Active Directory Migrator Advises Caution

Migratingto Active Directory will solve a number of business and technological issues,but administrators can’t approach it as a panacea for their e-businesses. If administratorsdo not properly evaluate their technological requirement, Active Directory canbe a bitter pill to swallow.

A majorattraction of Active Directory (AD) is a single consistent point of managementfor users, applications, and devices. “Active Directory allows companies tosignificantly lower management costs by providing a single place to manageusers, groups, and network resources, as well as distribute software and managedesktop configurations,” according to Jackson Shaw, product manager at Microsoft.

Butmigrating to Windows 2000, and specifically AD, is not an easy endeavor. Ittakes a lot of learning, planning, and communication.

“Do notinstall AD without doing proper planning,” says Rand Morimoto, president ofConvergent Computing. “Once you get AD installed, there aren’t a lot of optionsto modify it later.”

Convergenthas assisted several organizations with their migration efforts to Windows 2000and AD. In one effort, the consulting firm assisted a high-tech manufacturingcompany in Silicon Valley migrate 8,000 employees from an NT 4.0 domainstructure to Windows 2000.

The mainobjective of the migration was to create a single log on system for Unix andPC-based systems, and to consolidate IT asset data, purchasing, and humanresource applications. The manufacturer had three main business requirements.“First was to decrease user and asset directories and databases from four toone -- thereby, significantly decreasing administration and management time andcost,” Morimoto says. “The second requirement was to improve the reliabilityand redundancy of the directory.” Finally, Morimoto considered new Microsoftproducts like SQL Server 2000 and Exchange 2000, which require tightintegration with AD.

Prior todefining the AD structure, several initial concepts had to be emphasized to allinvolved in the planning process. “Think of the computer as an informationmanagement system,” Morimoto says. “Determine who needs access to whatresources, and get the client to forget about current NT 4.0 domain design andthink about the options and flexibility offered by AD.” The directory structurehas to reflect the business organization.

UnderstandingAD -- the concept, architecture, features, benefits and limitations -- are keyto coming up with a valid and usable design. “Do not design your AD to looklike your NT 4.0 domain design. If it looks a lot like the administrativedomain/resource domain structure that you have now, then you are missing theentire point of AD hierarchical design structure available to you,” Morimotoexplains.

Morimotosays proper and ample training is necessary for a successful migration. “Don’tthink a three- or five-day AD training class is sufficient to design a mediumor large AD. A lot of what is taught in AD training courses is consideredobsolete these days with significant lessons learned in several morecontemporary migrations.”

Severalvaluable lessons were learned during the migration process at the manufacturingcompany. One, according to Morimoto, is to, “Create fallback options in themigration process, like setting aside a clean NT 4.0 Backup Domain Controllerthat can be used in a fallback scenario.” He also adds, “Make sure all membersof the AD planning team are familiar with AD design, otherwise their participationin AD design or review is not helpful and can be counterproductive.” For thoseplanning to move to Exchange 2000, “Traditional AD design does not properlyaccount for the impact of Exchange 2000 in an environment. If you plan toimplement Exchange 2000 in your environment, learn or gain expertise from ADdesign structures that clearly have Exchange 2000 in mind, otherwise you maycome to a rude awakening when you are unable to send e-mail within yourorganization.”

When itcomes to best practices, Morimoto says to always keep the objective in mind;define the steps needed to achieve the goals; maintain good documentation;manage resources -- such as people, time, cost -- properly; communicate; andalways plan and replan.

ADdeployments will be inevitable for many companies. Project managers, therefore,should approach deployment with the understanding that to maximize what AD hasto offer, one has to take a global look at the entire organization.

TOC:Warnings from Active Directory migrations.

Pullquote:“Don’t think a three- or five-day AD training class is sufficient to design amedium or large AD. A lot of what is taught in AD training courses isconsidered obsolete these days with significant lessons learned in several morecontemporary migrations.” --Rand Morimoto, president, Convergent Computing

Microsoft Corp., Redmond, Wash.,

ConvergentComputing Inc., Oakland,Calif.,