Active Directory and Exchange Deployments
Any project involving deployment of Active Directory or Exchange can lead to Active Directory restructuring. The following situations are common drivers for evaluating and implementing changes to Active Directory.
Migrate to a New Active Directory in Windows Server 2003/2008/2008 R2/2012
You want to move from Windows 2000 to Windows Server 2003/2008/2008 R2/2012 Active Directory, but have determined that your current directory design does not meet your needs. As an alternative to an in-place upgrade, you might consider migrating to a new Active Directory.
Exchange to Microsoft Office 365 Migration
You decided to move your on-premises Exchange environment into the cloud and chose Microsoft Office 365 as the most appropriate cloud-based service, but determined that you need to move your Active Directory to Microsoft Office 365 as well.
Regardless of your reason for needing to restructure Active Directory, restructuring projects can be complex and difficult. Restructuring poses the following challenges:
- Size and complexity. A restructuring project requires you to manage change to a large number of users and resources. You probably have many objects that need to be migrated, either within forests or between forests. In addition, your resources might be widely distributed across your network.
- Impact on users. Ideally, changes to your directory should occur without disrupting user productivity or requiring calls to the help desk. Users should not need to log off, and they should continue to be able to access all appropriate resources during and after the restructuring project.
- Double administration during the transition period. When executing inter-forest migrations (that is, moving accounts and resources between the forests), there’s inevitably a period of time when both old and new environments are intact. In large environments, it might take months before everyone is migrated and the old environment can be decommissioned. During that time, any changes made in one directory have to be made in the other as well.
- Limited IT resources. A restructuring project can stretch your overworked IT department. Administrators might need to work nights or weekends. Overtime might be needed, and the restructuring project could drag on for many weeks or months.
- Lack of tools. Native tools and most third-party tools do not handle all aspects of Active Directory restructuring. Active Directory does not include tools to automatically merge two or more domains, split domains, move objects between domains and forests, or perform other Active Directory reconfiguration procedures.
In addition, native tools and most third-party tools do not migrate all types of Active Directory objects and attributes. Nor do they update permissions across all platforms such as Exchange, SQL, and Active Directory. You might face several restructuring issues that cannot be addressed with your existing tools.
- Political issues. Organizations often overlook the effect of internal political issues on their directory design. Certain groups or departments might prefer to be set up separately, or administrators might want to limit access to their areas of responsibility. This could lead to disagreements on when to create separate organizational units (OUs), domains and forests. Underestimating these factors can add time and effort to your restructuring project.
- Coordination issues. Portions of your Active Directory might be controlled by remote administrators with exclusive access. It might be difficult to gain permissions for all remote locations or ensure that project standards are followed.
- Risk. Changes made directly to your production environment can be risky. You need a way to restructure your directory that also allows you to preview and test your changes before applying them to your network. You also need a way to selectively roll back changes if something unexpected occurs.
- Security concerns. During restructuring, existing security measures, such as passwords and permissions, must be preserved. To maintain a secure environment, you need to clean up SIDHistory and track and delete source objects that have been migrated. These tasks are not easily accomplished with native tools.
Until now, organizations that needed to restructure Active Directory had no good way to do so. But Quest has changed all that. Quest offers a solution built specifically for Active Directory restructuring. Migration Manager for Active Directory allows you to quickly and efficiently overcome the restrictions and limitations of Active Directory to create and maintain a directory that meets your organization's specific and ever-changing needs.
Migration Manager for Active Directory supports a wide variety of restructuring scenarios for both intra- and inter-forest moves as well as the scenario of migrating to Microsoft Office 365 services. Those scenarios include:
- Split a forest. For example, you might want to create separate forests to create secure boundaries between different parts of your Active Directory.
- Merge multiple forests to a new forest. For example, you might merge two or more entities to create a new combined entity, as in a merger or reorganization.
- Merge a forest into an existing forest. For example, one entity might be merged into another during an acquisition or reorganization.
- Move objects between domains within a forest. For example, an employee might be moved to a new group or department.
- Move objects between forests. For example, you might want to set up users in a test forest and then migrate them to the production forest. Or, in a multi-forest environment, you might move users between forests as the organization changes or employees change locations or departments.
- Take over a struggling restructuring project. Perhaps you tried one of these scenarios using native Active Directory tools or other third-party tools, and your restructuring effort is failing. Migration Manager for Active Directory can take over a restructuring project in progress and bring it to a successful and quick conclusion.
- Account synchronization. In addition to account migration, for scenarios spanning multiple forests (that is, inter-forest migrations as opposed to restructuring within a single forest), Migration Manager for Active Directory offers synchronization capabilities. That is, it keeps migrated accounts in sync so any changes to account properties, group membership or password are replicated to the other environment.
- Migration of Exchange and Active Directory. Using Migration Manager for Active Directory together with Migration Manager for Exchange, you can migrate users to another forest along with their Exchange mailboxes and other Exchange data. In addition, you can migrate users from Active Directory to Microsoft Office 365 and their mailboxes from the on-premises Exchange organization to Microsoft Exchange Online.
Migration Manager for Active Directory Key Features