4 Goals When Migrating Active Directory


An enterprise Active Directory migration is one of those projects dreaded by almost every IT team. These types of migrations are prone to error, touch every user and workstation, and affect the core of your organization’s security, which potentially puts you at risk. And they happen so infrequently that no one on staff can really stay an expert.

Even though Active Directory is 16 years old, with plenty of industry tips around the ins and outs of how to migrate, it’s no less complex today than when it first came out. And migrations of Active Directory are increasingly more common, particularly with mergers and acquisitions on the rise.

One of the reasons for the complexity is that no two migrations are exactly alike. Maybe you’re lucky enough to need only a straightforward, one-phase push of all users into a new domain, with little customization. But it’s more likely that you’ll need to schedule moves, map custom attributes by user group, and work with specific Exchange configurations.

When you look past the specifics of any given migration, every owner of a migration project is looking to achieve 4 simple goals in their migration:


At a minimum, you need your Active Directory objects to migrate correctly. Otherwise, there’s a good chance you’ll disrupt your users. If you try to migrate manually, it’s all too easy to introduce human error. So you need a tool that can automate the task for you. And also one that lets you roll back if something goes sideways. That way, you can have peace of mind and easily course correct as needed.


You can’t migrate what you don’t know about, which is why the discovery of workstations is critical. This is more than just having a complete list, as you can easily get this from Active Directory itself. It’s about being able to see exactly where each device is within the migration. You need to be able to schedule which workstations migrate when. And be aware of which ones to roll back if there’s an issue.


Most Active Directory migrations are complicated, multi-faceted projects that have varying requirements, local and remote users, and exceptions every step of the way. So it’s important to choose a migration tool that not only gives you powerful automation, but that’s also flexible enough to meet your specific scenarios. You need to reduce the risk of human error but also give yourself enough wiggle room to address your organization’s idiosyncrasies.


Security is a hot topic when it comes to migrations. You need to make sure your data stays secure as you migrate, especially in heavily regulated industries like healthcare, government, and finance. Unfortunately, many free and third-party tools to migrate Active Directory use legacy protocols, which makes them less secure. They often require you to open thousands of ports on your firewall, which is a huge security risk.

As you look at your options, make sure to consider Active Directory Pro from Binary Tree. It automates every part of your migration—idiosyncrasies and all. This means an efficient and accurate migration. It’s also designed to keep your data secure, with no ports open in your firewall. And it gives you complete visibility and flexibility throughout the entire process.