サポートと今すぐチャット
サポートとのチャット

Migrator Pro for Active Directory 20.11.2 - Security Guide

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability.

This document describes the security features of Migrator Pro for Active Directory. It reviews access control, protection of customer data, secure network communication, cryptographic standards and more.

About Migrator Pro for Active Directory

Migrator Pro for Active Directory provides the following functionality:

  • Full directory synchronization of users, groups, and devices with configurable profiles.

  • Data transformation and customizable mapping of directory attributes.

  • Password hash synchronization.

  • SID History migration.

  • Device migration including permissions and offline domain join.

  • Network share permissions migration.

Architecture Overview

 

Overview of Data Handled by Migrator Pro for Active Directory

Migrator Pro for Active Directory collects data for a variety of directory objects.  The directory objects and properties collected are configurable to ensure only the desired objects and properties are processed.

 

  • A directory sync service, running within the customers network, processes Active Directory objects using LDAP. Objects include users, groups, contacts, and computers. Properties include account name, email addresses, contact information, department, membership and more.

  • LDAP credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

  • When the optional password sync feature is enabled, the NTLM password hash of all user accounts in scope are collected, encrypted with AES-256 and stored in SQL Server.

  • Device agents running locally on the end user’s workstation collect device properties using WMI and PowerShell. Device properties include device name, domain name, user profile locations and more.

  • Migrator Pro for Active Directory optionally stores credentials required for network share re-permission and Active Directory domain joins. These credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

Overview of Data Handled by Migrator Pro for Active Directory

 

Migrator Pro for Active Directory collects data for a variety of directory objects.  The directory objects and properties collected are configurable to ensure only the desired objects and properties are processed.

 

  • A directory sync service, running within the customers network, processes Active Directory objects using LDAP. Objects include users, groups, contacts, and computers. Properties include account name, email addresses, contact information, department, membership and more.

  • LDAP credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

  • When the optional password sync feature is enabled, the NTLM password hash of all user accounts in scope are collected, encrypted with AES-256 and stored in SQL Server.

  • Device agents running locally on the end user’s workstation collect device properties using WMI and PowerShell. Device properties include device name, domain name, user profile locations and more.

  • Migrator Pro for Active Directory optionally stores credentials required for network share re-permission and Active Directory domain joins. These credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

セルフ・サービス・ツール
ナレッジベース
通知および警告
製品別サポート
ソフトウェアのダウンロード
技術文書
ユーザーフォーラム
ビデオチュートリアル
RSSフィード
お問い合わせ
ライセンスアシスタンス の取得
Technical Support
すべて表示
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択