Which of the following are true about migrating to a new AD DS forest

Often, an IT migration is essentially an upgrade — a move to a newer version of a product. For example, you might have migrated your home PC from Windows 7 or 8 to Windows 10, or upgraded to the newest version of your favorite applications to get the latest and greatest features.

Active Directory migrations are different and more complex undertakings with many moving parts and far-reaching consequences. Despite the complexity it’s important to undertake AD migrations for the same reasons you upgrade your own OS and applications: to get new features and functionality, and because Microsoft, like every vendor, eventually stops supporting older versions of its products, leaving organizations that use the outdated software at increased risk of downtime, security issues and compliance failures.

Active Directory migration explained

What is Active Directory Migration?

To understand why AD migrations are more complex than other software or hardware upgrades it’s important to understand that Active Directory is not a standalone product. Rather, its core service, AD DS, is included in the Windows Server operating system. Therefore, you don’t migrate AD directly; rather, by upgrading Window Server on your domain controllers, you’re migrating Active Directory.

“Active Directory” refers not just to the code that Microsoft delivers as part of Window Server, but the complex ecosystem that organizations have built using it. Often, they have created thousands or even hundreds of thousands of AD objects, each with a complex set of attributes. They have lovingly crafted and honed their Group Policy to control what users and computers can and cannot do. They have established their forests, trees and domains, and fine-tuned their AD security groups and OUs. As a result, an Active Directory migration is a complex undertaking with many moving parts and far-reaching consequences.

What are AD consolidation and restructuring?

When you set up your Active Directory, you made some important decisions about its structure. Some of them, like what security groups and OUs to have, are fairly easy to change over time as your business requirements evolve, but others — such as what domains you have, the domain names you’re using and what your directory schema looks like — are less easy to modify on the fly because they affect the very foundation of your directory. Instead, you need to carefully plan out your changes and implement them carefully as part of a consolidation or restructuring project.

Over time, organizations can find that their original AD design simply hasn’t worked out well, or that the environment has become disorganized and hard to manage. They might need to move objects from one domain to a different target domain in the same AD forest, or undertake more serious repairs and renovations. Similarly, organic growth of the organization can require an Active Directory restructure or redesign. Major changes to the business, such as a merger, acquisition or divestiture, are also common drivers for an Active Directory consolidation or restructuring.

How do AD migrations, consolidations and restructuring fit together?

While it’s possible to do any one of these projects without the others, the reality is that they’re all about taking your Active Directory from point A to point B. That’s a big job, so it makes sense to get the point B that you truly want by combining the Active Directory migration, consolidation and restructuring efforts into a single project.

In other words, if you’re looking to get the new AD features and support offered by the latest version of Windows Server, it’s smart to seize the opportunity to also clean up, consolidate and restructure your AD while you’re at it. Similarly, if you’re putting in the effort to consolidate or restructure your Active Directory, you might as well migrate to the latest version of Windows Server and get all the benefits that entails as well.

What’s involved in an AD migration project?

Completing your Active Directory migration correctly and on schedule is essential for user productivity, business continuity and security — but migrations are notoriously complex and risky projects. The first step is careful planning: You need to know exactly what point A (your current environment) and point B (your desired environment) look like, lay out your procedures for getting there, and test your plan thoroughly to work out any issues or oversights.

Then you need to clean up your current AD as much as possible by right-sizing permissions, purging inactive accounts and so forth. You also need to tease out constraints about scheduling and priorities, and get buy-in from all stakeholders. And you should make sure you have a current backup, rollback capabilities and a recovery plan in case you run into problems during the migration process.

Only then should you even think about running any actual migration jobs. If possible, start with a test environment that mirrors your production environment as closely as possible, and then move on to pilot tests in the production environment. Since migrations take time, be sure you have a coexistence strategy that enables users to remain productive no matter which accounts and resources have been migrated and which have not.

Using an Active Directory migration tool

An Active Directory migration solution is essential to ensuring a successful migration project — one that is accurate and secure, seamless for the business and completed on schedule. Choosing the right Active Directory migration solution and an experienced partner can dramatically simplify the work and minimize the risk involved in your AD migration, consolidation or restructuring project.

With Migration Manager for Active Directory and Secure Copy, you can develop a comprehensive plan and execute a successful Active Directory migration, consolidation and restructuring project — on time and on budget, while ensuring that users maintain secure access to workstations, resources and email throughout the entire project.

Plan your migration

Develop a comprehensive plan and prepare by staging users, scheduling workstation moves and updating permissions.

Test your plan

Mirror your production AD environment to a test environment to test the live impact of your planned migration processes.

Migrate with zero impact on users

Migrate, consolidate and restructure your AD during business hours with no adverse effect on user productivity.

Move all types of objects

Move users, their attributes, groups, computers printers, directory permissions and more.

Avoid user frustrutation

Maintain seamless user access to all network resources throughout the project.

Automate updates

Save time and reduce risk by automatically updating permissions and resources, including AD, SharePoint, Exchange, IIS, and more.

Complete the project quickly

Automate your migration and enable parallel processing to shorten your migration timeline.

Migrate with confidence

Confidently manage your migration with confidence through a robust project management interface.

Of course, any migration or consolidation project still involves risk. So look for a vendor that offers world-class assistance to avoid pitfalls and streamline the migration process and ensure success.

Resources

Videos

How to reduce AD security risks and insider threats

Hank the Hacker is back and he's ready to attack your Active Directory (AD) environment, whether on-premises or in the cloud. Worse yet, this time he brought friends. With Disgruntled Dan and Careless Craig, he has even more leverage to take control. That's why it's so important to get protected.

Read this informative e-book, Nine Best Practices for AD Security, and discover what you can do to protect your environment from insider threats. Explore:

• Why attackers target AD and how the growing popularity of Office 365 increases the threat
• What an AD security breach means to the organization
• Why it is difficult to secure Active Directory using native auditing alone
• How a typical insider threat unfolds and how to identify common insider threat indicators
• How following nine critical security best practices will help you minimize the risk of the internal threats to the availability, confidentiality and integrity of your AD

Watch Video

Which AD DS forest model provides a one way trust relationship between forests?

What is migration in Active Directory?

What is an AD DS forest?

What are 4 methods you can use to install Active Directory domain services?