Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Stacy Wynn
Stacy Wynn Author
User level: Level 1
6 points

Can I migrate server settings from 10.5 to 10.9

I just got a Mac-mini server running OSX 10.9.3 and Server 3.1.1 and want to migrate share points, users and permissions from an Intel Xserve running OSX Server 10.5.8.

Posted on Jul 11, 2014 11:31 AM

Reply
Question marked as Best reply
User profile for user: Strontium90
Strontium90
User level: Level 5
4,833 points

Posted on Jul 15, 2014 4:37 AM

Yes. If you are only moving users, groups, and data from one server to the next, this is relatively easy.


If you want to run the risk of migrating your entire Open Directory domain, you can export it from the 10.5 server and import it into the 10.9 server. This will get everything, including passwords. But the everything also means you will get all the junk from 10.5, including MCX, the separate password server auth authorities, etc.


I tend to go for user attributes and then enforce a new password policy. Most of us were not thinking security and password policy back in the 10.5 days, so rethinking it is a good thing. In this case, use Workgroup Manager to export your users and groups to flat files or use dsexport to do the trick. You can use something like:


dsexport ~/Desktop/exportedUsers /LDAPv3/127.0.0.1 dsRecTypeStandard:Users -e "dsAttrTypeStandard:AuthenticationAuthority" -e "dsAttrTypeStandard:Expire" -e "dsAttrTypeStandard:Change" -e "dsAttrTypeStandard:Password" -e "dsAttrTypeStandard:AltSecurityIdentities" -e "dsAttrTypeStandard:JPEGPhoto" -e "dsAttrTypeStandard:MCXFlags"


This will create a flat file containing user attributes that can then be imported into 10.9. Make sure you remove the root, diradmin, and VPN Key user accounts. This method will not give passwords, but it will trim much of the unwanted attributes. Inspect the file and add more exclusions if you are getting more stuff like MCX.


Alternatively, if you only have a handful of users, you might simply opt to recreate them on the new server. Then recreate your shares and move the data, allowing permissions to be set on the move of the data.


Don't forget DNS. Don't forget to implement a backup. Test. Trust by verify. Plan your access model.


Reid

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

View in context
3 replies
Question marked as Best reply
User profile for user: Strontium90
Strontium90
User level: Level 5
4,833 points

Jul 15, 2014 4:37 AM in response to Stacy Wynn

Yes. If you are only moving users, groups, and data from one server to the next, this is relatively easy.


If you want to run the risk of migrating your entire Open Directory domain, you can export it from the 10.5 server and import it into the 10.9 server. This will get everything, including passwords. But the everything also means you will get all the junk from 10.5, including MCX, the separate password server auth authorities, etc.


I tend to go for user attributes and then enforce a new password policy. Most of us were not thinking security and password policy back in the 10.5 days, so rethinking it is a good thing. In this case, use Workgroup Manager to export your users and groups to flat files or use dsexport to do the trick. You can use something like:


dsexport ~/Desktop/exportedUsers /LDAPv3/127.0.0.1 dsRecTypeStandard:Users -e "dsAttrTypeStandard:AuthenticationAuthority" -e "dsAttrTypeStandard:Expire" -e "dsAttrTypeStandard:Change" -e "dsAttrTypeStandard:Password" -e "dsAttrTypeStandard:AltSecurityIdentities" -e "dsAttrTypeStandard:JPEGPhoto" -e "dsAttrTypeStandard:MCXFlags"


This will create a flat file containing user attributes that can then be imported into 10.9. Make sure you remove the root, diradmin, and VPN Key user accounts. This method will not give passwords, but it will trim much of the unwanted attributes. Inspect the file and add more exclusions if you are getting more stuff like MCX.


Alternatively, if you only have a handful of users, you might simply opt to recreate them on the new server. Then recreate your shares and move the data, allowing permissions to be set on the move of the data.


Don't forget DNS. Don't forget to implement a backup. Test. Trust by verify. Plan your access model.


Reid

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Reply

Can I migrate server settings from 10.5 to 10.9

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up