Saturday, August 04, 2012

What are the Key Differences Between ADUM and ADMT?

The main difference between ADMT and ADUM – ADMigrator is it’s coexistence during incremental migrations  and the fact that it does not 100% rely on sIDHistory.

How Does ADUM Handle Workstation Migration?

With regards to Workstations and computers, ADUM uses a remote agent scheduled to update computers locally. Once deployed every account that has been migrated and that has information on the computer resources is remapped whereby the SID of the target account (user or group) is appended where the source account is found including local groups, profiles, printers mapped drives, Outlook profiles, account rights. File, folder and share permissions. This way both the source and target account have the same profile and rights at the workstation level and the server resources level until a final cleanup is performed.

Because this feature is run prior to cutting the user over to the new domain , it is possible to stage and verify the entire migration without user impact before the user accounts are enabled in the target domain.

So, when the user is ready to be cutover to the new domain and the workstation is moved by rebooting to join it to the new domain, the target user or users are enabled in the target domain and disabled in the source domain. This feature allows for a complete or partial reversal, if for any reason the migrated accounts need to be move back to the source domain.

Thursday, August 02, 2012

ADUM Active Directory Questions Answered.

ADUM ENT and SBS includes ADMigrator for domain migration, server migration  software, securtiy reporting software, password Sychronization software as well as 3rd party utilities for SQL and Sharepoint and more to facilitate a success full migration. ManageRED also includes a migration expert to get you started or a vitual expert available throughout your migration as require. Most importantly there is no per user licensing! 

ADUM Active Directory Migration  Questions and Answers.

Continuous synchronization
Password synchronization can be scheduled throughout the project for accounts that have been stage but not yet cutover. Object properties, group membership and newly created accounts  synchronization is a manual process… This feature is by design, allowing you to control the migration and be aware of the changes in the source domain throughout the migration process.

ADUM contains both premigration and ongoing validation reporting solutions as well as continuous save results feature  for each step of the migration

Because of the nature of the migration process, during the migration both the old accounts and migrated objects exist in both domains (source accounts and target accounts have the same rights and security). At any given time only one account is enabled. The source account is enabled during the migration process with a target disabled account in the target domain. After cutover, the target account is enabled and the source account disabled. To undo the account migration is just a simple reversing the enable-disable property of the accounts. The only real  undo feature is for workstations and servers, if they need to be moved back to the source domain. The original source domain user and group objects are  never changed.

Inter-forest migration destructive or not, Intra-forest migration destructive or not Site topology migration, migration without trusts Advanced object selection capabilities Property population rules Security descriptor migration Consolidated resource updating Workstation update Laptop update Server infrastructure update Clean-up SIDHistory

ADUM does not require trust relationship (but is perferred) by installing one console in the source domain and one console in the target domain each portion of the migration is run in the domain where the action needs to take place sharing a common project.

ADUM is project based, you can create multiple projects of sub migrations with selected objects (users, groups, computers etc) or you can granualarly customize the migration by importing a text list of samAccountNames for users, groups and netBIOS UNC names for computers to limit the scope of the migration.

ADUM is completely modifiable… select or add any Active Directory attribute for user and group objects that are writable and necessary for your unique migration scenario.

ADUM uses both SIDHistory and a Remapping process in INTRA FOREST Migrations to maintain security and access to resources with an append process thus allowing for duality during the migration process where both source account and target accounts have the same access to resources.

ADUM uses Remapping process in INTER FOREST Migrations to maintain security and access to resources with an append process thus allowing for duality during the migration process where both source account and target accounts have the same access.

Both Server and Workstation (as well as  laptops)  Remapping process can be scheduled daily to maintain ACL changes during the migration period. This process uses and an append feature that appends the SID of the target account where the Source account has access inluding: files, folders, shares, rights, NTFS permissions, share permissions, profiles,  Outlook, printer access, mapped drives etc. An additional feature over rides DHCP for the default DNS server, and the primary DNS suffix list order as well as setting the default logon domain during the computer cutover stage.

Once the migration is complete and and stable the ADUM Remap Process will cleanup and remove the source SID from all resources, servers and workstations, as well as perform a sIDHistory cleanup if sIDHistory was used. During the entire process the source domain is never changed except the servers and workstation are moved to the new domain.

ADUM external domain feature: if the source object is a member of an universal security or an universal distribution  groups in any external trusted domain, the target object  can be adde to the the external domain groups using an automated process, whereby Universal security group accounts are appended and Distribution Group accounts are relaced when the accounts are cut over to the new domain.

The ADUM software bundle  is completely customizable and with the addition of utilizing a migration expert throughout the project as need, Active Directory Migrations need not be over whelming.

Learn More...