Migration Network Information Service (NIS) domain, the actual implementation of best practices for migration, please carefully view the UNIX identity management to help in the "list: NIS maps will be migrated to Active Directory Domain Services."
Before you start the wizard, decided to move the domain should remain independent of the domain, or NIS servers should be merged with other domains.
If migration were mapped, should migrate passwd map, and then migrate group or shadow maps, so you can ensure that the right to store UNIX password.
Before you start the wizard, ensure that you understand the structure of non-standard mapping, in particular, should understand the field separator, key field, file names and map names. Non-standard mapping to visit only one keyword.
NIS Data Migration Wizard first use the default "does not move (only records)" option to migrate NIS server to test all the steps, but not the actual migration of data. Analysis of log files and decide how you want to handle the mapping took place after the conflict, run the wizard again and select the "Migration and record" option.
Check the log after the first correct all the problems, and then migrate the data. Windows domain and NIS domain if there is the same user name, user name to determine whether to repeat the same on behalf of a user. If not, then change one user's user name. If the user name refers to the same user, to determine whether the same UNIX attributes. If not, determine which is correct. Then, you can keep Active Directory Domain Services (AD DS) in the existing entries, you can also use the UNIX mapping information in the overwrite existing entries.
If the report during the conflict in the actual migration, but the test did not report any conflict during migration, there may be conflicts within the NIS maps. In the selected "only records" option when running the wizard will only report NIS maps and the conflict between AD DS, and not report the conflict within the NIS maps. If conflicts occur during the actual migration, the settlement of the conflict in the NIS map, and then use the command line nis2ad-r yes option to migrate the NIS data is not migrated.
Slave server to maintain the latest
If the NIS domain is active (that is, regular changes of the domain), should increase the frequency of NIS server, check for changes. This ensures that the server registered on the main changes, rapid update of slave servers based on UNIX. You can also "UNIX Identity Management" snap in "Action" pane, use the "Check for Updates" command, and immediately update the slave servers.
Do not migrate NIS domains to multiple Active Directory domains
Although the NIS domain can be migrated to run multiple domains on Windows "NIS server" computers, but strongly recommended not to do so, because in a Windows-based domain for the changes will not be replicated to other domain.
Recommend that users do not use yppasswd NIS password change
Users should be by changing their Windows password to change their NIS password. NIS NIS server to change the password to match.
NIS server does not fully support the UNIX system available yppasswd utility. When the user runs yppasswd, NIS server, NIS passwd map to change the user password. However, due to yppasswd in the new password sent to the NIS master server will be encrypted before, so, NIS server can not obtain the plain text password to set the user's Windows password. In this way, the user's Windows password and the UNIX password will no longer be the same. In addition, yppasswd transmitted in plain text form of unwanted code, and will therefore pose a security risk. As the user's old password may be the user's current Windows password, so that the user's Windows password may be disclosed to unauthorized users on the network.
Use the "password synchronization" can be used to provide a user command to change NIS password yppasswd method.