LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Command, Tool, and Migration Script Reference
Name Service Migration Scripts
Appendix C174
If you change the default naming context, modify the file
migrate_common.ph and change it to reflect your naming context.
NOTE Since users and groups are migrated to the same container, they must
have unique names (common name) for the migration to succeed.
After the password and group data migration, the POSIX user accounts
are disabled with no password. This happens because UNIX user and
group passwords cannot be migrated to Active Directory for Kerberos
authentication. Therefore, to allow users to log on to a UNIX system, the
Active Directory administrator needs to enable the user account first and
set the initial password.
NOTE msSFUPassword is not used by the LDAP-UX Client Services because it
uses Kerberos as its authentication method. If you want to set
msSFUPassword for your own purposes, you can set it with ADSI edit on
your domain controllers. LDAPUX assumes all POSIX passwords are
either in cleartext or encrypted with unix crypt and stored with a prefix
(crypt).
CAUTION The password migration tool migrates all user accounts from the
specified source files or NIS server. For security reasons, the root user
and any objects with uid=0 should either be removed from the resulting
LDIF file before migrating to Active Directory, or be removed from the
Active Directory.
Migrating All Your Files
The two shell scripts migrate_all_online_ads.sh and
migrate_all_nis_online_ads.sh migrate all your name service data
either to LDIF or into your directory. The migrate_all_online_ads.sh
shell script gets information from the source files, such as /etc/passwd,
and /etc/group. The migrate_all_nis_online_ads.sh script gets
information from your NIS maps using the ypcat(1) command. The
scripts take no parameters, but prompt you for needed information. They