DOCUMENT:Q187789 10-AUG-2001 [winnt] TITLE :Step by Step: Novell NetWare to Windows NT Migration PRODUCT :Microsoft Windows NT PROD/VER:winnt:3.51,4.0 OPER/SYS: KEYWORDS:kbfaq ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server versions 3.51, 4.0 ------------------------------------------------------------------------------- SUMMARY ======= This article describes how to migrate accounts and resources from a Novell NetWare server to a computer running Microsoft Windows NT Server using the Migration Tool for NetWare. It also discusses the options that are available and how NetWare permissions and rights interoperate with Windows NT. MORE INFORMATION ================ The Migration Tool for NetWare (NWConv.exe) is included with Windows NT Server versions 3.51 and 4.0 and File and Print Services for NetWare (FPNW). NOTE: Gateway Services for Netware (GSNW) must be installed on the computer running Windows NT Server in order for the Migration Tool for NetWare to run. Using the Migration Tool for NetWare, you can transfer NetWare accounts and/or files and directories from NetWare volumes to a Windows NT Server domain controller. When you transfer users to a Windows NT domain with FPNW installed, the Maintain NetWare Compatible Login option is automatically selected for the users. NOTE: It is recommended that you perform the migration in two steps: 1. Migrate user accounts. 2. Migrate file resources. When NetWare accounts and volume data are transferred to a computer running Windows NT Server, the NetWare permissions and security information is also migrated, assuming NetWare file and directory resources are transferred to NTFS volumes. Additionally, migrated volumes are automatically shared for Microsoft network client users and NetWare clients when FPNW is installed. Starting the Migration Tool for NetWare --------------------------------------- To start the Migration Tool for NetWare, follow these steps: 1. In Windows NT 3.51, open Program Manager, and then click Run on the File menu. Type "NWCONV" (without quotation marks), and then click OK. -OR- In Windows NT 4.0, click the Start button, click Programs, click Administrative Tools, and then double-click Migration Tool for NetWare. 2. In Select Servers For Migration, in the From NetWare Server box, do one of the following: Type the name of the Novell server to be migrated. -OR- Click the ellipses (...), and then click the appropriate Novell NetWare server to be migrated. 3. In Select Servers For Migration, in the To Windows NT Server box, do one of the following: Type in the name of the Windows NT Domain Controller to which the Novell NetWare server listed above will be migrated. -OR- Click the ellipses (...) button, then click the appropriate Windows NT Domain name and Windows NT Domain Controller to which the Novell NetWare server listed above will be migrated. NOTE: The computer running Windows NT Server that you select must be a Domain Controller. Overview of Migration Tool for NetWare Dialog Buttons ----------------------------------------------------- ADD : This option allows you to migrate multiple servers at the same time. DELETE : This option removes the selected NetWare and Windows NT Servers currently selected in the Server for Migration list. USER OPTIONS : This option is used to specify how the migration will affect each user account and group. FILE OPTIONS : This option is used to determine which folders and/or files are migrated to the computer running Windows NT Server, and to specify the new location for these resources. START MIGRATION: This option begins the migration. This actually brings information over from the NetWare server. TRIAL MIGRATION: This option starts a rehearsal migration. The benefit of this option is that it behaves just like the real migration would, except that it does not actually perform the migration. You can analyze error logs after a trial migration and make any corrections before doing the real migration. LOGGING : Specifies error login detail level. NOTE: The Error.log, Summary.log, and Logfile.log files are located in the %systemroot%\system32 directory. Details of the User Options Button ---------------------------------- Passwords: Use this section to determine the passwords for the migrated accounts. NOTE: Make sure that the password option you select conforms to the password policy set in User Manager for Domains; otherwise, errors may occur when you perform the migration. Usernames: Use this section to specify the action to be taken when a duplicate account name is found in the Windows NT domain being migrated to. Group Names: Use this section to specify the action to be taken when a duplicate group name is found on the Windows NT domain being migrated to. Default: Use this section to specify account policies to be used and whether or not NetWare Supervisor rights should be transferred to the Windows NT domain. NOTE: The Migrate NetWare Specific Account Information option on the Defaults tab is only available if File and Print Services for NetWare (FPNW) is installed on the computer from which you are running the Migration Tool for NetWare. Advanced: Click the Advanced button to specify a trusted domain that you want to migrate users to. Transfer Users and Groups: When this check box is selected, the tool transfers NetWare-specific account information including grace logins, limiting concurrent connections, and station restrictions. NOTE: User disk volume restrictions are not supported, nor are they transferred. Also, when transferring NetWare accounts, new passwords must be set for the accounts because Windows NT cannot read users' passwords, as they are stored in encrypted form. Use Mappings in File: When this option is selected, the mapping file specifies how account information is transferred to Windows NT. The mapping file will only transfer those user accounts and groups that are included in the mapping file. You can create a new mapping file, or edit an existing file when you transfer user or group account information. The mapping file also has a comma-delimited format that makes it easier to transfer the information into a spreadsheet. The format is as follows: , , When you create a new mapping file, it is created as a text file and is automatically stored in the %SystemRoot%\System32 folder as a *.MAP file. To create a mapping file when you transfer accounts, follow these steps: 1. In the Migration Tool for NetWare, click User Options. 2. In the User and Group Options dialog box, click the Use Mappings in File check box to select it, and then click Create. 3. In the Create Mapping File dialog box, type a name for the mapping file in the Use Mappings in File field. NOTE: You can also click the ellipses (...) button to browse for a file. 4. Click to select the Include User Names check box to include user names in the mapping file. 5. Click to select one of the following password options: - No password: User accounts are transferred with a blank password. - Password is Username: The new password is the same as the user name. - Password is : The text entered here is used for all passwords. 6. To include group names in the mapping file, click the Include Group Names check box to select it. 7. Click OK, and you should receive the following message: Mapping file created successfully. Do you want to edit it? NOTE: Clicking Yes opens the mapping file in Notepad.exe and allows you to remove user accounts that you do not want transferred by deleting those user names. You may also change users' names and passwords, as needed. Details of the File Options Button ---------------------------------- Clicking File Options in the Migration Tool for NetWare allows you to customize what resources, such as files and folders, are to be migrated. Transfer Files: In the upper left-hand corner is a check box for the Transfer Files option. If you click to clear this check box, the migration process migrates only user groups and individual users. No directories or files from the NetWare server are migrated. Therefore, to ensure files migrate from NetWare to Windows NT, do not click this check box to clear it. Below the Transfer Files check box is a double-column list box. On the left side is the NetWare server from which information will be migrated. On the right side is the computer running Windows NT Server to which the information will be migrated. ADD : This button allows you to select NetWare volumes to migrate. Because all volumes are selected for migration by default, this button is unavailable unless a volume has been previously deleted. DELETE: This button deletes the currently selected NetWare volume and Windows NT Server share that is highlighted in the list. MODIFY: This option allows you to modify the location where resources will be located on the computer running Windows NT Server. Also, a new share can be created in this dialog box. FILES : This option allows you to selectively pick which files and folders are to be migrated. Security: NetWare Migrated to Windows NT ----------------------------------------- When the NetWare volumes are migrated to a computer running Windows NT Server, permissions on files and folders are only preserved if the volume is migrated to an NTFS volume. In NetWare, a user with explicit trustee rights to a low-level folder in the tree is automatically allowed read and file scan access to folders higher than that low-level folder, even if they are not given trustee rights to do so. However, Windows NT Server enforces security at every folder level. On a computer running Windows NT Server, if a user has no permissions for a high-level folder, then the user cannot access that folder or see its contents. So that NetWare users do not lose the ability to browse the tree if they have permissions on lower-level folders, the Migration Tool for NetWare checks whether trustee rights are set at the root of the NetWare volume being transferred. If there are no trustee rights set at that level, then the Migration Tool for NetWare grants the Domain Users group the Read Execute (RX) permissions for every folder of the transferred volume, allowing users to browse the volume. If you want to change these permissions after the volume has been transferred, you should use the CACLS tool. Using CACLS, you can use a single command to revoke the permissions granted to Domain Users throughout the tree, without altering any other permissions granted at any level in the tree. To use CACLS to revoke the permissions of Domain Users for all folders in the volume, change to the root of the volume and type the following command: CACLS /T /E /R "domain users" In this command, the /T switch specifies to revoke the permissions for every subfolder of the current folder, the /E switch specifies to not change permissions granted to other groups or users in those folders, and the /R "domain users" switch revokes the permission granted to domain users. Permissions: NetWare Migrated to Windows NT ------------------------------------------- The individual permissions (and their abbreviations) are: Read (R) Execute (X) Change Permissions (P) Write (W) Delete (D) Take Ownership (O) Directory Permission Explanation ---------------------------------- No Access User cannot access the directory in any way, even if the user is a member of a group that has been granted access to the directory. List (RX) User can only list the files and subdirectories in this directory and change to a subdirectory of this directory. User cannot access new files created in this directory. Read (RX) User can read the contents of files in this directory and can run applications in the directory. Add (WX) User can add files to the directory but cannot read or change the contents of current files. Add & Read (RWX) User can add files and change the contents of current files. Change (RWXD) User can read and add files and change the content of current files. Full Control (All) User can read and change files, add new ones, change permissions for the directory and its files, and take ownership of the directory and its files. Directory Rights ---------------- +---------------------------------------------------------------------------+ | NetWare Directory Rights | Corresponding Windows NT Directory Permissions | +---------------------------------------------------------------------------+ | Read (R) | Read (RX) | +---------------------------------------------------------------------------+ | Write (W) | Write (W) | +---------------------------------------------------------------------------+ | Create (C) | Write (W) | +---------------------------------------------------------------------------+ | Erase (E) | Delete (D) | +---------------------------------------------------------------------------+ | Modify (M) | Write (W) | +---------------------------------------------------------------------------+ | File Scan (F) | Read (R) | +---------------------------------------------------------------------------+ | Access Control (A) | Change Permissions (PO) | +---------------------------------------------------------------------------+ The next table shows how rights set using Windows NT are mapped for NetWare clients: Windows NT Directory Permissions Corresponding NetWare Directory Rights ------------------------------------------------------------------------- +-----------------------------------------------------------------------------------+ | Windows NT Directory Permissions | Corresponding NetWare Directory Rights | +-----------------------------------------------------------------------------------+ | List (RX) | Read, File (RF) | +-----------------------------------------------------------------------------------+ | Read (RX) | Read, File (RF) | +-----------------------------------------------------------------------------------+ | Add (WX) | Write, Create, Modify (WCM) | +-----------------------------------------------------------------------------------+ | Add & Read (RWX) | Read, Write, Create, Modify, File Scan (RWCMF) | +-----------------------------------------------------------------------------------+ | Change (RWXD) | Read, Write, Create, Modify, File Scan (RWCMF) | +-----------------------------------------------------------------------------------+ | Full Control (All) | Supervisor (S) | +-----------------------------------------------------------------------------------+ File Rights ----------- NOTE: The Windows NT operating system does not support the Create (C) and File Scan (F) rights for files, but Windows NT does assign these permissions at the directory level, as shown in the previous table. +------------------------------------------------------------+ | NetWare File Rights | Corresponding Windows NT File Rights | +------------------------------------------------------------+ | Supervisory (S) | Full Control (All) | +------------------------------------------------------------+ | Read (R) | Read (RX) | +------------------------------------------------------------+ | Access Control (A) | Change Permissions (PO) | +------------------------------------------------------------+ | Create (C) | Write (W) | +------------------------------------------------------------+ | Erase (E) | Delete (D) | +------------------------------------------------------------+ | Modify (M) | Write (W) | +------------------------------------------------------------+ | Write (W) | Write (W) | +------------------------------------------------------------+ The following table shows how file rights are mapped from Windows NT Server to Novell NetWare: +-----------------------------------------------------------------------------+ | Windows NT File Permissions | Corresponding NetWare File Rights | +-----------------------------------------------------------------------------+ | Read (RX) | Read, File (RF) | +-----------------------------------------------------------------------------+ | Change (RWXD) | Read, Write, Create, Modify, File Scan(RWCMF) | +-----------------------------------------------------------------------------+ | Full Control (All) | Supervisor (S) | +-----------------------------------------------------------------------------+ File Attributes --------------- Both NetWare and Windows NT operating systems have assignable file attributes. The following table shows how file attributes are mapped between the NetWare and Windows NT operating systems: NetWare File Attributes Windows NT File Attributes ---------------------------------------------------- NetWare File Attributes Windows NT File Attributes ---------------------------------------------------------------------- Read Only (Ro) Read Only (R) Delete Inhibit (D) Read Only (R), or remove user permissions to delete the file. Rename Inhibit This is assigned at the directory level by removing user permissions to write to the directory. Archive Needed (A) Archive (A) System (Sy) System (S) Hidden (H) Hidden (H) Execute Only (X) Execute (E). On Windows NT, the execute attribute can be reset by the administrator. Read Audit (Ra) Audit Read, Audit Execute. These are fully supported. Write Audit (Wa) Audit Write, Audit Delete. These are fully supported. Additional query words: nwconv convert ====================================================================== Keywords : kbfaq Technology : kbWinNTsearch kbWinNT351search kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS351search Version : winnt:3.51,4.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.