Aelita Controls Active Directory Migrations

• 03/08/2000

The second pressure, which is much more difficult to ascertain, is to achieve a return on investment (ROI). Somewhere along the line, the operation will have had to save a few bucks. Determining that won't be easy.

The largest expense that needs to be restrained is time to implementation. Obviously, the more man-hours spent on the migration, the more expensive it becomes. To alleviate some of the burden, network management vendors have produced packaged sets of applications for directory migration. In this final part of a four-part series, ENT looks at the newly released software package from Aelita Software Corp. (www.aelita.com), the Controlled Migration Suite.

Aelita, like all directory migration vendors, takes a process-driven approach to the switch from NT domains to Windows 2000 Active Directory. In this case, company president Ratmir Timashev details a five-step approach to directory migration.

The first step is analysis and planning. Administrators need to analyze the existing domain infrastructure and complete reports on what they have and what they want to clean up. Enterprise Directory Reporter, formerly known as Virtuosity, is part of the Controlled Migration Suite and can be used to clean up domains and begin planning the organizational unit (OU) structure for Active Directory.

Step two is the model and test phase. Administrators design OUs and administrative roles. Creating a large network infrastructure, managers design a hierarchical, distributed administrative structure. Using the Domain Migration wizard and Delegation Manager, network managers can begin to model and test various scenarios while performing a pilot migration.

The actual restructuring and migration takes place in step three -- bringing users, resources, and Microsoft Exchange mailboxes over to Active Directory in manageable increments. If the organization plans to purchase larger servers for the Windows 2000 migration, this is where much of the file consolidation and data migration takes place. The Domain Migration wizard will support running in mixed mode environments -- running both Windows NT and Windows 2000 -- which most organizations will do for some time while ensuring full rollback capabilities.

Aelita's fourth step is cleaning up the newly established Active Directory. To do this, administrators run a report using the Enterprise Directory Reporter to assess the migration results. They can then clean up SIDhistory values -- a new attribute in Windows 2000 to aid migration efforts -- to strengthen the integrity of Active Directory. Administrators should also redo permission for resources to replace old ACLs, clean up security values, and remove old user accounts. This will ensure maximum efficiency in protecting network access.

In the final stage of Aelita's Active Directory migration, administrators can use Domain Migration wizard and Enterprise Directory Reporter to optimize Active Directory by pruning and grafting sections of the directory tree to optimize the Windows 2000 environment. Then they should do some final auditing and reporting to analyze the system.

According to Timashev, there are several features in Aelita's Controlled Migration Suite that make it stand out from similar solutions from FastLane Technologies (www.fastlanetech.com), Mission Critical Software (www.missioncritical.com), and Entevo Corp. (www.entevo.com).

One feature in the Domain Migration wizard automates password synchronization. So on Monday, for example, users can still access the same resources without major rework from the administrator. Another flexible part of Aelita's solution is its support of incremental migrations, allowing the process to go as quickly or slowly as the administrator wants.

Timashev says using the Controlled Migration Suite should help achieve some ROI. "[Windows 2000] certainly provides a lot of business benefits, although the transition is a very complicated process," Timashev explains. "But it can be really simplified by using third-party tools like ours."