Campus Active Directory Consolidation

Report
Campus Active Directory
Consolidation
Campus IT Forum
September 27, 2011
Andrea Beesing, CIT Infrastructure Division
IT @ CORNELL
Topics
 Deciding whether to migrate
 Preparing campus AD (CornellAD) for unit migrations
 Preparing [email protected] for AD migration activity
 Where to go for more information
IT @ CORNELL
To migrate or not to migrate
 Each unit decides based on their environment and
needs
 Factors to consider
 Commitment to virtualization
 Maturity of unit AD implementation
 Number of managed objects
 Resources available to manage the environment
 Number of Windows-based server resources
IT @ CORNELL
If you migrate
 AD migration prior to virtualization will be smoother for
end user
 Minimize the time between beginning and completing a
migration
 Day to day management will be more demanding during
the transition period
 Maximize the University’s investment in resources to
support the effort
IT @ CORNELL
Preparing CornellAD
 MS certificate authority in place for secure server to server




communication (IPSEC)
R2 upgrade in October
Identity Lifecycle Manager (ILM) to Forefront Identity
Manager (FIM) in October
Address cornell.edu name conflict this fall
Provisioning and deprovisioning admin accounts
 Activation of account using NetID in place
 Deprovisioning of admin accounts based on HR status
change after FIM upgrade
IT @ CORNELL
CornellAD support enhancements
 Preparing CIT Help Desk to handle more routine
questions
 Training additional CIT Identity Management staff to
handle backline cases
 Improving content and organization of CornellAD
Computing at Cornell site
IT @ CORNELL
Infrastructure readiness team
 Moe Arif
 Pete Bosanko
 Laurie Collinsworth
 Sean Hayes
 Dan Elswit/Dan Hazlitt
 Keshav Santi
IT @ CORNELL
Preparing [email protected] for migrations
 Contractor engagements with Modis/Idea
 Skilled resources with extensive experience with AD
consolidation projects
 Initial report with recommendations for overall strategy
 Pilot migration project started in mid-August
 Campus Life, Facilities, CALS
 Complete two pilots by early November with contractors
 Third pilot migration with Cornell team
 SCCM review and recommendations
 Purchased Quest Migration Manager licenses
 Purchased Forensit Profile Wizard licenses
IT @ CORNELL
Migration team
AD Subteam
Andrea Beesing
PROJECT DIRECTOR
Dave Thompson
Chris Wheeler
MODIS/IDEA
CONSULTANTS
Tom Parker
PROJECT MANAGER
Migration team
Josh Gerner
Pete Skura
MIGRATION
ENGINEERS
Infrastructure
Readiness
Moe Arif
Keshav Santi
TIER 3 SUPPORT
[email protected] staff
UNIT MIGRATION
PREP AND POST
MIGRATION SUPPORT
For more information
 Virtualization Initiative website:
http://www.cit.cornell.edu/about/projects/virtual/progress.cfm
 CornellAD documentation site:
http://www.cit.cornell.edu/services/active_directory/
 Demo of Quest Migration Manager tool at October Microsoft
Management SIG on Tuesday, October 11, 8:45 to 9:45 in
G10 Biotech
 Contact Andrea Beesing (amb3) or Tom Parker (jtp5)
IT @ CORNELL
AD Migration Process
Tom Parker, Project Manager
OIT Planning and Program Management
IT @ CORNELL
Pilot Studies (in progress)

Lab environment build out

Install and configure Quest migration tools

Migration testing
 User/Group Migration
 Resource Update Manager
 Workstation Migration
 Member Server Migration

Developing Test Plans

Developing Migration Plans

Building Migration Documents

Conducting Migration Demo for Campus-wide IT Admins (October 11)

Generalized Project Plan, Templates, Migration scripts
IT @ CORNELL
The Major Steps
 Step 1 - Discovery and Unit Preparation
 Step 2 - User/Groups and Workstation Migration
 Step 3 - Member Server Migration and Cleanup
IT @ CORNELL
Step 1 (est. 3 weeks)
 Discovery





User/Group Inventory
Workstation Inventory
Member Server Inventory
Application Discovery
Login Script/GPO Discovery
IT @ CORNELL
Step 1 (continued)
 Unit Preparation (includes a pilot)


















Change Control Process (CCAB etc..)
Quest tools, Admin Accounts, Service Accounts, remote access
Verify firewall changes/agent connectivity
Verify DNS resolution exists between the Unit and Cornell.edu
Verify domain level trust
Verify connectivity between source and target servers
Unit admins verify admin access to Cornell.edu OU
Identify all Service Accounts in the Unit
Create new Cornell.edu service accounts for Unit apps
Identify local admin account for workstations
Determine backup schedule for migration scheduling purposes
Workstation readiness: file/print, server service, remote registry, admin shares..
New OU structure
Attributes to merge (description, profile path, home folder path, home drive)
Verify GPO/Login scripts in place for delegated OU in Cornell.edu
Agent push – centralized
Computer rename (to add required prefix) – centralized
TSM
IT @ CORNELL
Step 2 (est. 2 weeks)
 Migration of:
 Users
 Groups
 Workstations
 Troubleshooting
IT @ CORNELL
Step 3 (est. 2-4 weeks)
 Member Server Migrations:




App Servers
File Servers
Print Servers
DB Servers
 Cleanup – removal of permissions
 Troubleshooting
 Decommission old domain
IT @ CORNELL
Migrations in parallel, but staggered..
estimate of 7-9 weeks
Migrating Unit (a)
Step 1 …. Step 2 …. Step 3
estimate of 7-9 weeks
Migrating Unit (a)
Step 1 …. Step 2 …. Step 3
estimate of 7-
Migrating U
Step 1 …. Step
IT @ CORNELL
Migration Partnership -- Roles and
Responsibilities
 Readiness and internal scheduling is the responsibility
of the migrating units
 CIT to provide:





CornellAD infrastructure
Project Management and technical support
Dedicated TSP-level migration support
Dedicated migration engineers
Access to CornellAD engineers (Tier 3)
 All participants to provide: Commitment to partnership
and the planning process…
IT @ CORNELL
For more information
 Virtualization Initiative website:
http://www.cit.cornell.edu/about/projects/virtual/progress.cfm
 CornellAD documentation site:
http://www.cit.cornell.edu/services/active_directory/
 Demo of Quest Migration Manager tool at October Microsoft
Management SIG on Tuesday, October 11, 8:45 to 9:45 in
G10 Biotech
 Contact Andrea Beesing (amb3) or Tom Parker (jtp5)
IT @ CORNELL

similar documents