Pairing
What is pairing?
Pairing in this context means to identify the source and target relationships in your project. There are three (3) pairing types in a project. Those are environment pairing, the accepted domain pairing and the object attribute pairing.
Why is pairing required?
Pairing environments, domains and objects are important because without designating the source and target locations, it will not be possible to migrate data, match objects, orchestrate mail flow or translate email addresses.
When do I setup my pairings?
The project setup wizard will ask a few questions about the required pairings. And authorized administrators may update pairings when needed.
How do I setup environment pairings?
After adding your environments in the project setup wizard, it is time to set up your environment pairs. This is where you identify the source and target relationships in your project.
Domain Move will use this information as it guides you through configuring your project. You start with your environments, and then it’s just a matter of “from” and “to.” From what environment would you like to migrate accounts? And to where are they going?
With only two environments it might be just a simple one-to-one relationship. If you have multiple environments like in a divestiture, you may need to set up several environment pairings.
(click to view larger)
How do I setup domain pairings?
After setting up environment pairs, the next step is to pair the domains. Domain Pairing is setting up accepted domains from the source environment with accepted domains in the target.
When an account is setup in the target, the email address is automatically stamped with the paired domain in the target. The default domain might be a different domain altogether, so pairing makes sure you know what you will have in the target after migration.
Create one pairing at time. Choose an accepted domain from the source. And then a domain from the target. That’s the basic pairing.
Create whatever combination of domain pairings meets your needs. You can do a simple one-to-one relationship, or pair several source domains to a single target domain.
(click to view larger)
How do I setup attribute pairings?
After setting up domain pairs, the next step is to pair the attributes for the purposes of matching objects between environments. Attribute Pairing is setting up value pairs from the source object and the target object.
Matching
What is matching?
Matching is a process in Domain Move that provides a method for objects between different directories to be paired together for migration and synchronization purposes.
Why is matching required?
Matching is required because it provides a mapping between source and target objects for the purposes of group membership synchronization and email address translation during migration.
What is matched?
All Users and Groups are matched between a source environment and a target.
When does matching occur?
Matching automatically occurs during the discovery process and can be run manually at any time by an authorized project administrator.
How does matching work?
Domain Move will attempt to match users and groups in the source environment with users and groups in the target environment.
During project setup, you may choose up to 3 attribute pairs that Domain Move will use to make this object pairing determination.
Matching is processed in the order listed. If there is no match on the first attribute, Domain Move moves down the list.
With the Integration project type, if no match is found, Domain Move may create the users and groups for you.
What are the projects requirements for matching?
To complete the project setup and match objects, you will be required to setup pairs for Environments, Domains and Attributes for Users and Groups.
Can I run a match myself?
Yes, there is an action available called Match. This action will match an unmatched user or group against the target environment without the need to run a full discovery in source and target.
How do I run the match action?
It’s easy, navigate to the users or group you would like to match. Select the item then select the Match action from the action drop-down menu. Once selected, click the Apply Action button to begin. The status of the object will change to Matching. When successfully complete, the status will change to Matched.
Are there matching logs?
Yes, within the discovery logs, matched objects will be logged. However, the easier method is to export all discovered users and groups. The export of all discovered objects will provide a list of all matched and unmatched objects. Navigate to the user or group management view then select all the objects. Afterwards, select the Export action from the action drop-down menu.
Agents
What is the Directory Sync agent?
The Directory Sync agent is the key component that communicates between a local Active Directory environment and the Directory Sync service.
Where do you install the agent?
The agent must be installed in every forest that you plan to include as a Directory Sync environment. We suggest that you create a virtual machine exclusively for this purpose. Review the Directory Sync Requirements for the minimal hardware and software requirements.
How do I download and install the agent?
First, choose the environment that the agent will be associated with.
You will be able to download the latest version of the agent from the Directory Sync agent screen. Copy the URL and the access key that will be needed during the install of the agent. The downloadable executable is the same for all projects, it is the Registration URL and Registration Key that makes the agent unique when it is installed.
To install of the agent enter credentials that have read or read\write access to the domain, depending on the direction of synchronization.
Copy and paste the information from the Directory Sync agent screen.
No further action is needed on the workstation. A look at services confirms that the Directory Sync agent is running.
A list of agents appears on summary screen, including status information as well as the registration URL and access keys should you need them again in the future.
Where do I manage agents?
To manage agents, simply open the left navigation menu and click Directory Integration, located under Setup, see figure 1.
Figure 1: Domain Move Setup and Settings Menu
How do I manage the agents?
On the Agents page, you can check the current status of your current agents or add new ones. Select an agent for additional options. You have the option to copy the Registration URL or the Registration Key if you need to reinstall the agent for any reason. The History button will give you details on the run history. When the agent is updated, any agent using the old version will offer you the upgrade option so that you can update your current agent installation.
How do I uninstall an agent?
If you need to uninstall an agent from any machine, in order to reinstall on the same machine, you must first delete the registry folder located at HKEY_LOCAL_MACHINE> SOFTWARE> Quest > Agent and then uninstall.
Afterwards, simply create a new agent (with a new access key) under Agents managements from the left navigation menu before re-installing on the same machine.
Discovery
What is discovery?
The discovery service is used to collect user and group identity and properties for the purposes of Domain Cutover preparation.
When discovery is complete, it will have collected all user, group, and contact information within the configured Azure directory environments. It will use this data based on project configuration to find matching objects between environments for the purposes of synchronization.
The Domain Move Directory Discovery Service runs by default every twenty-four (24) hours. This frequency may be changed as needed.
Should I change the default discovery frequency?
After the initial discovery has successfully completed, subsequent discovery jobs will be deltas, which are quicker. Monitor the time it takes to run a delta sync. If the total discovery time exceeds 24 hrs., adjust the frequency to fit the environment size. The more directory objects, the more time a discovery will take. Be sure the initial discovery completed successfully. Otherwise, each new discovery job will run a full discovery again.
The Domain Move Directory Discovery Service may be run at any time by an authorized project administrator.
Can I run a full discovery?
Yes, a full discovery may be run after the initial discovery has completed when required. However, it is recommended that delta discovery be allowed to run to ensure new and modified object changes are processed quickly.
Click the drop-down menu located in the top left corner.
Click the Discovery link from menu.
- Hover over the desired tenant environment.
Click RUN DISCOVERY to begin the process.
When should I run a full discovery?
Full discovery should only be run when previously skipped objects are now required for the project.
Yes, the Domain Move Directory Discovery Service can be disabled at any time by an authorized project administrator. Click DISABLE for the desired environment while in the discovery management page.
To manually disable all future discoveries, follow these steps.
Click the drop-down menu located in the top left corner.
Click the Discovery link from menu.
- Hover over the desired environment.
Click DISABLE to stop all future the processes.
When should I disable discovery?
In most cases, discovery services should not be disabled during an active project. Inactive projects can either be archived if they are no longer required, which will end all related services, or the discovery service can be disabled until the project becomes active.
It is recommended that discovery services be disabled before a Domain Cutover event is started. For more information about Domain Cutovers, review this help article.
Yes, Domain Move provides authorized administrators access to the discovery and tenant logs. To download the logs, simply navigate to the DISCOVERY section from your project dashboard then click the LOGS link for the desired environment.