To understand why AD migrations are more complex than other software or hardware upgrades it’s important to understand that Active Directory is not a standalone product. Rather, its core service, AD DS, is included in the Windows Server operating system. Therefore, you don’t migrate AD directly; rather, by upgrading Window Server on your domain controllers, you’re migrating Active Directory.
“Active Directory” refers not just to the code that Microsoft delivers as part of Window Server, but the complex ecosystem that organizations have built using it. Often, they have created thousands or even hundreds of thousands of AD objects, each with a complex set of attributes. They have lovingly crafted and honed their Group Policy to control what users and computers can and cannot do. They have established their forests, trees and domains, and fine-tuned their AD security groups and OUs. As a result, an Active Directory migration is a complex undertaking with many moving parts and far-reaching consequences.
When you set up your Active Directory, you made some important decisions about its structure. Some of them, like what security groups and OUs to have, are fairly easy to change over time as your business requirements evolve, but others — such as what domains you have, the domain names you’re using and what your directory schema looks like — are less easy to modify on the fly because they affect the very foundation of your directory. Instead, you need to carefully plan out your changes and implement them carefully as part of a consolidation or restructuring project.
Over time, organizations can find that their original AD design simply hasn’t worked out well, or that the environment has become disorganized and hard to manage. They might need to move objects from one domain to a different target domain in the same AD forest, or undertake more serious repairs and renovations. Similarly, organic growth of the organization can require an Active Directory restructure or redesign. Major changes to the business, such as a merger, acquisition or divestiture, are also common drivers for an Active Directory consolidation or restructuring.
While it’s possible to do any one of these projects without the others, the reality is that they’re all about taking your Active Directory from point A to point B. That’s a big job, so it makes sense to get the point B that you truly want by combining the Active Directory migration, consolidation and restructuring efforts into a single project.
In other words, if you’re looking to get the new AD features and support offered by the latest version of Windows Server, it’s smart to seize the opportunity to also clean up, consolidate and restructure your AD while you’re at it. Similarly, if you’re putting in the effort to consolidate or restructure your Active Directory, you might as well migrate to the latest version of Windows Server and get all the benefits that entails as well.
Completing your Active Directory migration correctly and on schedule is essential for user productivity, business continuity and security — but migrations are notoriously complex and risky projects. The first step is careful planning: You need to know exactly what point A (your current environment) and point B (your desired environment) look like, lay out your procedures for getting there, and test your plan thoroughly to work out any issues or oversights.
Then you need to clean up your current AD as much as possible by right-sizing permissions, purging inactive accounts and so forth. You also need to tease out constraints about scheduling and priorities, and get buy-in from all stakeholders. And you should make sure you have a current backup, rollback capabilities and a recovery plan in case you run into problems during the migration process.
Only then should you even think about running any actual migration jobs. If possible, start with a test environment that mirrors your production environment as closely as possible, and then move on to pilot tests in the production environment. Since migrations take time, be sure you have a coexistence strategy that enables users to remain productive no matter which accounts and resources have been migrated and which have not.
An Active Directory migration solution is essential to ensuring a successful migration project — one that is accurate and secure, seamless for the business and completed on schedule. Choosing the right Active Directory migration solution and an experienced partner can dramatically simplify the work and minimize the risk involved in your AD migration, consolidation or restructuring project.
With Migration Manager for Active Directory and Secure Copy, you can develop a comprehensive plan and execute a successful Active Directory migration, consolidation and restructuring project — on time and on budget, while ensuring that users maintain secure access to workstations, resources and email throughout the entire project.
Of course, any migration or consolidation project still involves risk. So look for a vendor that offers world-class assistance to avoid pitfalls and streamline the migration process and ensure success.
Active Directory is central to the success of any modern business. Check out these additional helpful pages to learn best practices for the most critical areas of Active Directory:
Conquer your next migration by making it non-event for end users