Conversion to Active Directory
As with any enterprise-scale application in a Windows® network, HCL VersionVault is affected when the network is converted from Windows NT® domains to Active Directory domains. These topics explain how this conversion affects HCL VersionVault and how to manage users, groups, hosts, and data during and after the conversion.
Understanding Active Directory
Microsoft® provides tools and documentation to facilitate conversion of a Windows® network from Windows NT® domains to Active Directory. This topics and its subtopics assume you have read the applicable documents from Microsoft® and are familiar with the terminology they use and the procedures they describe. In particular, it assumes you have read the Microsoft white paper Planning Migration from Microsoft Windows NT to Microsoft Windows 2000. (It is distributed as part of the Windows® 2000 Support Tools and is also available on the Microsoft® Web site.) That document and related documents introduce several key concepts (native mode, mixed mode, domain upgrade, domain migration, SID history, and cloning of principals) which are essential to understanding Active Directory.
How Active Directory affects HCL VersionVault
In an Active Directory environment, some details of user and group identity are handled differently than they are in a Windows NT® domain environment. Depending on how your Windows NT® domain environment is configured, where your HCL VersionVault user and group accounts exist in this domain structure, and how your organization plans to convert Windows NT® domains to Active Directory domains, you may need to take steps during and after the conversion to maintain user access to artifacts under HCL VersionVault control.
- In Active Directory, trust relationships between domains are created and maintained differently than they are in Windows NT® domains. During and after the conversion to Active Directory, these differences affect HCL VersionVault communities in which users from multiple domains access a common set of VOBs and views.
- Windows® Security Identifiers (SIDs) for users and groups can change in some conversion scenarios. Because HCL VersionVault stores SIDs in VOB databases (to represent owners of objects), VOBs must be updated with new SIDs in these scenarios.
In general, sites that have the simplest domain structure (all HCL VersionVault users and hosts in a single domain) encounter very few problems during the conversion process. Sites with more complex domain structures (users from multiple domains accessing a common set of VOBs and views) can benefit from the improved interdomain security features of Active Directory after they modify some existing user and group account information.
Planning your Active Directory upgrade or migration strategy
- An upgrade (often referred to as an in-place upgrade), in which a Windows NT® domain controller is converted to an Active Directory domain controller operating in mixed or native mode. After an upgrade, all users, groups, and resources have the same SIDs as they had in their original Windows NT® domain.
- A migration, in which user, group, and resource accounts migrate (using a process referred to as cloning) from a Windows NT® domain to an Active Directory domain. After a migration is complete, all users, groups, and resources have new SIDs. Because a native mode Active Directory maintains information about each principal's current and former SIDs (which Microsoft refers to as the principal's SID history), both types of domains can be used together for as long as needed.
A knowledgeable HCL VersionVault administrator who has reviewed this chapter and applicable documents from Microsoft and who understands the impact of various conversion or migration strategies on HCL VersionVault, should review (and if possible help plan) your organization's conversion from Windows NT® domains to Active Directory.