Active Directory is at the heart of authentication everywhere in Windows. When you move to Office 365, you’ll link your on-premises AD to a public, cloud-based directory like Microsoft Azure AD. When you synchronize between the cloud and on-premises environments, it only makes sense to have AD organized, managed and cleaned up.
Many companies have been running AD since it was launched in Windows Server 2000. Depending on how long you’ve been running AD, you could have up to a decade and a half of obsolete practices, scattered organizational units (OU), changed roles and regulated objects mixed in with non-regulated ones.
Your Office 365 migration is the ideal opportunity to modernize (or optimize) your AD before you synchronize it to the cloud. Here are a few steps to consider:
- Normalize AD – Fewer domains and forests are generally better.
- Consolidate and clean up OUs – The OU is the ideal level of control for synchronizing containers with Azure AD. But you should avoid spreading user objects across different hierarchies within AD, which is common in deployments that have been around for a long time.
- Create a clean delegation structure – Ensure that you have a good idea of who is authorized to manage what in your on-premises AD before synching to Azure AD. It’s also good preparation for the Azure AD concept of administrative units.
- Have a strategy for provisioning and de-provisioning – This is an important step in security; unfortunately, it’s less about automation than about your own rigorous internal processes. When users’ status changes due to a change in department or termination of employment, IT needs to cancel their access to resources that their job no longer requires. Loose ends in user access can lead to even greater vulnerability once they’ve been synchronized to the cloud.
New White Paper
We’ve put together a new white paper called Top Five Ways to Prepare for Exchange 2016, SharePoint 2016 and Office 365 to help you all along the timeline of migration readiness. In it you’ll find more details for ensuring the success of your Wave 2016 migrations.
Keep an eye out for my next post in this series, which will cover implementing and testing recovery for your migration project.