Key goals in Active Directory migrations (2 of 4)September 14, 2017
As we talked about in an earlier post, there are four key goals that make for a successful migration of Active Directory: accuracy, visibility, efficiency, and security. Here, we show examples of how you can use our Active Directory Pro to gain visibility into your objects at every step in the migration process.
When it comes to visibility, you need to be able to:
- Discover all users, groups, and permissions in your environment
- Spot any errors or inconsistencies in how objects are set up
- Schedule which objects migrate when
- Follow along with the migration status
- Roll back specific objects if there’s an issue
Know what you’ve got
The first step is to know what you’ve got. You need a complete list of all users, groups, and permissions in your environments. It’s easy enough to export this list straight from Active Directory. But our Active Directory Pro takes it to the next level. Rather than just a dump into a massive spreadsheet, we logically put groups of different users into different tabs (as shown below). So you’ll have a separate tab for your users, groups, rooms, computers, and more. This helps you manage them more easily throughout the migration.
Find and fix any issues
This initial list of objects won’t tell you everything that you need to know to get ready for a successful, clean migration. The bigger effort is to spot issues with how your objects are set up. That’s because over time, issues can start to creep in to your Active Directory environment. You might have outdated or duplicate objects, inconsistencies in naming or permissions, and even errors. These types of things can create issues as you try to migrate. Worst case, they can cause user permissions to break, which means you’ll have some frustrated users on your hands.
There are many discovery and analysis tools out there that help you find out about what’s going on in your Active Directory. You could use Microsoft IdFix, which lets you verify things like duplicate email addresses, non-routable UPNs, and other typos that can wreak havoc, like trailing spaces at the end of accounts. The downside of many of these free discovery tools is that they’re often limited in scope. And some of them are better than others at finding problems and drawing the correlation to the actual issue.
So we recommend that you do an Active Directory assessment before you migrate. Here, our team does a deep dive on your systems and gives you a report of all the issues we find. (And we can usually do this 5-10 faster than in-house teams.)
Schedule which objects migrate when
Another area in which it’s helpful to have granular visibility is if you need to pick and choose which objects migrate when. For example, you might want to migrate entire teams or roles at the same time. Or you might want to blacklist objects that shouldn’t be migrated.
Active Directory Pro makes this easy. It lets you see which users have logged on to which machines and when. This can help you schedule your migration batches for the best times, when certain groups tend to be less active. Or you can even import CSVs from your project manager and schedule migrations of certain roles and groups to happen at a given time. So you could migrate all of your sales people at the same time. Or all employees in a certain office location or region.
Watch along as you migrate
As you migrate, you should be able to see at any point exactly where each object is within the migration. This helps you have confidence that things are going as expected, and that you’re on track to meet your planned timeline. It also helps you know which objects you might need to roll back if there’s an issue.
Unlike similar tools, Active Directory Pro lets you follow along to see exactly which objects have migrated and which haven’t. You get complete visibility over your migration with built-in reports, charts, and diagrams—all updated in real time.
Roll back if there’s an issue
Finally, you need to be able to easily roll back if there’s an issue with how things migrated. The log viewer in Active Directory Pro gives you full text logging, which you can search and filter (example below). All of the actions the product takes are logged both on the workstations and on the migration console, which greatly simplifies the troubleshooting process. If you compare this with logging in other Microsoft and third-party products (which is limited), it helps you spend less time troubleshooting any issues.