Mac->Windows migration for a small office: tips and suggestions?
February 25, 2013 1:59 PM Subscribe
I've been the all-around IT guy for a small office of 30 for a few years now. We've been primarily a Mac shop this whole time, but new business requirements mean that we'll probably be buying more windows machines going forward. I've been tasked with a pilot program to migrate 1/3 of our office over this year, with the assumption we'll bring everyone else over next year. Details inside:
1)We're running a mix of 10.6-10.8 on a variety of <3 year old macbook pros. We've got an Xserve handling files, open directory, and vpn. Mail is handled by an exchange server at our parent entity. This, of course, presents its own set of problems because we have to back up massive amounts of mail locally.
2) I was originally a windows guy, but I haven't done enterprise level windows work since the XP/2003 days, I'll admit I'm a little rusty. The pilot would be ~10 laptops plus a server to act as the AD Domain Controller. What am I forgetting?
3) I'd like to do this the right way (AD + Roaming Profiles, right?) but we may not have the budget for a serious SAN able to accomodate all of that data. What's a realistic amount of per-user storage for roaming profiles?
4) I'm seriously unhappy with our backup solution now (Retrospect 9 + LTO4). What's the standard on the windows side? Backup Exec?
1)We're running a mix of 10.6-10.8 on a variety of <3 year old macbook pros. We've got an Xserve handling files, open directory, and vpn. Mail is handled by an exchange server at our parent entity. This, of course, presents its own set of problems because we have to back up massive amounts of mail locally.
2) I was originally a windows guy, but I haven't done enterprise level windows work since the XP/2003 days, I'll admit I'm a little rusty. The pilot would be ~10 laptops plus a server to act as the AD Domain Controller. What am I forgetting?
3) I'd like to do this the right way (AD + Roaming Profiles, right?) but we may not have the budget for a serious SAN able to accomodate all of that data. What's a realistic amount of per-user storage for roaming profiles?
4) I'm seriously unhappy with our backup solution now (Retrospect 9 + LTO4). What's the standard on the windows side? Backup Exec?
Response by poster: Our main motivation is client-side, yes. Our client (for the lack of a better term) wants documents prepared in a certain way that's trivially easy with windows versions of MS Office and Acrobat but require multiple hoops be jumped on the mac.
The main reason I was thinking Windows Server was for AD and roaming profiles, I'd rather avoid everyone having local accounts if I can.
I've got a decent bit of linux sysadmin experience, but it's mostly on single LAMP and file servers, not networked environments.
posted by Oktober at 2:45 PM on February 25, 2013
The main reason I was thinking Windows Server was for AD and roaming profiles, I'd rather avoid everyone having local accounts if I can.
I've got a decent bit of linux sysadmin experience, but it's mostly on single LAMP and file servers, not networked environments.
posted by Oktober at 2:45 PM on February 25, 2013
Best answer: A Linux based domain can do roaming profiles, network stored home directories, etc. So, if you're interested in that route and don't need full Windows Server compliance, then take a look at Samba, OpenLDAP, etc. It's obviously a lot more hands-on, so if you evaluate it definitely make sure you thoroughly test it not just for features and performance but to gauge manageability in terms of your time and other resources. Here is the Samba4 Domain HowTo.
Another thought -- I'm not sure about this, but you might be able to use a Linux based controller for the Windows clients you need and run it in or alongside your existing OpenDirectory-based domain. (I'd have to refresh my memory as to whether OD or Samba would have to be PDC if run together.) Or, you may be able to import your existing schemas etc from OpenDirectory into Samba/LDAP if that would be helpful.
posted by snuffleupagus at 6:07 PM on February 25, 2013
Another thought -- I'm not sure about this, but you might be able to use a Linux based controller for the Windows clients you need and run it in or alongside your existing OpenDirectory-based domain. (I'd have to refresh my memory as to whether OD or Samba would have to be PDC if run together.) Or, you may be able to import your existing schemas etc from OpenDirectory into Samba/LDAP if that would be helpful.
posted by snuffleupagus at 6:07 PM on February 25, 2013
Best answer: To clarify, running them side-by-side is something like the officially suggested (by Apple) "Golden Triangle" multiplatform approach featuring a Lion Server itself bound to a Windows AD upstream, only you would use a Samba4 PDC at the top, instead.
posted by snuffleupagus at 6:22 PM on February 25, 2013
posted by snuffleupagus at 6:22 PM on February 25, 2013
Just install parallels instead of buying windows boxes.
posted by empath at 6:24 PM on February 25, 2013 [1 favorite]
posted by empath at 6:24 PM on February 25, 2013 [1 favorite]
Empath makes an excellent point. Also, as another route if you're still otherwise happy with OD -- I'd take a look at discussions of using pGina to work around the incompatibility between Win7 and OD, which apparently works once properly configured.
pGina: open source Windows authentication
pGina mailing list archive is here, and searches reflect that people are using it successfully for this purpose (and get help when they need it.)
See also the posts by "ClarionAreaTech" in this Apple thread.
posted by snuffleupagus at 6:42 PM on February 25, 2013 [1 favorite]
pGina: open source Windows authentication
pGina mailing list archive is here, and searches reflect that people are using it successfully for this purpose (and get help when they need it.)
See also the posts by "ClarionAreaTech" in this Apple thread.
posted by snuffleupagus at 6:42 PM on February 25, 2013 [1 favorite]
Response by poster: Not to threadsit too much, but we've been using parallels to the point where staff spends most of the day in Windows. Sure, we could use bootcamp at this point, but why are we spending the extra money for Apple hardware at all then?
posted by Oktober at 7:24 PM on February 25, 2013
posted by Oktober at 7:24 PM on February 25, 2013
Best answer: I manage the network in a school with around 120 workstations. When I first joined the school eight years ago, I turned on roaming profiles. Three years ago I turned them off; I was sick of playing whack-a-mole with all the ingenious things that users and badly behaved apps can do to induce profile bloat and the consequent grindingly. slow. logons. and flagrantly excessive server disk consumption. Things are much better now.
My users now have a Desktop folder in their server home folder, and workstations run a logon script that uses XCOPY to do a one-way sync from that to the workstation's Windows desktop at logon time. It also does assorted other things, like enforcing a per-computer set of printer connections and kicking off a background process that does GPUPDATE /FORCE (which shouldn't be necessary but bloody well is).
I've also got a logoff script that parses the JSON backup that Firefox makes of their bookmarks when it closes, and creates .url shortcuts inside a folder in their server home folder. This cobbled-together collection of scripts has been working better for my users than roaming profiles ever did, plus they can now reliably log off and on quickly.
posted by flabdablet at 6:11 AM on February 26, 2013 [2 favorites]
My users now have a Desktop folder in their server home folder, and workstations run a logon script that uses XCOPY to do a one-way sync from that to the workstation's Windows desktop at logon time. It also does assorted other things, like enforcing a per-computer set of printer connections and kicking off a background process that does GPUPDATE /FORCE (which shouldn't be necessary but bloody well is).
I've also got a logoff script that parses the JSON backup that Firefox makes of their bookmarks when it closes, and creates .url shortcuts inside a folder in their server home folder. This cobbled-together collection of scripts has been working better for my users than roaming profiles ever did, plus they can now reliably log off and on quickly.
posted by flabdablet at 6:11 AM on February 26, 2013 [2 favorites]
AD user accounts, obviously.
posted by flabdablet at 6:15 AM on February 26, 2013
posted by flabdablet at 6:15 AM on February 26, 2013
This thread is closed to new comments.
I'm not doing any active consulting these days, but I'd say the biggest change since the XP/03 days is widespread virtualization, at both the client and server level.
posted by snuffleupagus at 2:32 PM on February 25, 2013