Migrations are infamous for their complexity, especially if it is a core service like Active Directory. So many IT admins want to make their Active Directory migration checklist before the event. Moreover, having a plan in place leads to many positives, like quick data transfer, minimizing errors, etc.
AD, which is located on the Windows server, has a large amount of data within it. Furthermore, it is used in critical applications, including permission management, controlling access to resources, and verifying the security credentials of users, to name a few.
To make sure that none of these features are lost during a migration, we prepared this write-up for all those who need one. Here we have compiled all the best practices and tips to overcome the challenges that might occur during an AD transfer. Speaking of challenges, let’s start our discussion by addressing them head-on.
Combat Challenges Via A Pre-Active Directory Migration Checklist
Hardware Failure: This is most often the case when a business skips over critical hardware upgrades during the lifecycle of AD service. Moreover, starting a migration with faulty hardware is quite risky. Not only the hardware in which AD resides but also the one that will be used to move it on migration day, like network cable and related infrastructure. So administrators must ensure that all items are at least within their minimum recommended specifications. One way to do this is to have a section for it on the AD migration checklist.
Security Challenges: A migration period is a delicate time for critical organizational data. Many of the protective services, like firewalls and passwords, are disabled. So, hackers and other cybercriminals try to take advantage of the situation by infiltrating the AD. Therefore, to ensure that their attempts are not successful, IT admins must have a dedicated security team. Moreover, they must have their own set of plans to follow in the form of a checklist.
Prioritizing Data: Migration can be a long process, especially for large organizations with thousands of employees. So IT admins must make sure that their project plan has details on which data is to be migrated first. Depending on the requirements, certain departments may have to be prioritized. A shortcut is to automate prioritizing, which is one of the features present in the professional utility provided.
Handling Downtime: Closing the services temporarily might be necessary for certain migration scenarios. It is now the skill of the administrator to minimize the duration of this unavoidable downtime. They should anticipate it, mention it on the checklist, and then circulate it throughout the organization. This ensures all relevant parties are informed about the situation beforehand. Admins can avoid downtime by using the expert-recommended utility.
Part One of AD Migration Checklist- Setup, Inventory, Trust
No migration can take place if we don’t have an endpoint to send the data to. So IT admins must first make sure that the target server/ or domain is ready and online to receive the data.
Moreover, all of these points must be marked complete on the AD migration checklist:
- Preparations for network link establishment between endpoints
- Opting for the server core installation option
- Securing servers with the latest Windows server updates
- Assigning a distinct IP address to the Domain Controller
- Deploying the AD DS role for Active Directory management
- Limiting roles to ADDS and DNS for simplification
- Transferring application and server roles from existing Domain Controllers
- Relocating FSMO roles to new Domain Controllers
Inventory the Data present in the Current Active Directory: Every bit of data that needs to be replicated on the destination must be identified and accounted for. Admins must not miss out on any user, domain, computer, group, or policy. It is only after that admins can make any adjustments based on the migration type. Which can be one of the following:
- Intra-forest Migration
- Inter-forest Migration
- Site Topology Migration
- Non-trusted Domain Migration
- Advanced User and Group Object Property Migration
- Migrated Object Property Customization
- Active Directory Delegation Migration
Then pick the method by which you approach the migration, i.e. restructure the data first then migrate, or vice versa.
Establish Trust Between Endpoints: Without this, the migration is not possible. Follow the steps
- Open the Domains and Trust admin Tool of the Active Directory.
- Inside the console, right-click the domain and select “Properties.”
- Visit the Trusts section and hit “New Trust” then press “Next”.
- Type the name of your DNS and click next
Part Two – Training, Testing, and Clean-Up
Make a training plan that is in line with all the different departments that are to be migrated. This is to give users time to adjust and reduce employee-side errors. Some key departments and their training requirements are specified below:
Help Desk: Requires training on assistance-related tasks. Acts as the information center during the migration.
Desktop Team: As AD is more of a server-heavy service they need only basic training on the setting up of policies of the various user devices.
Server Team: They need in-depth training sessions on how to handle key permissions and shift the same to the new active directory.
Application Team: All the various applications tied to the AD must have a dedicated team in charge. Those in charge need to make sure that all apps work flawlessly on the new server.
Each organization is different so the roles and training vary accordingly. ID admins must make sure all training is done prior to the migration date.
Also Read: How to Create Group in SharePoint? The Complete Guide
Tidy Up the Data: It is only after the training that users can identify which data is important and which is redundant. Once the training is complete, start the cleanup operation right away so as to waste any time. Worn-out data is often in the form of
- Invalid users
- Outdated Credentials
- Inactive Contacts
Make sure all of these are removed so as not to clog up the migration pipeline.
Part Three of Active Directory Migration Checklist Pre-Migration
Backup of all the key apps and data
- Inspecting Site Services and Synchronizing Networks in DNS Reverse Lookup Zones
- Prioritizing DNS Secure Updates for Enhanced Security
- Implementing DHCP Proxy Updates for Compatibility
- Utilizing ADBA and VAMT (ADK) instead of KMS Host for Activation
- Familiarizing with Active Directory Administrative Center (DSAC), Server Manager, and Windows Admin Center
- Promoting Secure Practices by Avoiding RDP and Local Login to ADDS Servers
- Transitioning from Login Scripts to GPOs for Enhanced Control
- Upgrading from ADM-Based GPOs to ADMX Format
- Regularly Backing Up and Updating ADMX Templates
- Maximizing AD Capabilities with the Latest Functional and Forest Levels
- Separate the Items into batches, with most import data in the first batch
- Remove all network restrictions, like firewalls and user-level passwords, to avoid hurdles during the migration
- Passwords can be migrated, but it’s better to generate new ones to avoid security vulnerabilities.
- SID history should be in a working state
- All permissions should have separate backups
- Instead of the GUI, apply scripts to mirror the structure.
- At last, finalize the choices at the source Active Directory
Active Directory Migration Checklist to Deal with Post-Migration Challenges
Even when the migration is done and dusted, there are still some tasks left. Follow the list below and make sure you don’t skip any of them.
Also Read: How to Manage User Profiles in SharePoint Admin Center? The Complete Guide
- Once the user’s data is at its intended location, send the password update protocol and put an immediate stop to all user activity in the original active directory.
- Before putting an end to user access, ensure that DNS Forward and Reverse Zones are up-to-date
- Make a task force of known users who have enough experience with AD to find and list any errors.
- In case the testing team finds any inconsistencies, they can apply the DeltaSyncUP feature of the tool and bring all the new data to the destination server.
- Do not forget to activate the AD recycle bin, as it is an essential component of recovery management.
- Conduct the testing operations for at least a whole business week, and once all checks are made and finalized, retire the old Active directory.
Conclusion
Now users have a clear understanding of what items to include in an Active Directory migration checklist. Here we discussed all the major challenges and provided a part-by-part breakdown of the entire migration checklist. Moreover, an advanced utility was also included for users who wanted an error-free experience. The guidelines here are simple enough to be understood by even newly app.