Thursday, August 2, 2012

ADUM ADMigrator Questions and Answers


ADUM ENT and SBS includes ADMigrator for domain Migration, server migration  software, Securtiy reporting software, password Sychronization software as well as 3rd party utilities for SQL and Sharepoint and more to facilitate a success full migration. ManageRED also include a migration expert to get you started or a vitual expert available throughout your migration as require. Most importantly there is no per user licensing!

ADUM Active Directory Migration  Questions and Answers.

Continuous synchronization
Password synchronization can be scheduled throughout the project for accounts that have been stage but not yet cutover. Object properties, group membership and newly created accounts  synchronization is a manual process… This feature is by design, allowing you to control the migration and be aware of the changes in the source domain throughout the migration process.

Statistics
ADUM contains both premigration and ongoing validation reporting solutions as well as continuous save results feature  for each step of the migration

Undo
Because of the nature of the migration process, during the migration both the old accounts and migrated objects exist in both domains (source accounts and target accounts have the same rights and security). At any given time only one account is enabled. The source account is enabled during the migration process with a target disabled account in the target domain. After cutover, the target account is enabled and the source account disabled. To undo the account migration is just a simple reversing the enable-disable property of the accounts. The only real  undo feature is for workstations and servers, if they need to be moved back to the source domain. The original source domain user and group objects are  never changed.

Inter-forest migration destructive or not, Intra-forest migration destructive or not Site topology migration, migration without trusts Advanced object selection capabilities Property population rules Security descriptor migration Consolidated resource updating Workstation update Laptop update Server infrastructure update Clean-up SIDHistory

ADUM does not require trust relationship (but is perferred) by installing one console in the source domain and one console in the target domain each portion of the migration is run in the domain where the action needs to take place sharing a common project.

ADUM is project based, you can create multiple projects of sub migrations with selected objects (users, groups, computers etc) or you can granualarly customize the migration by importing a text list of samAccountNames for users, groups and netBIOS UNC names for computers to limit the scope of the migration.

ADUM is completely modifiable… select or add any Active Directory attribute for user and group objects that are writable and necessary for your unique migration scenario.

ADUM uses both SIDHistory and a Remapping process in INTRA FOREST Migrations to maintain security and access to resources with an append process thus allowing for duality during the migration process where both source account and target accounts have the same access to resources.

ADUM uses Remapping process in INTER FOREST Migrations to maintain security and access to resources with an append process thus allowing for duality during the migration process where both source account and target accounts have the same access.

Both Server and Workstation (as well as  laptops)  Remapping process can be scheduled daily to maintain ACL changes during the migration period. This process uses and an append feature that appends the SID of the target account where the Source account has access inluding: files, folders, shares, rights, NTFS permissions, share permissions, profiles,  Outlook, printer access, mapped drives etc. An additional feature over rides DHCP for the default DNS server, and the primary DNS suffix list order as well as setting the default logon domain during the computer cutover stage.

Once the migration is complete and and stable the ADUM Remap Process will cleanup and remove the source SID from all resources, servers and workstations, as well as perform a sIDHistory cleanup if sIDHistory was used. During the entire process the source domain is never changed except the servers and workstation are moved to the new domain.

ADUM external domain feature: if the source object is a member of an universal security or an universal distribution  groups in any external trusted domain, the target object  can be adde to the the external domain groups using an automated process, whereby Universal security group accounts are appended and Distribution Group accounts are relaced when the accounts are cut over to the new domain.

The ADUM software bundle  is completely customizable and with the addition of utilizing a migration expert throughout the project as need, Active Directory Migrations need not be over whelming.

Learn more...