立即与支持人员聊天
与支持团队交流

Migrator Pro for Active Directory 20.11 - Security Guide

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability.

This document describes the security features of Binary Tree Migrator Pro for Active Directory. It reviews access control, protection of customer data, secure network communication, cryptographic standards and more.

About Migrator Pro for Active Directory

Binary Tree Migrator Pro for Active Directory provides the following functionality:

  • Full directory synchronization of users, groups, and devices with configurable profiles.

  • Data transformation and customizable mapping of directory attributes.

  • Password hash synchronization.

  • SID History migration.

  • Device migration including permissions and offline domain join.

  • Network share permissions migration.

Architecture Overview

 

 

Overview of Data Handled by Migrator Pro for Active Directory

Migrator Pro for Active Directory collects data for a variety of directory objects.  The directory objects and properties collected are configurable to ensure only the desired objects and properties are processed.

 

  • A directory sync service, running within the customers network, processes Active Directory objects using LDAP. Objects include users, groups, contacts, and computers. Properties include account name, email addresses, contact information, department, membership and more.

  • LDAP credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

  • When the optional password sync feature is enabled, the NTLM password hash of all user accounts in scope are collected, encrypted with AES-256 and stored in SQL Server.

  • Device agents running locally on the end user’s workstation collect device properties using WMI and PowerShell. Device properties include device name, domain name, user profile locations and more.

  • Migrator Pro for Active Directory optionally stores credentials required for network share re-permission and Active Directory domain joins. These credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

Overview of Data Handled by Migrator Pro for Active Directory

 

 

Migrator Pro for Active Directory collects data for a variety of directory objects.  The directory objects and properties collected are configurable to ensure only the desired objects and properties are processed.

 

  • A directory sync service, running within the customers network, processes Active Directory objects using LDAP. Objects include users, groups, contacts, and computers. Properties include account name, email addresses, contact information, department, membership and more.

  • LDAP credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

  • When the optional password sync feature is enabled, the NTLM password hash of all user accounts in scope are collected, encrypted with AES-256 and stored in SQL Server.

  • Device agents running locally on the end user’s workstation collect device properties using WMI and PowerShell. Device properties include device name, domain name, user profile locations and more.

  • Migrator Pro for Active Directory optionally stores credentials required for network share re-permission and Active Directory domain joins. These credentials, provided by migration operators, are encrypted with AES-256 and stored in SQL Server.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级