete (D) |
| Modify (M) |
Write (W) |
| File Scan (F) |
Read (R) |
| Access Control (A) |
Change Permissions (PO) |
The next table shows how rights set using Windows NT are mapped for
NetWare clients:
Windows NT Directory Permissions Corresponding NetWare Directory Rights
| Windows NT Directory Permissions |
Corresponding NetWare Directory Rights |
|---|
| List (RX) |
Read, File (RF) |
| Read (RX) |
Read, File (RF) |
| Add (WX) |
Write, Create, Modify (WCM) |
| Add & Read (RWX) |
Read, Write, Create, Modify, File Scan (RWCMF) |
| Change (RWXD) |
Read, Write, Create, Modify, File Scan (RWCMF) |
| Full Control (All) |
Supervisor (S) |
File Rights
NOTE: The Windows NT operating system does not support the Create (C) and
File Scan (F) rights for files, but Windows NT does assign these
permissions at the directory level, as shown in the previous table.
| NetWare File Rights |
Corresponding Windows NT File Rights |
|---|
| Supervisory (S) |
Full Control (All) |
| Read (R) |
Read (RX) |
| Access Control (A) |
Change Permissions (PO) |
| Create (C) |
Write (W) |
| Erase (E) |
Delete (D) |
| Modify (M) |
Write (W) |
| Write (W) |
Write (W) |
The following table shows how file rights are mapped from Windows NT
Server to Novell NetWare:
| Windows NT File Permissions |
Corresponding NetWare File Rights |
|---|
| Read (RX) |
Read, File (RF) |
| Change (RWXD) |
Read, Write, Create, Modify, File Scan(RWCMF) |
| Full Control (All) |
Supervisor (S) |
File Attributes
Both NetWare and Windows NT operating systems have assignable file
attributes. The following table shows how file attributes are mapped
between the NetWare and Windows NT operating systems:
NetWare File Attributes Windows NT File Attributes
NetWare File Attributes Windows NT File Attributes
----------------------------------------------------------------------
Read Only (Ro) Read Only (R)
Delete Inhibit (D) Read Only (R), or remove user permissions to
delete the file.
Rename Inhibit This is assigned at the directory level by
removing user permissions to write to the
directory.
Archive Needed (A) Archive (A)
System (Sy) System (S)
Hidden (H) Hidden (H)
Execute Only (X) Execute (E). On Windows NT, the execute
attribute can be reset by the administrator.
Read Audit (Ra) Audit Read, Audit Execute. These are fully
supported.
Write Audit (Wa) Audit Write, Audit Delete. These are fully
supported.
Additional query words:
nwconv convert
Keywords :
Version : winnt:3.51,4.0
Platform : winnt
Issue type : kbinfo
|