AD Migration or Greenfield - Third party tools

  • 542 Views
  • Last Post 12 August 2015
BrianB posted this 12 August 2015

All:   Has anyone ever worked with the Dell Virtual Directory Server OR the Dell Migration Manager for splitting or merging an AD forest?

  If so, what was your experience like and would you recommend the tool(s) again?

  Thanks,     Brian Britt

Order By: Standard | Newest | Votes
Bharathian posted this 12 August 2015

Used active directory migration tool ADMT (Microsoft), with merge option. Have not tried other tools.

 

Regards

Bharathi

 

show

kebabfest posted this 12 August 2015

The dell migration manager is the quest migration manager. Renamed after they blew over a billion on quest.
Overall an excellent expensive migration tool ideal if you want to do a migration quickly. The tool is designed by Russians , so the gui may seem back to front until you get used to it. 
I have migrated 100s of servers and 1000s of users\ workstations using it and it is excellent as long as you do your preparation in terms of application interactions, other ad trusts etc. .

show

Ravi.Sabharanjak posted this 12 August 2015

I have used the Quest migration tools. they do the job. they make it easier than the ADMT from what I hear, because there is a GUI for everything.
the tools are only sold with consultancy services, and neither are cheap.
I think there is no competition in this space. NetIQ had a similar suite, but they have stopped unless I am mistaken. so just be aware that if you run into bugs, they may not be fixed in a hurry.
overall the tools do help with large migrations.
-Ravi


show

bdesmond posted this 12 August 2015

BinaryTree has a competing solution that’s worth looking at. It’s certainly much more modern and takes a different approach on the client side.



 

Thanks,

Brian Desmond

brian@xxxxxxxxxxxxxxxx

 

w – 312.625.1438 | c – 312.731.3132

 

show

anandh11.v posted this 12 August 2015

I've worked on quest migration manager both AD and exchange 
On Wednesday 12 August 2015, Britt, Brian <brian.britt@xxxxxxxxxxxxxxxx> wrote:

All:   Has anyone ever worked with the Dell Virtual Directory Server OR the Dell Migration Manager for splitting or merging an AD forest?   If so, what was your experience like and would you recommend the tool(s) again?   Thanks,     Brian Britt

BrianB posted this 12 August 2015

My thinking is that we want to use a VDS to provide a consolidated view of the multiple AD domains as we move users to the greenfield. I believe the VDS will

better handle applications which cannot understand a trust relationship between domains. We not a lot of the not-so-typical-applications here. Some of our applications are not AD aware and just point to multiple DC’s to to the DNS name of the domain and round

robin DNS for connecting. They then may use the DN of a group for access control.



 

I am also thinking that rather than migrating users, groups, and server/workstations we will just reprovision into the new space. Then as applications are rebuilt

in the new space we can start fresh with groups and such.

 

Any thought on that approach? I have a meeting with dell today to discuss their Dell VDS solution. I have seen that optimalIDM has a VIS solution that seems to

work the same way. Any experiences with any of those vendor solutions out there?



 

Brian



 

 

show

Ravi.Sabharanjak posted this 12 August 2015

I have worked with the Optimal virtual directory a few years ago. it is a good product and should have improved even more now, simple to implement and support. Most other products are Java based, and I tend to run away from Java on windows whenever there is another choice :)


show

freemj1 posted this 12 August 2015

I would also consider Radiant Logic’s Virtual Directory Server. They would likely win a bake off with the competing products.

 

…John

 

show

Ravi.Sabharanjak posted this 12 August 2015

Couple of more points -
- I would use the VDS as a intermediate stage, as a coexistence mechanism while objects are being moved. When the migration is done, I would move off it - you already have an AD infrastructure to support, you may not want a VDS infrastructure to support on top of it.. The VDS infrastructure performs a little slower than native AD (understandably because it is querying 1 or more directories in the backend).- The DN's of the objects would change, as the VDS probably would create a new, unified name space although different product implementations may have different choices in this matter and maybe able to present the same namespace as one of the backend directories.- Use the experience of moving to the VDS to gather information on the working of your apps and build a app inventory. Educate people against hard coding DN's in their code, OR at least get it into config files where they can be changed easily. Educate them to use upn style user names instead of DN's for binding. All of these will help you get off the VDS when it is time.- The optimal IDM has some good features such as returning a single object if the same object exists in multiple backend directories, setting priority on which attribute is returned from what backend and presenting a unified group membership from backend groups.
-Ravi


show

bdesmond posted this 12 August 2015

This is a similar approach to what I tend to recommend minus the users and groups. I generally pull those over as they’re connected to untold numbers of ACLs.

For computers I sometimes recommend that customers stop provisioning new machines to the old environment and let it die on the vine over time. After a period of time there’s usually a minimal amount of assets left that it’s economical to move those.



 



Thanks,

Brian Desmond

brian@xxxxxxxxxxxxxxxx

 

w – 312.625.1438 | c – 312.731.3132



 

show

K3llybush posted this 12 August 2015

We looked at Empower ID for IDM and it was a solid product from what we could tell.  They don't show up on Gartner's magic quadrants because they don't pay the money to be there.  They preformed better than everyone else and they also have a virtual directory too.
Thanks,
Kelly Bush

-------- Original Message --------
Subject: RE: [ActiveDir] AD Migration or Greenfield - Third party tools
From: "Britt, Brian" <brian.britt@xxxxxxxxxxxxxxxx>
Date: Wed, August 12, 2015 11:51 am
To: "activedir@xxxxxxxxxxxxxxxx" <activedir@xxxxxxxxxxxxxxxx>

#wmQuoteWrapper /* Font Definitions / @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} #wmQuoteWrapper @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} #wmQuoteWrapper / Style Definitions */ p.MsoNormal, #wmQuoteWrapper li.MsoNormal, #wmQuoteWrapper div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman",serif;} #wmQuoteWrapper a:link, #wmQuoteWrapper span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} #wmQuoteWrapper a:visited, #wmQuoteWrapper span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} #wmQuoteWrapper span.hoenzb {mso-style-name:hoenzb;} #wmQuoteWrapper span.EmailStyle18 {mso-style-type:personal; font-family:"Calibri",sans-serif; color:#222A35; font-weight:bold; font-style:normal; text-decoration:none none;} #wmQuoteWrapper span.EmailStyle19 {mso-style-type:personal-reply; font-family:"Calibri",sans-serif; color:#1F497D;} #wmQuoteWrapper .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} #wmQuoteWrapper @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} #wmQuoteWrapper div.WordSection1 {page:WordSection1;}

My thinking is that we want to use a VDS to provide a consolidated view of the multiple AD domains as we move users to the greenfield. I believe the VDS will better handle applications which cannot understand a trust relationship between domains. We not a lot of the not-so-typical-applications here. Some of our applications are not AD aware and just point to multiple DC’s to to the DNS name of the domain and round robin DNS for connecting. They then may use the DN of a group for access control.  &nbsp; I am also thinking that rather than migrating users, groups, and server/workstations we will just reprovision into the new space. Then as applications are rebuilt in the new space we can start fresh with groups and such.  &nbsp; Any thought on that approach? I have a meeting with dell today to discuss their Dell VDS solution. I have seen that optimalIDM has a VIS solution that seems to work the same way. Any experiences with any of those vendor solutions out there?  &nbsp; Brian  &nbsp; &nbsp;   From: <a href="mailto:activedir-owner@xxxxxxxxxxxxxxxx">activedir-owner@xxxxxxxxxxxxxxxx</a> [<a href="mailto:activedir-owner@xxxxxxxxxxxxxxxx">mailto:activedir-owner@xxxxxxxxxxxxxxxx</a>] On Behalf Of Brian Desmond<br> Sent: Wednesday, August 12, 2015 11:39 AM<br> To: <a href="mailto:activedir@xxxxxxxxxxxxxxxx">activedir@xxxxxxxxxxxxxxxx</a><br> Subject: RE: [ActiveDir] AD Migration or Greenfield - Third party tools   &nbsp; BinaryTree has a competing solution that’s worth looking at. It’s certainly much more modern and takes a different approach on the client side.  &nbsp; Thanks, Brian Desmond <a target="_blank" href="mailto:brian@xxxxxxxxxxxxxxxx">brian@xxxxxxxxxxxxxxxx</a> &nbsp; w – 312.625.1438 | c – 312.731.3132 &nbsp; From: <a target="_blank" href="mailto:activedir-owner@xxxxxxxxxxxxxxxx">activedir-owner@xxxxxxxxxxxxxxxx</a> [<a target="_blank" href="mailto:activedir-owner@xxxxxxxxxxxxxxxx">mailto:activedir-owner@xxxxxxxxxxxxxxxx</a>] On Behalf Of Ravi Sabharanjak<br> Sent: Wednesday, August 12, 2015 11:37 AM<br> To: <a target="_blank" href="mailto:activedir@xxxxxxxxxxxxxxxx">activedir@xxxxxxxxxxxxxxxx</a><br> Subject: Re: [ActiveDir] AD Migration or Greenfield - Third party tools &nbsp;   I have used the Quest migration tools. they do the job. they make it easier than the ADMT from what I hear, because there is a GUI for everything.   &nbsp;   the tools are only sold with consultancy services, and neither are cheap.   &nbsp;   I think there is no competition in this space. NetIQ had&nbsp;a similar suite, but they have stopped unless I am mistaken. so just be aware that if you run into bugs, they may not be fixed in a hurry.   &nbsp;   overall the tools do help with large migrations.   &nbsp;   -Ravi    &nbsp;<br /><br /><img class="shimage" id="sh_615be854-8de8-47e6-815e-a533012b9f0c" alt ="show" src ="/Content/Images/mail-expand.png"><div class="showhidecnt" id="more_615be854-8de8-47e6-815e-a533012b9f0c" style ="display:none"><p><br /><br /></p></div>

Close