If your enterprise has been through a recent merger or acquisition, you could find that your Active Directory (AD) environment has become too difficult or costly to manage. You could be looking at migrating your AD objects onto a single domain. The good news is that Microsoft offers Active Directory Migration Tool (ADMT) as a free download to help you do this.
ADMT will get you some of the way in your AD migration, but remember how your environment has grown over time – you are likely to have thousands of AD objects with different sets of attributes and dependencies. And if you’ve been through a number of mergers and acquisitions, it’s likely you’ve inherited a structure that you aren’t that familiar with. There are some things ADMT won’t do.
To mitigate issues, before you can even think about migrating all your users, workstations, servers, and service accounts you need to do some legwork. You’ll want to understand all your AD object dependencies and which objects are now invalid. If you want to maintain access permissions after your move, read on to find out some of the pitfalls to avoid and ensure a successful AD migration.
If you have more than one domain – the top tier structure is called a ‘forest’. Within each domain there are multiple organizational units (OUs) – or files/folders. Those OUs could have been structured in a number of ways.
Ask yourself:
You’re going to have to collate all of the information on your AD environment before you can design your structure in the new domain. Completed manually that means collecting and cleaning data from multiple tools, systems and databases on a spreadsheet.
ADMT is a ‘lift and shift’ tool which means if you have old information pre-migration, you are just going to move it to clutter up your new domain. It’s a good idea to clean up ahead of your move. To do this, you may want to send out emails to end users and managers to confirm which groups and users are no longer active and delete them.
You’ll need to understand all of these intricacies and that means analyzing your source data to understand the type of applications you are using and how they interact with AD.
ADMT doesn’t provide any testing facilities so you’re going to have to define a testing and validation plan for your migration.
Consider:
Make sure your entire organization knows what’s happening and why. Create a list of FAQs and let them know the timeline for the migration and who they should contact if they have any issues.
By following these tips, you can shield your users and help to maintain the integrity of all your objects during the move. But done manually, there are still challenges. It’s going to take time to collate your data, communicate with employees to understand what’s outdated and to answer any questions. And that’s not accounting for the possibility of human error – post migration you could still be correcting issues and answering calls from users that can’t access their applications.
Even using ADMT there are a number of tasks that you’ll need to manage. ReadyWorks can help you automate many of them by:
Schedule a Demo to find out how ReadyWorks can help you leverage intelligent automation to deliver a successful and pain-free AD migration!