Preparation for an Active Directory migration

Recently I was asked by a collegiate what a customer could do to prep for an Active Directory migration.  I did a quick “off the top of my head” writeup and thought I would share it here for others.  Sorry in advance that the formatting isn’t great.

Here is the list of ideas for preparing for an Active Directory migration:

  1. Workstations
    1. OS types count
    2. Firewall status
    3. Count by location
    4. Amount of “shared” devices (call centers, carts on wheels, etc.)
    5. Number of “always remote” devices (not just occasional VPN)
    6. Do WiFi connected machines connect on boot or do you sign in to wifi only after login?
    7. Device encryption?  Vendor(s)?  Tied to AD?  Numbers!
    8. Remote Registry running?  If not, then ok to enable/run during migration?
    9. Server Service running?  If not, then ok to enable/run during migration?
  2. Applications
    1. Detail those that are AD authenticating.
    2. Of those, which do not support multi-forest authentication
    3. Of those, how many user of each and what is the overlap
    4. Available outage windows for affected applications.
    5. How many SharePoint farms?  Version?  Permission by user vs. permissions by group?
  3. Active Directory
    1. List of all domains involved in Authentication of this user group.
    2. Provisioning model for both source/target?
    3. Trust map, source/target.
    4. Version and functional level of AD in both source and target.
    5. Well Known SID user and cleanup plan.
    6. Migration Service Account permissions configuration/restrictions
    7. GPO review (and remediation to target)
    8. Recovery Manager for AD deployed (or similar, though if not RMAD, proven).
    9. Backup schedule
    10. Turnaround for restores
    11. Ability to do “ad-hoc” runs?
    12. State of Target AD
    13. Already in use?
    14. Pre-existing objects matching source?  Already in use?
    15. Pre-existing automated sync between domains?
    16. Password Policy comparison and review.  (We mostly care about Min Password Age, Password History Count, but the closer we can make them the better).
    17. Change Auditor or similar installed?
  4. Network
    1. Network Map to sites with connection speeds and utilization amount
    2. Firewall restriction points
    3. IP Networks by location
    4. IP Networks of VPN
    5. VPN type/vendor
    6. VPN authentication approach
    7. Number of VPN users (total this time, not always VPN as above)
    8. VPN plan for target?
    9. Console deployment
      1. Extra RUM consoles based off of network map?
      2. At least two DSA servers, maybe more, depends on lots of info that we don’t have yet.
    10. Rate at which “extra” VM’s could be deployed if needed (say, for instance, if I needed Quick Connect).
  5. Project Management
    1. Dedicated migration engineers
    2. Coordination with Help Desk regarding call volume and routing.
    3. Coordination with corporate communications
    4. Coordination with Change Control.
      1. Compare change control processes between target and source (if they are different).
      2.       List of steps and systems to be updated for change control
      3. Approvals needed for emergency change controls and availability to those resources

In general I don’t do user to workstation mappings.  If it is a small migration then that can be useful.  If it is not then it just gets in the way.  Better to migrate by location and keep workstation and user migration separate in large migrations.  Of course, many things can complicate that approach.