Here we will start to look at how we looked to achieve each of these goals in the key technology areas.
Design Goal - A more Simple and Consolidated Directory Platform
Design Decision - To migrate all users, Computers, Servers, Groups to the root domain and collapse each child domain.
So to achieve the migration we decided upon the Using Dell (Formerly Quest) Migration Manager for Active Directory. I will not be covering on how to use Quest Migration Manager, This blog assumes that you or your IT Partner is well versed in the product.
Planning
Its all in the planning !. This is so true. A good time spent on planning and understanding the environment is "key" to a successful migration. So here is some key elements that we needed to ensure were covered before we started.
We will be going through an intra-forest migration. This
term is used when users and groups are migrated from one domain to another
domain in the same Active Directory forest. As such there are some key considerations
that must be taken into account for such a migration. Some key
points can be referenced here:
https://support.software.dell.com/migration-manager-for-ad/kb/32273 - invalid characters and Duplicates (SAMAccount, UPN, Alias)
- Office 365 and other cloud services have some very strict requirements on supported characters that are used in key attributes, in our case these where the SamAccountName,UPN (User Principal Name) and Exchange Alias Names (Users, Groups etc..). A good start to understand in more detail is here:
- Also Duplicate Entries across multiple domains is always a challenge, but knowing these upfront will allow for better planning on how these are handled.
So once we have looked to complete all of our planning we were good to go and start to pre-stage users and groups (Minus exchange attributes, This will become clearer once we talk-bout DirSync and Office 365)
As alluded to earlier we identified an issue (through the planning stages) where the UPN and SamAccount names where not supportable with office 365. So to ensure we complied we needed to rename all active directory usernames from "firstname (Space) lastname".
Alas this sounds worse than it seems, as because we wanted to align the UPN with the E-mail Address which was First.Last we are able to use Dell (Quest) Migration Manager by using Import files to rename these upon migration, we just needed to export the old users "mail attribute" and with a bit of excel and notepad we were able to quickly create the required import files.
So at this point we have per-migrated all user accounts and Groups and is Synchronising Group memberships and All Attributes. (Minus samaccount and UPN as this was changed during migration so you need to ensure this is added as an exception during Directory Sync).
A couple of key points you may also need to be aware of is:
- Cross Domain Membership
- You will need to run the ADPW to add target objects into other Active Directory Domains in the Forest in cross domain membership is in use.
- Distribution Groups - Similar to above process, When you migrate the users exchange attributes,You will need to run the ADPW to add the Target accounts back into the source Distribution Groups. (As this will still hold the Exchange Attributes)
- Exchange Attributes
- We will plan to move the exchange attributes during the mailbox migration to Office 365.
No comments:
Post a Comment