This quick start guide provides a quick reference for getting set up with an Active Directory project. At the end of this guide you will be familiar with supported setups, basic requirements, and deployment components. This guide assumes some familiarity with the Active Directory platform and in particular Directory Sync.
Assumptions
The word ‘Devices’ in a Active Directory context refers to workstations or servers that are the domain joined end-user computers on your network which you will be migrating.
This guide covers the setup of a one-way device migration scenario between a single source local Active Directory environment and a single target local Active Directory environment.
This guide does not specifically cover File Share and Network Storage migration, Groups and other resource migration, or consolidation or divestiture scenarios. However, those operations can easily be performed following the information provided in this guide.
The first step in a Active Directory Device migration is to set up one-way directory synchronization between the source and target local environments. Active Directory works on top of Directory Sync so we will set up this synchronization there.
Directory Sync Agents
Install Directory Sync agents in both the source and target using the standard configuration for directory synchronization as directed in the User Guide.
Environment and Workflow Configurations
You will need source and target Directory Sync Environments defined which have Device objects included in the OU and object filter scopes. You will also need a Directory Sync Workflow using those Environments with at minimum a Read step and a Match step in order for those Devices to become visible in Active Directory.
|
|
NOTE: To successfully perform a migration and ReACL activities, User objects will also need to be read in from the source and target and matched. Those User operations can be performed in a separate Directory Sync Workflow, and there is no need to include them in the Devices Workflow. |
Should you choose to include User objects in the same Workflow with your Device objects you will need to include the Stage Data and Write out steps. If you go this route see also the Help Center for more information on the Device Migration Profile setting ‘Join to Existing Devices’.
Run the Workflow at least twice in order to verify that any object creations or matches which have been done in the target have been added to the Directory Sync database.
At this point Device Objects which have been Read In from the source Environment should appear in the Active Directory Devices + Servers page on the Not Ready Devices tab. If this has not happened troubleshoot the Directory Sync Environments and Workflow. Then proceed to Step Two when Not Ready Devices are showing up as expected.
If you are following along in this guide, after performing Step One the Devices from your source Environment should now be visible in the Not Ready Devices tab on the Active Directory Devices + Servers page. The way Devices move from the Not Ready Devices tab to the Ready Devices tab is by having a Active Directory agent installed on them and communicating with the Active Directory server.
The Active Directory agent must be installed on each Device which is to be migrated.
The Agent installer msi file can be downloaded from the Downloads section of the Active Directory Configurations page. Installing the agent will also require the values of the Service URL and Auth Key which are listed in the same page in Active Directory below the download button.
An example of a PowerShell command to install the agent would be:
msiexec.exe /I 'C:\workspace\AD.Agent-20.3.1.1401.msi' |
SERVICEURL = 'https://us.odmad.quest-on-demand.com/api/ADM' |
AUTHKEY = '#################################################' |
Run this command to invoke the installer UI. Walk through the screens filling out the needed information and click finish when completed. The settings for using a customer web proxy for communications are optional and can be left blank for the purposes of this guide.
As needed the installer can also be invoked in quiet mode with the /QN switch (requires running PS as admin). The fields which can be populated when included as command line arguments to the installer are SERVICEURL and AUTHKEY. Additionally, it is possible to configure the agent to use a web proxy using command line arguments as well. They are beyond the scope of this guide but listed here for info: WEBPROXYENABLE (optional), WEBPROXYURL (optional), WEBPROXYPORT (optional), WEBPROXYUSER (optional), and WEBPROXYPASS (optional).
The agent communicates with the Active Directory server over three outbound ports: TCP 443/80 and UDP 3030. When in web proxy mode the agent will communicate to the proxy on the defined port and outbound to the internet on TCP 443/80 only, UDP over port 3030 is not used when using a web proxy
The agent uses .Net framework 4.5.2 and will download it on install if it is not present and an internet connection is available.
Agent communications
To avoid overload, each workstation agent will communicate with our server at specific random and uniformly distributed intervals. On startup an agent will first register with the server within four hours. Thereafter a running agent will check for work by calling our job availability cache once every two minutes over UDP port 3030. Note that in the product UI the ‘Agent Last Contact’ column relates to the TCP communications not to the UDP communications, so do not expect it to update every 2 minutes. There is a per client limit of 600 agent jobs which will be available to agents per two-minute interval. If an agent has a job queued it will then connect over https to retrieve the job. As a fallback for this the agent will also connect by https once every four hours even if a job has not been available in the job availability cache.
Wait up to four hours for initial registration. While you are waiting for this initial communication can be a good time to read ahead and get a head start on Step Three: Set up Active Directory Profiles and Configurations.
Now that you have installed the Active Directory agent on a Device you wish to migrate and waited up to the initial four hours for it to register, you should see that Device move from the Not Ready Devices tab over to the Ready Devices tab in Active Directory. If you do not see this transition take place troubleshoot the network connectivity for agent communications and check the logs from the agent locally on the device.
