Zentyal Migration Tool

Zentyal Migration tool is intended to ease the migration from a Windows Server to a Zentyal. It includes the AD Sync plugin to synchronize password changes with Zentyal server, allows to export basic DHCP and DNS settings and also includes the necessary tools for the Exchange migration to Zarafa.

The tool includes two packages:

• A Windows Installer with a unified graphical interface to export the settings as well as to configure the AD Sync settings.
• A Zentyal module called zentyal-migration-tool that can be easily installed from the Zentyal UI using the Software Management module. It includes a tool that can be executed in the shell or in the X environment to import the settings contained in the bundle exported from Windows.

Before starting

This guide assumes that you already have a working Windows Domain Controller. At the moment the tool has been confirmed to be working under Windows 2003 and Windows 2008. In the future we will also try to have support for Windows 2000 if there is a high demand for it. Please read the Warnings section before performing any of the steps described in this wiki.

This guide also assumes that you have a fresh Zentyal 2.2 installation. For instructions about installing Zentyal, please read the Installation Guide. You can also use the ​installer instead of the packages if you want to test it on a fresh system.

If you already installed your Zentyal server before the release of Zentyal Migration Tool or did it without Internet connection and you are not using the latest versions of the packages, please make sure you have zentyal-users 2.2.3 installed or upgrade to it otherwise (it is recommended to upgrade your whole set of packages).

Important: If you are using the Zentyal installer, make sure you select the Advanced option instead of Standalone in the initial configuration wizard.

Packages to download

Windows

• Installer for Windows Server 2003 or 2008: ​zentyal-migration-tool-2.2.exe

Zentyal

• Please note that this step is necessary only if you want to migrate DNS, DHCP or Exchange. It is not necessary to get the AD Sync functionality.
• If you have the extras repository (it is automatically added by the 2.2 installer), you can just install the Migration Tool module from the Software Management page (click on Update list if it does not appear).
• To manually add the repository and install it in command line, do the following:

  sudo -s
  echo "deb http://archive.zentyal.com/zentyal 2.2 extra" > /etc/apt/sources.list.d/zentyal-extras.list
  apt-get update
  apt-get install zentyal-migration-tool
  

Setup of the Windows Server

• Execute the zentyal-migration-tool-2.2.exe on your Windows Server.
• During the installation the configuration tool will be launched automatically, so if you want to configure the AD synchronization, you can enter the following data:
  • At the Zentyal slave host field you have to enter the IP address of your Zentyal machine.
  • At the Port field you can leave the default port or choose another.
  • As Secret key you can choose any password as long as it has 16 characters.
  • NOTE: You will need to enter the same port and secret key in the Zentyal machine later.
  • Click on the Enable checkbox. This action will write changes to the registry instantly but it will not take effect until the server is restarted.
  • Click OK and finish the installation. Do not restart the server yet as you still need to perform some additional steps.

• Go to Administrative Tools --> Domain Security Policy and enable the complexity requirements for passwords as you can see in the image:

• Add a user called adsyncuser (or any other name of your choice) and set a password. Note that this user is going to be used for LDAP binding so the relevant part is the Full Name (CN), and not the logon name. The recommendation is to leave blank the First name and Last name fields and write the same value for the Full name and User logon name.

• Restart your Windows Server as advised by the installer in order to activate the AD password synchronization (this step is not required if you only want to export settings).

• After the installation, you can access the tool again at any time through Start --> Programs --> Administrative Tools --> Zentyal Migration Tool.

• To export settings, just go to the Export Server Settings tab and click the Export button.

• A file save dialog will appear, allowing you to choose the path and the filename of the settings bundle.

• Now you can copy the saved .tar.gz file to your Zentyal server in order to import it.

Import configuration in Zentyal

• Make sure you have installed the zentyal-migration-tool package by using one of the two methods described above (Installation in Zentyal).

• If you have already copied the settings file from Windows, just execute the zentyal-migration-tool by pressing Alt+F2 and typing its name on the dialog:

• A new dialog will pop up asking you to select the location of the file.

• After selecting the file, if everything goes well a success message like this will appear:

• If you are not using the X Window System, you can still do the import process just by executing zentyal-migration-tool /path/to/filename.tar.gz on the shell. This method is recommended for debugging if the graphical process fails.

• As a final step, just go to the Zentyal administration panel and perform the Save Changes action after checking that your configuration is imported as expected.

Setup of the Zentyal AD slave

• Go to Users --> Mode and fill in the following data:
  • Mode: You have to select Windows AD Slave.
  • Master host: IP address of your Windows Server.

• Enable the Users and Groups module in Module Status.
• Save changes.

• Go to Users --> AD Sync Settings and fill in the following data:
  • AD user: This will be adsyncuser or any other name you have created in Windows before.
  • AD password: The password of the user you created before.
  • Listen port: If you have changed the default port during the Windows configuration, you have to enter the same port here.
  • AD Secret Key: The 16 characters key that you entered during the installation on Windows.
  • Do not forget also to check the Enable AD sync option. You will be able to stop the synchronization at any time and creating or editing users if you uncheck this option. This is very useful when you just want to migrate your existing users in your Windows server and then, replace that Windows server with Zentyal.

• Allow access to port 6677 (or any other if you have changed it) in Firewall --> Packet Filter --> Internal Networks to Zentyal.
• Save changes.

Warnings

• The passwords for the already existing users will need to be reset in order to synchronize them.
• The synchronization is done each 5 minutes, so be patient if you add an user in the AD and it is not available on Zentyal immediately.
• If your users have passwords with special characters they may experience authentication problems with some Zentyal services. Only the proxy, samba and mail modules seem to work flawlessly with this.
• The DHCP export feature does not yet extract the excluded addresses.
• The DNS export feature currently only exports A and MX records. Of course this will be improved in next versions.

Troubleshooting

• If you experience problems with the synchronization you should enable the debug mode and check the Zentyal log:
  • Edit the /etc/zentyal/zentyal.conf file and set debug = yes.
  • Try to reproduce your problem and check the contents of /var/log/zentyal/zentyal.log.
• If you experience problems with the data import, check also the contents of /var/log/zentyal/zentyal.log, it could be also a good idea to execute the tool in a shell (passing the file as an argument) instead of from the desktop, to see if any other error appears on the screen.
• Contact us providing as much information as you can using the different available channels: Forum, IRC or mailing lists.
  • You can find all these resources on the main page of this site (​http://trac.zentyal.org).

Esta liberación de Software ha sido realizada con el apoyo del Departamento de Innovación y Nuevas Tecnologías del Gobierno de Aragón.

This software release has been done thanks to the support by the Government of Aragón (Departamento de Innovación y Nuevas Tecnologías).