Zentyal Migration Tool

This tool is intended to ease the migration from a Windows Server to a Zentyal one. It includes the AD Sync plugin to synchronize password changes with the Zentyal server, allows to export basic DHCP and DNS settings and also includes the necessary tools for the Exchange migration to Zarafa.

It comes with two packages:

• A Windows Installer with a unified graphical interface to export the settings as well as configuring the AD Sync settings.
• A Zentyal module called zentyal-migration-tool that can be easily installed from the Zentyal UI using the Software Management module. It includes a tool that can be executed in the shell or in the X environment to import the settings contained in the bundle exported from Windows.

Before starting

This guide assumes that you already have a working Windows Domain Controller. At the moment this has been confirmed to be working under Windows 2003 and Windows 2008. We will try to have also support for Windows 2000 in the future if there is a high demand for it. Please read the Warnings section before doing any of these steps.

This guide also assumes that you have a fresh installation of Zentyal 2.2. For instructions about installing it, please read the Installation Guide. You can also use our  installer instead of the packages if you want to test it on a fresh system.

Important: If you are using the Zentyal installer, make sure you select the Advanced option instead of Standalone in the initial configuration wizard.

Setup of the Windows Server

• Download and execute the  zentyal-migration-tool-2.2.exe on your Windows Server.
• During the installation the configuration tool will be launched automatically, so if you want to configure the AD synchronization, you can already enter the data at this moment:
  • At the Zentyal slave host field you have to enter the IP address of your Zentyal machine.
  • At the Port field you can leave the default one or choose another.
  • As Secret key you can choose any password as long as it has 16 characters.
  • NOTE: You will need to enter the same port and secret key in the Zentyal machine as it is explained later.
  • Click on the Enable checkbox. This action would write changes to the registry instantly but it wouldn't take effect until the server is restarted.
  • Click OK and finish the installation. Don't restart the server yet as you still need to do additional steps.

• Go to Administrative Tools --> Domain Security Policy and enable the complexity requirements for passwords as you can see in the image:

• Add a user called eboxadsync (or any other name of your choice) and set a password for it. Note that this user is going to be used for LDAP binding so the relevant part is the Full Name (CN), and not the logon name. The recommendation is to leave blank the Name and Last name fields and write the same value for the Full Name and User logon name.

• Restart your Windows Server as was said by the installer in order to activate the AD password synchronization (this step is not required if you only want to export settings).

• To export settings, just go to the Export Server Settings tab and click the Export button.

• A file save dialog will appear to allow us to choose the path and the filename of the settings bundle.

• Now you can copy the saved .tar.gz file to your Zentyal server in order to import it.

Import configuration in Zentyal

FIXME: detailed installation instructions (or maybe a install section at the beginning)

• If you have already copied the settings file from Windows, just execute the zentyal-migration-tool program and a dialog will pop up asking you to select the location of the file.

• If you are not using the X Window System you can still do the import process just executing on the shell zentyal-migration-tool /path/to/filename.tar.gz.

Setup of the Zentyal AD slave

• Go to Users --> Mode and fill the following data:
  • Mode: You have to select Windows AD Slave.
  • Master host: IP address of your Windows Server.

• Enable the Users and Groups module in Module Status.
• Save changes.

• Go to Users --> AD Sync Settings and fill the following data:
  • AD user: This will be eboxadsync unless you specified a different one.
  • AD password: The password of the eboxadsync user you created before.
  • Listen port: If you have changed the default one during the Windows configuration, you have to write the same one here.
  • AD Secret Key: The 16 characters key that you entered during the installation on Windows.

• Allow access to port 6677 (or any other if you have changed it) in Firewall --> Packet Filter --> Internal Networks to Zentyal.
• Save changes.

Warnings

• The passwords for the already existing users will need to be reset in order to synchronize them.
• The synchronization is done each 5 minutes, so be patient if you add an user in the AD and it is not available on Zentyal immediately.
• If your users have password with special characters they may experience authentication problems with some Zentyal services. Only proxy, samba and mail seem to work well with this.

Troubleshooting

• If you experience problems with the synchronization you should enable the debug mode and check the Zentyal log:
  • Edit the /etc/zentyal/zentyal.conf file and set debug = yes.
  • Try to reproduce your problem and check the contents of /var/log/zentyal/zentyal.log.
• Contact us providing as much information as you can by the different means available: Forum, IRC or mailing lists.
  • You can find all these resources on the main page of this site ( http://trac.zentyal.org).