So you think your directory is ready for office 365?

SO YOU THINK YOUR DIRECTORY IS READY FOR OFFICE 365?

OUR SPEAKERS

Justin HarrisMicrosoft Certified Master: ExchangeMicrosoft MVP: ExchangeSenior Solution Architect, Binary Tree

@ntexcellence

MIGRATION PLANNING

EXCHANGE SIZE

EXCH

ANGE

COM

PLEX

ITY

Amount of planning grows as the amount of size and complexity increase

COMPLEXITY

START

Design Requirements

FINISH

Scope Creep

HYBRID IS THE ANSWER!

• Glue between on-premises Exchange and Exchange Online

• Allows flexibility • Seamless coexistence• User doesn’t know where his or her mailbox resides• Unique point of differentiation

HYBRID = AZURE ACTIVE DIRECTORY

Exchange Online Exchange On Premises

Sync Users

TREY RESEARCHAD OBJECTS

No Trust

PLANNING STAGE

Admins focus onfeature/functionality

Sound migration practices are often

overlooked

Management focus on mitigating risk

Additional items need to be considered

Successful Migration

SUCCESSFUL MIGRATIONS

Prime directiveDo not disrupt users with

unscheduled outages

Affecting productivityis a costly proposition

Depending on business vertical – a miscue could

be catastrophic

Unhappy users will flavor the migration in a negative light

REFLECTING ON SUCCESSFUL MIGRATIONS

Exhibited similarsuccess criteria Careful planning UPFRONT analysis

of environment

Remediation BEFORE migration

LOE = size and complexity of environment

PLAN

• Health of on-premises Active Directory is often overlooked

• Alarming trend• Many Active Directory environments have been in

production since Windows 2000 timeframe• Staff turn over

• What are the business drivers?• Are there any regulatory, legal, retention or compliance

requirements?• How is the on-premises AD topology dependent on

existing on-premises infrastructure?• Existing network capacity? • Understanding Bus and Tech requirements are often

one of the largest challenges in the project

BUSINESS AND TECHNICAL REQUIREMENTS

DISCOVERY

AD components

External componentsHEALTH OF AD

ENVIRONMENTS

OBJECTANALYSIS

Identify object mappings

Identify potential conflicts

Identify duplicate objects

Identify inactive objects

CEDAR PARK CONSULTING

Planning a move to 365

Designed & Funded

Notifications Sent

Migration Problems

SCOPE CREEP!

• This project has just evolved into a complex migration

• Scope creep has been introduced into the project. • Switch gears to perform a discovery and rationalization exercise that was not budgeted and accounted for.

• Project dates are now slipping even before test mailboxes have been migrated to Exchange Online.

• Project fail!

COST OF PAST ACTIVE DIRECTORY DEPLOYMENTS

Resource Forest

GAL SYNC

Account Forest

RISK

Network Port Numbers

NetworkLandscape

PREPARATION IS KEY

DatacenterLayout

Racks and/or Hyper-V

SIMPLIFYING ACTIVE DIRECTORY

UNDERSTAND TARGET ENVIRONMENT

Forest 1 Forest 3

Forest 4

Forest 2

Forest 6Forest 5

UNDERSTANDING HOW USERSARE GRANTED PERMISSIONS

http://bthlp.com/ACL-NTFS

@ntexcellence

sIDHistory

http://bthlp.com/SidHist

• Collapsing domains normally requires a period of coexistence

• All users and group objects has an attribute called sIDHistory

• Attribute holds all SIDs previously assigned to the security principal

• When access token is built at login all the SIDs in sIDHistory attribute are added to keyring

@ntexcellence

ISSUES WITH MAX TOKEN SIZE

MAX TOKEN SIZE 10K

10

INTRA-FOREST MIGRATIONS

Contoso.com NA.Contoso.com

TRUSTED MIGRATIONS

Contoso.com Fabrikam.com

TRUSTLESS MIGRATIONS

Contoso.com Fabrikam.com

KEEPING THE COMPLEXITY

• There are valid scenarios where multiple domains and multiple forests must remain in existence

• The complexity of maintaining multiple forests would actually be less administrative overhead than attempting to enforce the required segregation

• Microsoft and many other vendors offer licensing models that encourage using a single tenant

• The difficulty comes in merging forests designed to segregate users’ on-premises into one unified tenant in Office 365

THE CLOUD FOREST APPROACH

REMEDIATE KNOWN ISSUES

KEY TAKEAWAYS

Argument was made that a proper discovery

effort should be completed prior to any

migration

Multi-forest scenarios introduce a tremendous amount of complexity and risk that could introduce scope

creep into the migration project

Unintended consequences could unknowingly

be introduced into the migration project

without a full rationalization of the on-premises Active Directory

Best practices were discussed to help simplify the existing on-premises

directory while mitigating risk

Thanks to our sponsors…

Check out their booths in the expo area