Key Goals in Active Directory Migrations (3 of 4)September 25, 2017
As we talked about in an earlier post, there are four key goals that make for a successful migration of Active Directory: accuracy, visibility, efficiency, and security. In this post, we do a deep dive into how you can make your migration more efficient. The goal is to deliver the best possible result with the least amount of time and effort.
Running an efficient migration of Active Directory can be a bit of an art. Most directory migrations are complicated, multi-faceted projects that have varying requirements, local and remote users, and exceptions every step of the way. That’s why these types of migrations tend to stretch beyond their planned timeframe and exceed their budget. In short, they are anything but efficient. To beat these odds, here are a few tips:
Assess and remediate your environment
Efficiency often stems from sufficient planning and preparation. It’s one of the most important steps you can take to make your overall migration more efficient. Up front, you should do an inventory of what your directory environment looks like today. That way, you can save time by not bringing over any objects that are inconsistent, outdated, or duplicated.
Next, spend a bit of time proactively fixing any issues in the environment that could cause snags later, like extra spaces at the ends of object names. These types of issues are easier to fix up front rather than later when your migration is in flight. In fact, a proactive assessment often saves 2-4 times the cost of fixing issues with Active Directory during and after the migration.
Another great way to be efficient here is to work with an experience partner to do this assessment for you. Reason being, an expert who does this day in and day out knows exactly what to look for. We’ve found that organizations who try to do an assessment themselves often spend 5-10 times more in staffing and operational costs than when they work with Binary Tree. See more about our Active Directory Assessment service.
Automate your specific use cases
The next biggest factor in efficient migrations is the software or service that you use. You should choose a migration solution that is flexible enough to automate the idiosyncrasies and edge cases in your environment. No two migrations are alike, so our clients often find that free tools and scripts can struggle to handle the complexities of larger migrations.
The most efficient way to migrate Active Directory is often using the right third-party tool. Or a third party, period. This might be a great project to offload to a migration expert. Either way, the migration software should let you automatically:
- Generate a unified GAL before you migrate
- Keep the GAL in sync as you migrate
- Discover workstations
- Update permissions
- Join all remote workstations
- Take custom actions on users and groups
- . . . . and more
Avoid writing custom scripts
You should choose a solution that’s flexible enough to accommodate the idiosyncrasies of your environment. You shouldn’t have to write your own scripts on the side to make the tool do what you need. That will cost you extra time and effort, not only to write the scripts but then test to make sure they do what you want. Unless you write these types of scripts day in and day out, they can be tricky to get right, with much trial and error.
Schedule which objects migrate when
When it comes to larger migrations with thousands of users, it’s more efficient to be able to pick and choose which objects migrate when. You might want to migrate entire teams, roles, or regions at the same time. Or you might want to blacklist objects that shouldn’t be migrated.
Your migration software should let you do all of this. For example, our Active Directory Pro lets you see which users have logged on to which machines and when. That helps you schedule your migration batches for the best times, when certain groups tend to be less active. Or you can even import CSVs from your project manager and schedule migrations of certain roles and groups to happen at a given time.
Take custom actions on users and groups
As you migrate, you might need to re-map attributes of a user or group. Over time, directories tend to become inconsistent. Maybe your business policies change as you go. Or you’ve had several different admins taking care of different forests, and each person had their own system for naming. A migration is the perfect excuse to clean all this up and get your ducks back in a row. Maybe you need to switch everyone to be firstname, lastname instead of the opposite. Or you need to fill in a new description for some users.
Your migration software should automate this mapping for you, using simple rules. You don’t want to have to do this by hand in a spreadsheet or, worse, after the migration itself.
Migrate remote users offline
Migrating remote workstations can be a huge challenge, with much inefficient hit-and-miss. One way we’ve seen organizations try to solve this problem is to ask users to come into the office. But that means your users would need to travel, which costs the business money and wastes valuable time. It’s also hardly efficient for your admins to try to catch remote users when they’re online, as your schedules might not easily line up. What you need here is a migration solution that migrates remote users automatically—without having them come into the office.
Our solution to efficient migrations
Our Active Directory Pro lets you merge, consolidate, or restructure your Active Directory environment—all while keeping your users, devices, and applications in sync. We’ve done all the heavy lifting for you, so you won’t have to write any custom scripts. It automates every step so that you don’t have to know the ins and outs of the process. And so that you don’t accidentally introduce error.
With Active Directory Pro, you can:
- Customize the migration to meet the requirements of even the most complex scenarios
- Automatically discover all workstations and update permissions
- Schedule batches of users by role, region, and more
- Migrate during business hours, without disrupting your users
- Migrate remote users without asking them to come into the office
- . . . . and more