Campus Active Directory Consolidation
Campus Active Directory
Consolidation
Campus IT Forum
September 27, 2011
Andrea Beesing, CIT Infrastructure Division
Topics
Deciding whether to migrate
Preparing campus AD (CornellAD) for unit migrations
Preparing IT@Cornell for AD migration activity
Where to go for more information
IT @ CORNELL
To migrate or not to migrate
Each unit decides based on their environment and needs
Factors to consider
Commitment to virtualization
Maturity of unit AD implementation
Number of managed objects
Resources available to manage the environment
Number of Windows-based server resources
IT @ CORNELL
If you migrate
AD migration prior to virtualization will be smoother for end user
Minimize the time between beginning and completing a migration
Day to day management will be more demanding during the transition period
Maximize the University’s investment in resources to support the effort
IT @ CORNELL
Preparing CornellAD
MS certificate authority in place for secure server to server communication (IPSEC)
R2 upgrade in October
Identity Lifecycle Manager (ILM) to Forefront Identity
Manager (FIM) in October
Address cornell.edu name conflict this fall
Provisioning and deprovisioning admin accounts
Activation of account using NetID in place
Deprovisioning of admin accounts based on HR status change after FIM upgrade
IT @ CORNELL
CornellAD support enhancements
Preparing CIT Help Desk to handle more routine questions
Training additional CIT Identity Management staff to handle backline cases
Improving content and organization of CornellAD
Computing at Cornell site
IT @ CORNELL
Infrastructure readiness team
Moe Arif
Pete Bosanko
Laurie Collinsworth
Sean Hayes
Dan Elswit/Dan Hazlitt
Keshav Santi
IT @ CORNELL
Preparing IT @ Cornell for migrations
Contractor engagements with Modis/Idea
Skilled resources with extensive experience with AD consolidation projects
Initial report with recommendations for overall strategy
Pilot migration project started in mid-August
Campus Life, Facilities, CALS
Complete two pilots by early November with contractors
Third pilot migration with Cornell team
SCCM review and recommendations
Purchased Quest Migration Manager licenses
Purchased Forensit Profile Wizard licenses
IT @ CORNELL
Migration team
AD Subteam
Andrea Beesing
P ROJECT D IRECTOR
P
Dave Thompson
Chris Wheeler
M ODIS /I DEA
C ONSULTANTS
Tom Parker
ROJECT M ANAGER
Migration team
Josh Gerner
Pete Skura
M IGRATION
E NGINEERS
Infrastructure
Readiness
Moe Arif
Keshav Santi
T IER 3 S UPPORT
IT@Cornell staff
U NIT MIGRATION
PREP AND POST
MIGRATION SUPPORT
For more information
Virtualization Initiative website: http://www.cit.cornell.edu/about/projects/virtual/progress.cfm
CornellAD documentation site: http://www.cit.cornell.edu/services/active_directory/
Demo of Quest Migration Manager tool at October Microsoft
Management SIG on Tuesday, October 11, 8:45 to 9:45 in
G10 Biotech
Contact Andrea Beesing (amb3) or Tom Parker (jtp5)
IT @ CORNELL
AD Migration Process
Tom Parker, Project Manager
OIT Planning and Program Management
IT @ CORNELL
Pilot Studies (in progress)
Lab environment build out
Install and configure Quest migration tools
Migration testing
User/Group Migration
Resource Update Manager
Workstation Migration
Member Server Migration
Developing Test Plans
Developing Migration Plans
Building Migration Documents
Conducting Migration Demo for Campus-wide IT Admins (October 11)
Generalized Project Plan, Templates, Migration scripts
IT @ CORNELL
The Major Steps
Step 1 - Discovery and Unit Preparation
Step 2 - User/Groups and Workstation Migration
Step 3 - Member Server Migration and Cleanup
IT @ CORNELL
Step 1 (est. 3 weeks)
Discovery
User/Group Inventory
Workstation Inventory
Member Server Inventory
Application Discovery
Login Script/GPO Discovery
IT @ CORNELL
Step 1 (continued)
Unit Preparation (includes a pilot)
Change Control Process (CCAB etc..)
Quest tools, Admin Accounts, Service Accounts, remote access
Verify firewall changes/agent connectivity
Verify DNS resolution exists between the Unit and Cornell.edu
Verify domain level trust
Verify connectivity between source and target servers
Unit admins verify admin access to Cornell.edu OU
Identify all Service Accounts in the Unit
Create new Cornell.edu service accounts for Unit apps
Identify local admin account for workstations
Determine backup schedule for migration scheduling purposes
Workstation readiness: file/print, server service, remote registry, admin shares..
New OU structure
Attributes to merge (description, profile path, home folder path, home drive)
Verify GPO/Login scripts in place for delegated OU in Cornell.edu
Agent push – centralized
Computer rename (to add required prefix) – centralized
TSM
IT @ CORNELL
Step 2 (est. 2 weeks)
Migration of:
Users
Groups
Workstations
Troubleshooting
IT @ CORNELL
Step 3 (est. 2-4 weeks)
Member Server Migrations:
App Servers
File Servers
Print Servers
DB Servers
Cleanup – removal of permissions
Troubleshooting
Decommission old domain
IT @ CORNELL
Migrations in parallel, but staggered..
Step 1 estimate of 7-9 weeks
….
Migrating Unit (a)
Step 2
….
Step 1
Step 3 estimate of 7-9 weeks
….
Migrating Unit (a)
Step 2
….
Step 1
Step 3 estimate of 7-9 weeks
….
Migrating Unit (a)
Step 2
IT @ CORNELL
Migration Partnership -- Roles and
Responsibilities
Readiness and internal scheduling is the responsibility of the migrating units
CIT to provide:
CornellAD infrastructure
Project Management and technical support
Dedicated TSP-level migration support
Dedicated migration engineers
Access to CornellAD engineers (Tier 3)
All participants to provide: Commitment to partnership and the planning process…
IT @ CORNELL
For more information
Virtualization Initiative website: http://www.cit.cornell.edu/about/projects/virtual/progress.cfm
CornellAD documentation site: http://www.cit.cornell.edu/services/active_directory/
Demo of Quest Migration Manager tool at October Microsoft
Management SIG on Tuesday, October 11, 8:45 to 9:45 in
G10 Biotech
Contact Andrea Beesing (amb3) or Tom Parker (jtp5)
IT @ CORNELL
