1 / 20

Campus Active Directory Consolidation

Campus Active Directory Consolidation. Campus IT Forum September 27, 2011 Andrea Beesing, CIT Infrastructure Division. IT @ CORNELL. Topics. Deciding whether to migrate Preparing campus AD ( CornellAD ) for unit migrations Preparing IT@Cornell for AD migration activity

tibor
Download Presentation

Campus Active Directory Consolidation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Campus Active Directory Consolidation Campus IT Forum September 27, 2011 Andrea Beesing, CIT Infrastructure Division IT @ CORNELL

  2. Topics • Deciding whether to migrate • Preparing campus AD (CornellAD) for unit migrations • Preparing IT@Cornell for AD migration activity • Where to go for more information IT @ CORNELL

  3. To migrate or not to migrate • Each unit decides based on their environment and needs • Factors to consider • Commitment to virtualization • Maturity of unit AD implementation • Number of managed objects • Resources available to manage the environment • Number of Windows-based server resources IT @ CORNELL

  4. If you migrate • AD migration prior to virtualization will be smoother for end user • Minimize the time between beginning and completing a migration • Day to day management will be more demanding during the transition period • Maximize the University’s investment in resources to support the effort IT @ CORNELL

  5. Preparing CornellAD • MS certificate authority in place for secure server to server communication (IPSEC) • R2 upgrade in October • Identity Lifecycle Manager (ILM) to Forefront Identity Manager (FIM) in October • Address cornell.edu name conflict this fall • Provisioning and deprovisioning admin accounts • Activation of account using NetID in place • Deprovisioning of admin accounts based on HR status change after FIM upgrade IT @ CORNELL

  6. CornellAD support enhancements • Preparing CIT Help Desk to handle more routine questions • Training additional CIT Identity Management staff to handle backline cases • Improving content and organization of CornellAD Computing at Cornell site IT @ CORNELL

  7. Infrastructure readiness team • Moe Arif • Pete Bosanko • Laurie Collinsworth • Sean Hayes • Dan Elswit/Dan Hazlitt • KeshavSanti IT @ CORNELL

  8. Preparing IT@Cornell for migrations • Contractor engagements with Modis/Idea • Skilled resources with extensive experience with AD consolidation projects • Initial report with recommendations for overall strategy • Pilot migration project started in mid-August • Campus Life, Facilities, CALS • Complete two pilots by early November with contractors • Third pilot migration with Cornell team • SCCM review and recommendations • Purchased Quest Migration Manager licenses • Purchased Forensit Profile Wizard licenses IT @ CORNELL

  9. Migration team

  10. For more information • Virtualization Initiative website: http://www.cit.cornell.edu/about/projects/virtual/progress.cfm • CornellAD documentation site: http://www.cit.cornell.edu/services/active_directory/ • Demo of Quest Migration Manager tool at October Microsoft Management SIG on Tuesday, October 11, 8:45 to 9:45 in G10 Biotech • Contact Andrea Beesing (amb3) or Tom Parker (jtp5) IT @ CORNELL

  11. AD Migration Process Tom Parker, Project Manager OIT Planning and Program Management

  12. Pilot Studies (in progress) • Lab environment build out • Install and configure Quest migration tools • Migration testing • User/Group Migration • Resource Update Manager • Workstation Migration • Member Server Migration • Developing Test Plans • Developing Migration Plans • Building Migration Documents • Conducting Migration Demo for Campus-wide IT Admins (October 11) • Generalized Project Plan, Templates, Migration scripts IT @ CORNELL

  13. The Major Steps • Step 1 - Discovery and Unit Preparation • Step 2 - User/Groups and Workstation Migration • Step 3 - Member Server Migration and Cleanup IT @ CORNELL

  14. Step 1 (est. 3 weeks) • Discovery • User/Group Inventory • Workstation Inventory • Member Server Inventory • Application Discovery • Login Script/GPO Discovery IT @ CORNELL

  15. Step 1 (continued) • Unit Preparation (includes a pilot) • Change Control Process (CCAB etc..) • Quest tools, Admin Accounts, Service Accounts, remote access • Verify firewall changes/agent connectivity • Verify DNS resolution exists between the Unit and Cornell.edu • Verify domain level trust • Verify connectivity between source and target servers • Unit admins verify admin access to Cornell.edu OU • Identify all Service Accounts in the Unit • Create new Cornell.eduservice accounts for Unit apps • Identify local admin account for workstations • Determine backup schedule for migration scheduling purposes • Workstation readiness: file/print, server service, remote registry, admin shares.. • New OU structure • Attributes to merge (description, profile path, home folder path, home drive) • Verify GPO/Login scripts in place for delegated OU in Cornell.edu • Agent push – centralized • Computer rename (to add required prefix) – centralized • TSM IT @ CORNELL

  16. Step 2 (est. 2 weeks) • Migration of: • Users • Groups • Workstations • Troubleshooting IT @ CORNELL

  17. Step 3 (est. 2-4 weeks) • Member Server Migrations: • App Servers • File Servers • Print Servers • DB Servers • Cleanup – removal of permissions • Troubleshooting • Decommission old domain IT @ CORNELL

  18. Migrations in parallel, but staggered.. estimate of 7-9 weeks Migrating Unit (a) …. …. Step 1 Step 2 Step 3 estimate of 7-9 weeks Migrating Unit (a) …. …. Step 1 Step 2 Step 3 estimate of 7-9 weeks Migrating Unit (a) …. Step 1 Step 2 IT @ CORNELL

  19. Migration Partnership -- Roles and Responsibilities • Readiness and internal scheduling is the responsibility of the migrating units • CIT to provide: • CornellAD infrastructure • Project Management and technical support • Dedicated TSP-level migration support • Dedicated migration engineers • Access to CornellAD engineers (Tier 3) • All participants to provide: Commitment to partnership and the planning process… IT @ CORNELL

  20. For more information • Virtualization Initiative website: http://www.cit.cornell.edu/about/projects/virtual/progress.cfm • CornellAD documentation site: http://www.cit.cornell.edu/services/active_directory/ • Demo of Quest Migration Manager tool at October Microsoft Management SIG on Tuesday, October 11, 8:45 to 9:45 in G10 Biotech • Contact Andrea Beesing (amb3) or Tom Parker (jtp5) IT @ CORNELL

More Related