Tactical Advice

Managing Active Directory Migration

Try these tips for clear-cutting forests to support e-mail consolidation.
This story appears in the December 2009 issue of BizTech Magazine.

Undertaking an Active Directory migration is a big task, regardless of an organization’s size and structure. Here are four suggestions for a successful migration:

Carefully Consider a Multidomain Forest

There are few benefits or technical reasons for configuring a multidomain forest. In fact, the potential problems far outweigh any benefits. The biggest issue, though not the only concern, is the complexity that is added to Domain Name System in this type of forest structure. 

Keep the Trust

The trust needed for migration from one forest to another must remain in place until the old forest is shut down, and the names of the old and new forest must be different for the trust to work.

It’s important to determine if users need access to resources in the old forest before migrating their accounts. If they do, the trust will need to be created to allow Security Identifiers (SIDS, a unique value of variable length used by Microsoft to identify a security principal or group) to transverse the trust. Ensuring unduplicated user IDs, computers or groups between forests will also save time and headaches.

Turn to Time-Savers

Create a Group Policy Object to turn off Windows Firewall during migrations, because leaving it on can lead to troubleshooting difficulties. Create the GPO in the Organizational Unit where the workstations reside in both forests. It can be removed once migrations are complete.
Consider investing in a third-party remote-control tool outside of Remote Desktop Protocol. RDP will sometimes fail during migrations because of the state of the machine, making it difficult to fix issues. We also utilized a freeware tool called PsExec, which proved invaluable to our success.

Be Aware of These Issues

If you migrate over slow wide-area network links, start the Active Directory Migration Tool pre-check several hours before the scheduled migration times for workstations. This will allow the ADMT agent to be pushed in advance and not delay migration efforts. 

  • Develop a migration schedule
  • Write scripts to run on the machines being migrated in advance of the scheduled migration to ensure the machine can be pinged;
  • Ensure the ADMIN$ share is enabled and a common administrator user ID and password is present on each machine; and
  • Clean up old user profiles and delete temp and history files from the machines being migrated.

After the machines have migrated, depending on network structures and speeds, you may experience problems with group policies and Kerberos. If so, check to ensure firewall ports are open (if present) and that virtual private network tunnels aren’t blocking large Internet Control Message Protocol (ICMP) traffic. Look at these Windows registry keys for group policies issues:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "GroupPolicyMinTransferRate"=dword:00000000

and

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System] "GroupPolicyMinTransferRate"=dword:00000000

There are many issues to consider before migrating between Active Directory forests. Those listed above are only a few of the tips and tricks we picked up along the way to speed efforts or solve problems we encountered. Our migration won my group national recognition and is the foundation of future projects for years to come.

Dee Lueckenotte is project manager on the state of Missouri’s Active Directory and Exchange team.
Sign up for our e-newsletter

About the Author

Dee Lueckenotte

Dee Lueckenotte is project manager on the state of Missouri’s Active Directory and Exchange team.

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...