Welcome. This is Quest Unscripted.
A vlog series on trending topics.
And Quest solutions related to Active Directory.
Office 365.
Oh, and don't forget, Azure AD.
You are here because you have questions.
We're here because we have answers.
I think.
We will address questions we've received from customers.
Who experience the same challenges as you.
All with the goal of helping you confidently move.
Manage.
And secure.
Your Microsoft environment.
We call the show Quest Unscripted because.
Except for this intro.
Nothing we say is scripted or rehearsed.
And we're pretty sure you'll notice that right away.
Hey, Joe. Welcome to Quest. I know you came through our Binary Tree acquisition.
Yep.
Now, one thing that comes to mind when I'm thinking about Quest versus Binary Tree is we've both had this cached credential utility. Can you talk to me about the Binary Tree cached credential utility and maybe how that differs from what Quest has doing?
Yeah, sure. So the idea, to give you a little bit of background, is the offline domain join, the cache credentials function, is used when doing active directory migrations where people aren't coming into an office.
Like COVID-19, right?
Yeah, exactly. With COVID everybody works from home and trying to do active directory migrations with people at home is kind of a challenge. And so the process is that we can move those machines into another domain using some utilities. And it's how should I say it, there's Microsoft ways, which is typical, manual methods.
And then within the Binary Tree product, to migrator pro for active directory, we've actually integrated those functions within the product. So it's two things. It's two steps. It's caching credentials and actually doing the offline domain join.
Well, let's talk about it for just a second. Cached credentials, why is that important? My understanding is if I don't update the cash credentials and I'm not online and my account change--
You're stuck.
I can't do anything.
Yeah. So it's a big deal. So what happens is, that it's really easy to move a machine from one domain to another domain. So Microsoft requires you to reboot. You reboot your machine, you hit control and delete and you type in your target credentials and there's no DC to validate your credentials with.
What do you do?
What do you? You're locked out of your machine. And so what the process does is it actually will cache your target credentials on your machine prior to actually doing the domain join and moving that machine into the domain. So that when the reboot actually happens, you hit control and delete, you type in your password, it's using those target m those cached target creds, to allow you access to that machine and then at that point, you can get in to your VPN tunnel and connect in as you normally would.
The challenge is that if you try to use say, the cache credentials utility, there's a lot of stuff that has to happen. It isn't automated.
Now, that's the cached credential utility from Quest?
From Quest, yes. And that it's kind of there as a separate function.
But it gets the job done.
It gets the job done, absolutely. There's no question about that. And in fact, the Binary Tree uses the same type of methodology to do it. However, what we've done is that we've integrated that cache credentials function into the product so that when you're looking at a list of machines and who's getting migrated, you select a group of remote workers and you say cache credentials perform this operation.
What happens then is that automatically the user will get a big box that pops up on their workstation that says, hey, we're getting ready to migrate you. We need to validate your credentials in the target before we do the migration, they put in their password and it's done.
So my understanding is the Binary Tree tool, it understands which computer it's associated with. Is that how that works?
Yeah.
That's cool.
We build the list and we push it out and it takes care of all of those things just automatically. So again, that's one of the things that's really nice about it is that it's an integrated thing. Integrated into the function and integrated into the migration of the users. So you don't have to do anything special in order to make that work from an end user perspective.
A couple of things. Really, really important before we kind of talk a little bit more about this. But talking about requirements associated with caching credentials. So we often deal with customers that are doing divestitures or migrations where we can't establish a trust, a forest trust between the two source and target environments.
I think that's happening more frequently with security concerns as well, right.
Yes, Exactly. And the problem with that is that in a normal type of active directory migration where everybody's in an office, it doesn't matter. The Binary Tree tools are kind of really designed not to need any trust for anything except for when we're doing the caching credentials function.
And so the way it works technically, is that the user gets a box that pops up, says put in your credentials. It reaches in to the source DC. The source DC then needs to reach out to the target DC to validate those credentials. Because otherwise how would you validate them.
The challenge with it is that in order to make that work, the source environment has to trust the target environment. OK.
Has to be able to see it.
Yeah. To be able to get those credentials cached on that machine, source has to trust target. Now, we talk with customers every day, they're like, oh my gosh, we can't do that. We can't do any type of trust for any reason whatsoever. And you go back and say, well, then you're going to have