ACTIVE DIRECTORY

MIGRATION
Seven lessons learned
 Introduction
We asked our Active Directory
(AD) migration customers to share
what they learned through their
own migration experiences. Here
are the top seven lessons learned
that might help you as you plan
your own AD migration.

Nearly 90% of Quest® Migration Manager for Active Directory

customers agreed that it delivered a simple and secure AD
migration for them.
Source: TechValidate, TVID 956-B2F-B2B

2
LESSON 1.

“Know your data prior to starting

the migration.”
Many AD infrastructures are 10–15 years old
and have grown significantly over time. As a
result, there’s a good chance you don’t know
exactly what data you have, or what you do
and don’t want to migrate. By cleaning up and
consolidating your source environment before
you start your AD migration, you can make
the project faster and less complex, and also
reduce the security and compliance risks.
In fact, proper planning and preparation is
worth every minute it takes. Identify what
resources you have, decide which ones to
migrate and which to leave behind, and deter-
mine the ideal configuration settings for your
particular migration. As tedious as this assess-
ment task might seem, you’ll be happy you
did it. Waiting to uncover issues during your
migration could add months to the project and
cause problems for the business along the
way; discovering and resolving them ahead of
time will save you time and headaches down
the road.
Fortunately, there are Active Directory migra-
tion tools that automate and streamline both
the pre-migration and post-migration anal-
ysis tasks. They will help you understand the
current state of your environment, identify
and address potential conflicts prior to the
migration, and better manage and secure the
environment after the migration is complete.
As a result, you can create a sound Active
Directory migration project plan, ensure your
project proceeds smoothly on schedule and
verify that it was completed as planned.
“Know your data prior to starting the migration. Who are the
users, which servers/workstations will migrate, and which
applications will migrate. The cleaner your data the easier the
migration will be.”
Annette E. Reikow, IT Director, Adient US
(source: TechValidate TVID 2F7-FDC-7BC)

3
 LESSON 2.

“test, test, test…”

There’s no room for error in an Active Directory migration. You can’t
afford to have people locked out of their accounts because it would hurt
productivity and slow your organization down. Therefore, it’s essential to
test your AD migration thoroughly before you start any live migrations.

You can mirror your AD production environment to a test environment

to test the impact of your manual and automated migration processes. If
the test migration is a success, then you know the live ones will be suc-
cessful also. If you encounter problems during testing, you can develop
a process to work around them or recover from them should they occur
during the real migration.

Testing can also provide insight into how long your AD migration might
take, providing a reality check about whether it’s a 6-month project or a
16-month project. Be sure to also test your contingency or recovery plan
to ensure that it works and will provide the expected outcome.

An Active Directory migration tool with a flexible test mode can help you
conduct effective, comprehensive testing with far less effort, increasing
the security and reliability of your project while saving valuable IT time.

“test, test, test…”

IT Architect, medium enterprise professional services company
(source: TechValidate TVID 131-76B-8F7)

4
LESSON 3.

“Legacy applications require

significant time and planning to be
moved across ADs.”
Moving commercial applications such as
Microsoft Exchange to a new forest is more
complex than it might seem. In particular, to
ensure that users don’t lose access to the
resources they need to be productive or gain
access to resources they shouldn’t use, you
need to examine the permissions and other
setting currently in place and ensure they are
replicated to the target forest.
Migrating home-grown applications presents
even more challenges. The first task is to
identify all of the custom applications in your
environment. Tools that monitor the authenti-
cation requests in Active Directory can help
find those applications that are AD dependent.
Once you have a comprehensive list, you
need to develop a mitigation plan for each
application. For example, if the application is
hard-coded for your current domain, then a
code change will be needed; if not, then it may
be that you only need to update permissions
for the application.
Taking the time to plan your application migra-
tion carefully will pay off handsomely. Users
will be able to be productive immediately in
the new domain so they’ll consider the project
a success, and preserving proper access
rights will maintain security.

“Legacy applications require significant time and planning

to be moved across ADs.”
IT Project Manager, medium enterprise energy & utilities company
(source: TechValidate TVID F5C-E82-DC0)

5
 LESSON 4.

“Always be ready for the

unexpected.”
An Active Directory migration is complicated. Even for those who have
done it before, it doesn’t take much for things to go wrong. For example,
you might have overlooked critical resources that need to be migrated,
moved a group of users before they are ready, or missed an important
dependency during your planning and testing.

Therefore, you want to be sure you are armed with the right AD migra-
tion tools to recover and get back on track in case something goes
wrong. Look for an AD migration tool with a robust project management
interface, numerous reporting options, granular undo functionality, full
rollback, and automatic permissions updating, so you can respond
quickly and effectively to the unexpected.

“Always be ready for the unexpected. There are scenarios in our AD

migrations that have caught us off guard. Have a plan ready to deal with these
and remember the handy undo option.”
Curtis Mavity, System Engineer, Avera Health
(source: TechValidate, TVID 4AD-B5E-D04)

6
LESSON 5.

“It is key to keep users

productive all the time.”
Migrations take time — often weeks or months. Therefore, every user
migration comes with the risk of disrupting the productivity of the people
whose accounts are being migrated. If users can’t access the resources
they need to do their jobs, schedule or reschedule meetings, or view an
accurate directory, the resulting disruption can hurt your business and
result in an onslaught of calls to the help desk.

Ideally, you want employees to not even be aware there was a migration
until they receive an email from the IT team letting them know it happened.
To achieve this goal, you need to ensure proper coexistence of the source
and target environment throughout the migration process. Coexistence
ensures users maintain seamless access to servers, printers and other
network resources — the things that keep people productive but everyone
takes for granted — regardless of the user’s migration status.

Software solutions can keep the source and target directories in sync
throughout the migration project by maintaining things like security iden-
tifier (SID) history for user accounts and updating access control lists
(ACLs) on file resources. As a result, users will be able to access the
resources they need throughout the project, and may not even know
they are being migrated.
“It is key to keep users productive all
the time.”
IT Project Manager, global 500 energy & utilities company
(source: TechValidate, TVID 561-EDE-77A)

7
 LESSON 6.

“Security.”
Managing security across multiple separate AD
forest environments is an IT nightmare. In fact,
a primary goal of an AD consolidation project
is often to bring all users into one centralized
domain so IT can establish and maintain one set
of security policies for the entire organization.
That enables stronger protection of sensitive
data, and also addresses important systems
management and compliance challenges.

In addition to ensuring security after the migra-

tion, you need to worry about security during
the migration. As noted earlier, careful testing
will help you verify the accuracy and security of
your migration processes. It’s also wise to con-
sider a tool that can audit your Active Directory
environment, spot any configuration changes
made during the migration, and report all the
critical who, what, where and when details you
need to quickly investigate each event and
remediate any improper changes.

“Security.”
IT Manager, large enterprise financial services company
(source: TechValidate, TVID A02-352-458)

8
LESSON 7.

“It is worth it to pay for dedicated

tools!”
A migration is a complex process that typically Look for a tool specifically designed for migra-
takes weeks or months. Moreover, migrations tions, backed by a support team with a strong
are relatively rare in the course of an IT pro’s track record of success. Be sure it delivers the
career, so your team likely has little experience functionality you need through all stages of
with them. But the stakes are very high, since the migration project: comprehensive source
AD migrations affect critical business resources environment inventory and cleanup, migration
and can dramatically impact user productivity. planning, thorough testing, seamless coex-
istence, flexible project management, easy
Therefore, it’s wise to carefully consider which
rollback, automated permissions updates, and
tools you’ll use for your AD migration or
secure execution.
consolidation project. While native tools are
free, they have limited functionality and simply Remember, in migration as in other areas, the
can’t scale to the size and complexity of most right tool often pays for itself in the end.
AD migrations. Moreover, they don’t come
with access to experts who have performed
thousands of migrations, so you and your
inexperienced team could very well find your-
selves on your own in the middle of a complex
migration — putting security, compliance and “It is worth it to pay for dedicated tools!”
productivity across the organization at risk.
Just see what some of your peers have had to Szymon Wojnarowski, Head of Servers, Staples Solutions
(source: TechValidate, TVID 339-475-787)
say about their experience using native tools
for AD migration.

9
Conclusion
In addition to asking customers about lessons learned about migrations in general, we also requested
feedback on Quest® Migration Manager for Active Directory in particular. Here’s what they had to say:

WHY WOULD YOU RECOMMEND QUEST FOR AD MIGRATION?

“Makes life easy for a tech.”

Server Administrator, large enterprise environmental services & equipment company
(source: TechValidate, TVID 8F4-026-CAC)

“Definitely, Quest will be recommended by us for any AD

migration for their quick configuration, their support, and the
possibility to roll down.”
Engineering Director, large enterprise media & entertainment company
(source: TechValidate, TVID 5A5-DCB-66F)

“Because the tool is very powerful, it helps with a lot of tasks

you would normally have to do by hand, all in one shot.”
Billy McLaughlin, Engineer, AdvanceMed
(source: TechValidate, TVID F59-B01-A75)

“Industry leader. Ease of use. Integration with compliance suite.

Quality support model.”
Annette E. Reikow, IT Director, Adient US
(source: TechValidate, TVID 936-4ED-899)

“It’s very simple to manage and keep the migration going with a
good result.”
IT Architect, medium enterprise computer services company
(source: TechValidate, TVID 31B-8C7-BC9)

10
ABOUT QUEST © 2018 Quest Software Inc. ALL RIGHTS RESERVED.

At Quest, our purpose is to solve complex problems with simple
solutions. We accomplish this with a philosophy focused on great
products, great service and an overall goal of being simple to do
business with. Our vision is to deliver technology that eliminates the need
to choose between efficiency and effectiveness, which means you and
This guide contains proprietary information protected by copyright. The software
described in this guide is furnished under a software license or nondisclosure agreement.
This software may be used or copied only in accordance with the terms of the applicable
agreement. No part of this guide may be reproduced or transmitted in any form or by
any means, electronic or mechanical, including photocopying and recording for any
purpose other than the purchaser’s personal use without the written permission of
Quest Software Inc.

your organization can spend less time on IT administration and more time The information in this document is provided in connection with Quest Software products.
on business innovation. No license, express or implied, by estoppel or otherwise, to any intellectual property
right is granted by this document or in connection with the sale of Quest Software
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN
If you have any questions regarding your potential use of this material,
THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST SOFTWARE ASSUMES NO
contact: LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE
Quest Software Inc. IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST SOFTWARE BE LIABLE FOR ANY
Attn: LEGAL Dept DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES
4 Polaris Way (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY
Aliso Viejo, CA 92656
TO USE THIS DOCUMENT, EVEN IF QUEST SOFTWARE HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Quest Software makes no representations or
Refer to our website (www.quest.com) for regional and international office warranties with respect to the accuracy or completeness of the contents of this document
information. and reserves the right to make changes to specifications and product descriptions at
any time without notice. Quest Software does not make any commitment to update the
information contained in this document.

Patents
Quest Software is proud of our advanced technology. Patents and pending patents may
apply to this product. For the most current information about applicable patents for this
product, please visit our website at www.quest.com/legal

Trademarks
Quest and the Quest logo are trademarks and registered trademarks of Quest Software
Inc. For a complete list of Quest marks, visit www.quest.com/legal/trademark-information.
aspx. All other trademarks are property of their respective owners.

Ebook-ADMigration-US-GM-32162

11