To migrate the Global Settings or not to, that is the question...

So we are about to load the R2 schema and the inevitable question "Should we move the Global Settings Container?" came up. In my previous company we had one massive domain and so there was no value in moving it. Every DC had the settings so no problem. In my new customer's environment they have a multi-domain forest and only 3 DCs in the Root domain. We could have left it but ultimately decided it would be best to move it.



I have to say I was half expecting this to go pear shaped. We had no test environment and therefore couldn't say hand on heart that everything would all be ok come Saturday morning. I tried to find some incense and a virgin to sacrifice to the gods but failed miserably so I decided it would be easier to run through the process in my own lab to get more familiar.

For those of you who are not familiar with this process it is basically as follows:

•  Download the Global Settings Migration Tool from http://go.microsoft.com/fwlink/?LinkId=137424 and extract it.
• Stop all the OCS services on all of your servers.
• With an account that is a member of Domain Admins or Enterprise Admins, Run cscript MigrateOcsGlobalSettings.vbs /Action:MigrateGlobalSettingsTree and wait for this to replicate. This copies the Global Settings Tree Structure to the Configuration container.
• Still with the same account run cscript MigrateOcsGlobalSettings.vbs /Action:MigrateGlobalSettingsProperties and again wait for replication. This will copy the Global Settings Attributes over to the new tree.
• You now need to set the correct permissions by running Forest Prep with the OCS R1 version of Lcscmd. run LcsCmd /Forest /Action:ForestPrep /global:configuration and again wait for replication to occur.
• Now for the fun parts, to update the DN References of all your server objects run cscript MigrateOcsGlobalSettings.vbs /Action: MigrateServerDnReferences /SearchBaseDN:dc=mydomainthathasmyservers,dc=com. If you have deployed servers in multiple domains you must run this for each one. You may have to run this multiple times until it returns "completed successfully". Once this change has replicated to the domains that hold your users you can continue.
• This is probably the most time consuming part depending on how many users you have. Run cscript MigrateOcsGlobalSettings.vbs /Action: MigrateUserDnReferences /SearchBaseDN:dc=domainwithmyusers,dc=com. Now this is the part of the script that I didn't like, we had only 3000 activated users in a domain that had about 30000. We had to run this tool for each domain that had users and we had to run it 5 or 6 times until it completed successfully.The good thing is that is doesn't traul through all the users, it only targets activated users, so if you have a big domain but only a few users it will only a little while.
• Once this is all complete you can remove the Global Settings Tree from the System Container by running cscript MigrateOcsGlobalSettings.vbs /Action: DeleteSystemGlobalSettingsTree.
• Restart the OCS services or even reboot for fun and you are done.

All in all this wasn't as bad as I thought. I think the tool is not as good as it could be. Having to run it multiple times is a pain, especially at 2am, because you can't just kick back and watch Flash Forward online and leave it to do it's thing, you have to watch it in case it stops.

So for Matt's 5 cents:
If you have a single domain just leave it. Moving to the Config container won't add any value and at the moment it is just a recommendation from Microsoft. If they make it mandatory to move it in the future, I am sure/I hope, they will build a better tool as I am not sure that I would want to go through this in a domain with hundreds of thousands of user objects.

If you have multiple domains but all your servers are in the root domain, again you probably won't gain anything by moving things around.

If you have servers in multiple domains, or you only have a few DCs in the Root Domain, then you should consider moving to the Config Container.


Whatever you decide, don't be afraid, after all we did it and survived.