WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
You can use this strategy to complete the deployment and stabilization of the migration to
Active Directory with minimal risk, little disruption, and manageable resource utilization.
For detailed information about how to use DirectControl to perform a phased migration of
NIS or local directories to Active Directory, see the white paper "Centrify's Solution for
Migrating UNIX Directories to Active Directory: Leveraging Centrify's DirectControl and
Zone Technology to Simplify Migration." This paper is available from Centrify.
Preparing the IT Support Staff and Users
Before you can deploy the DirectControl solution, you must prepare the UNIX user
community and the IT support staff.
Training IT Support Staff
Provide the following training to your IT support staff.
To train IT support staff, provide the following information
Location of project plans. Ask support staff to read all relevant plans related to the
DirectControl deployment project.
Time scheduled for deployment. Make sure support staff are available at the time
the deployment is scheduled to take place.
Location of documentation. Make available all system and solution documentation
so support staff can use them to help solve end-user issues that arise during the
Pilot project experience and feedback. Explain the result of the pilot project,
including any issues encountered during the pilot and the resolution for each issue.
How to manage the DirectControl solution. The best single resource for learning
how to administer DirectControl is to read the Centrify DirectControl Administrator's
Guide. This guide includes much more detail about administrative functions, including
information about capabilities beyond the scope of this guide.
How to administer Windows and Active Directory. If your support staff are familiar
only with supporting UNIX computers, provide training about Windows and Active
Directory concepts and administration.
How to operate the DirectControl solution in your network and business
environment. Create an operations handbook with details about implementing
common operations scenarios in your environment, such as adding a new UNIX
computer or user to Active Directory.
How to report issues related to the DirectControl solution. If your organization
uses a bug or problem-ticket system for tracking issues, set up a new subject area for
this solution. Teach support staff members how to report DirectControl issues.
You must prepare end-users' computers and inform the UNIX user community about
what to expect. If your organization has decided to consolidate UNIX identities, you must
perform certain tasks to accommodate a user's new identity on the UNIX computer. For
example, if your organization decides to consolidate and use only one Zone for all UNIX
computers, each user will have only one UNIX user name and one UID.
The following example procedure assumes that you have decided to use only one Zone.
To prepare users' UNIX computers before DirectControl is deployed:
1. Review and note the new UNIX settings for each user including the user's UID. You
can do this by running a user report for the Zone in the Centrify Administrator
Console on the Windows computer. For more information, see "Generating and
viewing reports" under "Running reports" in the Centrify DirectControl Administrator's