Thought of doing little help with AD migration and forest reconsolidation.
Here I am taking an example of an AD forest restructuring due to some specific reason, it was a single domain forest with some split domain complication the internal domain owned by another organization. We have done this quite some time back and some missing stuff would be there which I will be able to help if I could recollect or help with my limited knowledge.
Environment was some something like this, Single AD forest with name as Old_Domain.com, running on Windows 2008 R2
Proposed new AD forest has one Empty root domain and a resource child domain running on Windows 2012 R2.
All new domain controllers are Windows 2012 R2 core servers.
High level project plan was like,
1. Analyze Infrastructure /Environmental requirement (Infrastructure Planning and Design – IPD)
a) Prepare list of all applications, including authentication or authorization of application
b) Create POC list and work with authentication and domain name change challenges
2. Infrastructure Implementation
a) Build Domain controllers for new forest using root and child domain creation
3. Migration Proof of Concept
a) Prepare plan for Active Directory Migration
b) Create AD Migration POC list including Users, Groups, computers, Profiles include security translation
c) Prepare plan for Microsoft scoped Application / Services
d) Prepare plan for Microsoft scoped Application / Services
e) Prepare plan for Non Microsoft Application
f) Run a POC for AD migration including user, computer migration
4. Live Migration
a) Migration of users using ADMT tools
b) Migration of Computers using ADMT tools
c) Migration of Profiles
d) Migration of Microsoft Services – DHCP / DNS / PKI
e) Migration of Application Servers
Pre-Migration Study and Preparation
One of the most important part of Active directory migration from any version to the latest is migration study and preparation. This will help us identify all challenges and reduce it effectively.
Major challenges falls under
Sizes and Complexity of Environment: First and foremost thing to take care of in case of AD migration, forest restructuring and/or forest consolidation, number of domains, users, computers, servers and services increase the complexity of AD migration.
Double administration during the Transition Period : Both IT and HR system impacted more during the transition period. Until the commission of new domain and/or decommission of old domains. Both environment might be managed separately. IT department must trained to manage both together.
Security Concerns : During and after migration, current security measures need to be maintained on both environment.
Below data need to be collected in advance to address all challenges identified
- Current Security model, permissions, policies and roles
- Administrative model defined and followed by organization
- Organization monitoring strategy and escalation process
- Review current and finalize backup and restore strategy for new Domain
- List down application dependencies, create SPOC list for review domain migration
- Current AD, site & subnet, site link, replication strategy and prepare new one
- Analyze the potential risk involved
- Identify user impact and level of impacts
- Define the Go and No-GO state in case of any roll back plan
- Prepare training plan for IT and HR department and end user as required