‘Skype for Business‘ is here. After Microsoft’s acquisition of Skype 4 years ago this month they have been (slowly) integrating it with their own live communications offering Lync (previously ‘Live Communications Server’) as well as with their Outlook online mail client and with the upcoming Windows 10 (watch those EU legal hawks circle around this one, much like IE integration with Windows this may be deemed to be abusing a monopoly too against the likes of Google Hangouts etc.)
I only noticed it while downloading some ISOs via my technet subscription, so bye bye Lync and hello Skype.
The end user client will look more like Skype as it will take on some of the blue branding elements. Although administrators on either on-premise or Office 365 can change the skin to match the previous Lync client thereby reducing end user chaos during any transition.
Here’s the l(y)nc for more info:
I’ll probably run a lab migration and a blog post will hopefully follow.
According to Microsoft they have invested heavily in making the process of moving from Windows 7 directly to Windows 10 as easy as possible. This is in clear recognition of those who have moved from XP to 7 in the last few years, and more so for medium to large enterprise businesses who require significant investment and incentive in any upgrade programme.
To this end, moving from Windows 7 SP1 to Windows 10 will be an in-place upgrade path. This means it will, more or less, retain all your user settings and customisations which currently exist within your Windows 7 profile. Things like your wallpaper, taskbar configuration, application customisations etc. etc. will all be retained once you complete an in-place upgrade to Windows 10.
That isn’t the only thing Microsoft have focussed on, they are trying hard to ensure that anyone who moves from 7 to 10 will not have to RTFM or search for You Tube videos on how to launch familiar programs or shutdown (what I really hate about Windows 8 – shutting down! Painful!). Familiarisation is key so expect the final release of Windows 10 to look and feel like much like Windows 7, with improvements and optimisations such as Live Tiles, multi-monitor application snap, any device application functionality and improved UI.
There is recognition that there are still a heck of a lot of people still using the traditional keyboard and mouse combination, that not everyone has touchscreen monitors and that many people use multiple devices and not just tablets. The traditional PC, despite declinging sales, is still going to be with us for a while longer and more so in the corporate world where change comes in much later than within the consumer channel.
In an effort to reduce SYSVOL bloat and replication across Domain Controllers (DCs) consider using DFS Replication (DFSR). A bigger reason however is that FRS is no longer supported in Server 2012, so if you plan to upgrade DCs to Server 2012 – then you must do this first. Want a third reason? If you are using Read Only DCs (RODCs) and are still on FRS it is easy for the SYSVOL on the RODC to become out of synch with other DCs; better still in Server 2008 R2 and above DFS-R ensures that the RODC SYSVOL can never be modifed.
DFS-R simply provides better and more efficient synchronisation than the old world File Replication Service (FRS). Prior to proceeding you may want to indeed check and make sure that you are not already using DFS-R. Jump into a command prompt and type in this command:
If the output is shown as “Current DFSR global state: ‘Eliminated’” then you are already using DFS-R and there is no need to go any further. Stop right here.
|Did You Know:||the DFS-R migration process actually uses Robocopy (yes! Robocopy) to copy the SYSVOL data at various stages|
All Domain Controllers need to be online and available. If you have any redundant DCs listed and they have not been cleaned up (meta data an’ all!) then do so before starting this task
Depending on what Server OS and Service Pack Level you are on ALL DCs may need to be located in the default Domain Controllers OU. If they are located in a sub OU or elsewhere (for policy reasons usually) then consider moving them into the default location temporarily during the migration
The PDC Emulator MUST be online during the whole process – that’s the dude with the most up to date Policy and it is the DC that this whole process talks to the most
You need at least a Windows 2008 Functional Level for your Domain, so get rid of those soon to be end of life Server 2003 R2 DCs first
4 Steps to DFS-R
There are 4 steps to migrate from FRS to DFS-R using the Dfsrmig command:
- Health Check: Run the following commands to check the health of current replication
- Ensure there is enough free disk space on each Domain Controller for the migration
- Run repadmin /replsummary to ensure current replication is healthy, resolve any issues
- Run repadmin /showrepl * /csv > replication.txt to ensure current replication is healthy, resolve any issues in the output file
- Migrate to Prepared State: Use the command Dfsrmig /SetGlobalState 1 to begin the migration, use Dfsrmig /GetMigrationState to check the current status of this step. Do NOT proceed until this step is complete
- Migrate to Redirected State: Use the command Dfsrmig /SetGlobalState 2 for this second step, use Dfsrmig /GetMigrationState to check the current status of this step. Do NOT proceed until this step is complete. If you wish to stay with FRS for SYSVOL replication then stop here.
- Migrate to Eliminated State: [NOTE: There is no going back after this step! You have been warned] Use the command Dfsrmig /SetGlobalState 3 for this final step, use Dfsrmig /GetMigrationState to check the current status of this step. Once this step is complete so is the migration.
That’s all there is too it. Honest.
If you did execute Step 4 in error, then as I said there is no going back. Ever. Except of course unless you rebuild the whole domain (a whole lot of fun for you then!).
Clean Up Tasks – get rid of FRS!
Now that you have succesfully migrated to DFS-R you now need to
- Delete the old SYSVOL directory
- Disable and then Remove the NTFRS Service
You really should download and read the full Microsoft guide found here: http://technet.microsoft.com/en-us/library/dd640019(WS.10).aspx
As usual, get in touch if you have any questions.
Always in a state of transition, IT departments around the world are continually deploying new systems, applications and hardware. However one of the biggest changes, and challenges, is the successful migration from an existing infrastructure to a whole shiny new one with all the bells and whistles it comes with.
Let me quickly introduce myself, I’m Zulf and I currently work for Fujitsu as a Solution/Technical Architect mostly on migrations with a particular focus on Active Directory, Exchange and SharePoint.
Preparation, preparation, preparation! That there is my mantra, the first word that comes out of me when looking at any migration. It really doesn’t matter whether the migration is large or small, preparation is key and I’ll tell you why.
Without it you will undoubtedly fail, or if you to manage to somehow struggle through, the stress and strains upon the shoulders of those tasked with the migration will lead them to breaking point. I can truly say I have “been there, done that”, I worked on one of the biggest migrations in the UK – 125,000 seats over a 30 month period – yet the migration of the data (filestore and email) was treated as a minor irritation by the project planners as it was deemed straightforward – copy and paste anyone?
The result? An inefficient, trouble strewn, terrible state of affairs that ended up using more resources than it needed, took twice as long as it should and resulting in levels of stress and anger never before seen in the user environment. The ‘planning’ time set aside for this monumentous migration task (which spanned the whole UK) was a truly dismal 6 weeks.
The fix? Prepare! It is actually quite simple, follow my easily digestible non-technical guide to running a technical migration. Here goes:
Understand what you want to do: What are you trying to achieve? What are your outcomes, timeframe and budget. Your timeframe? Double it now!
Understand how you are going to do it: Identify the tools, resources, expertise and finances needed to effect your change.
Prepare: Lay the groundwork, communicate with the affected parties and create a plan of action in your chosen project methodology. Be realistic with your timelines.
Prepare again: Purchase the products and tools you need, book in the resources and ensure the right equipment and tools are available and accessible.
Prepare once more: Prepare for the unknown. Yes, that’s right – prepare for something you’re not even aware of yet. How? Purposely set aside delays in your project (catch-up days, firebreaks) for the infamous Rumsfeld ‘unknown unknowns’ – use them if you need them, finish up early if you don’t.
Pilot: Once you’ve got what you need find a sample (whether it is users, computers, servers etc. etc.) and run through a mini version of your end to end migration. Yup, the whole thing from start to finish – in some cases you may not be able to go the whole way, but if that means you have to pilot a further change at a later time DO SO!
Deploy & Migrate: Finally that point when you can approach a migration with confidence
If you are indeed planning or going through a migration and need assistance get in touch with me here at my Blog and you can be assured that a friendly and experienced consultant (me!) will respond.
Too often an organisation changes only when forced to, either by policy, necessity (end of life, end of support) or organisational change. It is always best to change when you have the control, so be proactive, look at what’s coming over the horizon and act quickly.
As usual during a data centre migration at some point you need to move a huge chunk of data. I’ve come across several of these challenges in my years of migration and I usually end up with using the two most reliable yet simplest tools in my ‘migration toolkit’. Robocopy and SubInACL. Of course you have icacls within PowerShell and some of the more recent Windows Server versions, but the oldies are still goodies even in 2014.
The raw copy is the easy bit, just robocopy files from Old Device to New Device using the LAN, WAN or whatever you have at your disposal. If you wish or need to use an interim device for quicker transfer then do so, whether a NAS device or Eclypt drives – just make sure they are encrypted in case of loss during transfer.
Oh just a polite notice, for me Folder=Directory, Directory=Folder – same thing, different word.
So you’ve got the raw data across. Now those pesky NTFS permissions are still needed. 2 ways this can go down, the New Device is either:
- In the same domain as the Old Device
- Or in a different domain to the Old Device
If in the same domain, full steam ahead and rush along to the next paragraph. However if it is a different domain between the Old and New devices then you need a Trust in place. Minimum one-way from Old < New (Old Trusts New domain). If you cannot use the trust, then you better hope you have somehow migrated SIDHistory across to your domain user objects OR you are using the same group/user names in the New Domain as you were in the Old domain OR you are able to create a mapping file between the two(!). Did I not tell you it can get quite complex?
Record the Permissions
Full steam ahead here, go to the Old Device. Identify a Folder whose NTFS permissions you would just love to capture and need to re-apply. Type in the following command at a command prompt (ensure you have the subinacl.exe file handy):
subinacl /output=C:\DumpMyOutputFileHerePlease.txt /subdirectories H:\ThisIsTheOldDeviceFolder
The /output switch lets you specify where the NTFS dump file listing all the ACLs will be errrr….dumped(!) This can be anywhere, I’ve just put it in the root of C: in my simple example. I also gave mine an apt and descriptive filename. Just in case I have cause to come back to this file in a few weeks, calling it commandfile.txt just doesn’t help.
/subdirectories is an interesting beast, if you leave it as is, it will capture all NTFS permissions for both FOLDERS and FILES (largest output file size) but changing it to one of the magically delightful options below does something very different:
- /subdirectories=directoriesonly will only collect FOLDER/DIRECTORY permissions into the /output file (often smallest output file size)
- /subdirectories=filesonly will only collect FILE permissions into the /output file (often large output file size)
The last bit H:\ThisIsTheOldDeviceFolder has to be the directory/folder whose permissions you need to record.
Once you let the command loose, it creates a file called DumpMyOutputFileHerePlease.txt and this file could be huuuuuuge! Zip it for transport. If it’s too big to Zip then split it using a nifty tool like GSplit.
Replay the Permissions
Now you need to copy that file somewhere, anywhere where you can easily see the New Device copied raw data for example I used C:\Temp.
Run the following SubInACL command to replay the permissions:
subinacl /playfile C:\Temp\DumpMyOutputFileHerePlease.txt
Now, remember this tidbit of highly useful information. Running this command to replay the NTFS permissions makes one HUGE ASSUMPTION. It assumes that on the New Device you are using the SAME DRIVE LETTER and top level FOLDER as you had on the Old Device.
Heck what if you have done a bit of transformation on your New Device and re-organised the data and top level folder structure. Hopefully you’re just using a different drive letter and maybe just a different top level folder. If that is the case then you need to do 2 things before replaying the permissions.
Open the file DumpMyOutputFileHerePlease.txt
Change every line containing this “H:\ThisIsTheOldDeviceFolder” to whatever it needs to be to match your different drive letter or path e.g. “S:\WeNowUseThisNewFolder” use Find/Replace to seep that up. SAVE the file. You must SAVE it. Replace or Save as New, as long as you SAVE it please.
Once saved just run the exact same command (except now your .txt file has been modified):
subinacl /playfile C:\Temp\DumpMyOutputFileHerePlease.txt
Good Luck & Good Night.
Coming soon: speeding up ACL application, icacls and 3rd party permissions tooling/reporting.