Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part6

Security Translation – Local Profiles and things to consider for end user experience

The last bit of any migration project is to keep the end user experience as simple and smooth as possible. So, by now we have successfully migrated the groups, migrated the users keeping their mailboxes intact and providing them access to all their resources using SID history. As the last bit of the migration I would like to discuss about few things that should be considered from an end user’s perspective to make their experience good when they login to the new domain.… [Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part6”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part5

Users Migration

The gun seems to be pretty much loaded with all the ammunition, ready to fire? Probably not yet …

Here I want to discuss about few basic things that are easily missed and can cause the migration to fail or go wrong. Few things worth noting down before getting into the migration:

  • Make sure you have a plan to provide the permissions of file shares that built-in groups in source domain have access to.
[Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part5”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part4

Active Directory Groups

Now that we have got our both the AD environments ready to start the migration and installed all the required tools, let’s start moving the objects over. To ensure that we have the proper security structure in place before users are migrated to target domain, we’ll be dealing with Active Directory groups before migrating any of the user objects.

So, what is an AD group? How is the security structure controlled by these groups?… [Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part4”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part3

Installation and configuration of ADMT tool and Password Export Server

Now that we have got our active directories in both source and target domain ready for migration, let’s install the tools required for migration.

ADMT Migration Account

The ADMT service account needs to have administrative rights in both source and target domains. It’s a good idea to create a user specifically for the ADMT Migration, however you may still use an existing user if desired. A single service account will be used for the entire migration:

  • In the target domain, create an administrator account

Target Domain:

  • In the source domain add the same user to the built-in Administrators group (it can’t be added directly to domain admins group).
[Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part3”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part2

Configuring source and target domains

In the previous post of this series I discussed about the tasks involved in migrating a user from a domain to another in a hybrid exchange environment. Now let’s get down to the nitty-witty of migration.

Before getting into moving the users across to target domain, there are few things that need to be installed and configured in both source and target domain. Let’s start by looking at the configuration steps for source and target domains.… [Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part2”

Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part1

An Introduction and high-level migration approach

Over the past few months I have been working on developing a strategy for migrating users from one domain in a forest to another domain in a separate forest. Sounds quite simple at the first read of it, right? Just use ADMT and migrate the groups, user accounts and profiles, job done? Well that’s what I had thought when I started working on it.

As I started digging more and more into the details, the complexities involved started unfolding.[Keep reading] “Active Directory User Migration in Hybrid Exchange Environment Using ADMT – Part1”

Brisbane O365 Saturday

On the weekend I had a pleasure of presenting to the O365 Saturday Brisbane event. Link below
http://o365saturdayaustralia.com/
In my presentation I demonstrated a new feature within Azure AD that allows the automatic assigment of licences to any of your Azure subscriptions using Dynamic Groups. So what’s cool about this feature?
Well, if you have a well established organisational structure within your on-premise AD and you are synchronising any of the attributes that you need to identity this structure, then you can have your users automatically assigned licences based on their job type, department or even location.… [Keep reading] “Brisbane O365 Saturday”

How to configure a Graphical PowerShell Dev/Admin/Support User Interface for Azure/Office365/Microsoft Identity Manager

During the development of an identity management solution I find myself with multiple PowerShell/RDP sessions connected to multiple environments using different credentials often to obtain trivial data/information. It is easy to trip yourself up as well with remote powershell sessions to differing environments. If only there was a simple UI that could front-end a set of PowerShell modules and make those simple queries quick and painless. Likewise to allow support staff to execute a canned set of queries without providing them elevated permissions.… [Keep reading] “How to configure a Graphical PowerShell Dev/Admin/Support User Interface for Azure/Office365/Microsoft Identity Manager”

Azure AD Connect – Using AuthoritativeNull in a Sync Rule

There is a feature in Azure AD Connect that became available in the November 2015 build 1.0.9125.0 (listed here), which has not had much fanfare but can certainly come in handy in tricky situations. I happened to be working on a project that required the DNS domain linked to an old Office 365 tenant to be removed so that it could be used in a new tenant. Although the old tenant was no long used for Exchange Online services, it held onto the domain in question, and Azure AD Connect was being used to synchronise objects between the on-premise Active Directory and Azure Active Directory.… [Keep reading] “Azure AD Connect – Using AuthoritativeNull in a Sync Rule”

Active Directory – What are Linked Attributes?

A customer request to add some additional attributes to their Azure AD tenant via Directory Extensions feature in the Azure AD Connect tool, lead me into further investigation. My last blog here set out the customer request, but what I didn’t detail in that blog was one of the attributes they also wanted to extend into Azure AD was directReports, an attribute they had used in the past for their custom built on-premise applications to display the list of staff the user was a manager for.… [Keep reading] “Active Directory – What are Linked Attributes?”