Upload
binary-tree
View
261
Download
0
Embed Size (px)
Citation preview
SO YOU THINK YOUR DIRECTORY IS READY FOR OFFICE 365?
OUR SPEAKERS
Justin HarrisMicrosoft Certified Master: ExchangeMicrosoft MVP: ExchangeSenior Solution Architect, Binary Tree
@ntexcellence
MIGRATION PLANNING
EXCHANGE SIZE
EXCH
ANGE
COM
PLEX
ITY
Amount of planning grows as the amount of size and complexity increase
COMPLEXITY
START
Design Requirements
FINISH
Scope Creep
HYBRID IS THE ANSWER!
• Glue between on-premises Exchange and Exchange Online
• Allows flexibility • Seamless coexistence• User doesn’t know where his or her mailbox resides• Unique point of differentiation
HYBRID = AZURE ACTIVE DIRECTORY
Exchange Online Exchange On Premises
Sync Users
TREY RESEARCHAD OBJECTS
No Trust
PLANNING STAGE
Admins focus onfeature/functionality
Sound migration practices are often
overlooked
Management focus on mitigating risk
Additional items need to be considered
Successful Migration
SUCCESSFUL MIGRATIONS
Prime directiveDo not disrupt users with
unscheduled outages
Affecting productivityis a costly proposition
Depending on business vertical – a miscue could
be catastrophic
Unhappy users will flavor the migration in a negative light
REFLECTING ON SUCCESSFUL MIGRATIONS
Exhibited similarsuccess criteria Careful planning UPFRONT analysis
of environment
Remediation BEFORE migration
LOE = size and complexity of environment
PLAN
• Health of on-premises Active Directory is often overlooked
• Alarming trend• Many Active Directory environments have been in
production since Windows 2000 timeframe• Staff turn over
• What are the business drivers?• Are there any regulatory, legal, retention or compliance
requirements?• How is the on-premises AD topology dependent on
existing on-premises infrastructure?• Existing network capacity? • Understanding Bus and Tech requirements are often
one of the largest challenges in the project
BUSINESS AND TECHNICAL REQUIREMENTS
DISCOVERY
AD components
External componentsHEALTH OF AD
ENVIRONMENTS
OBJECTANALYSIS
Identify object mappings
Identify potential conflicts
Identify duplicate objects
Identify inactive objects
CEDAR PARK CONSULTING
Planning a move to 365
Designed & Funded
Notifications Sent
Migration Problems
SCOPE CREEP!
• This project has just evolved into a complex migration
• Scope creep has been introduced into the project. • Switch gears to perform a discovery and rationalization exercise that was not budgeted and accounted for.
• Project dates are now slipping even before test mailboxes have been migrated to Exchange Online.
• Project fail!
COST OF PAST ACTIVE DIRECTORY DEPLOYMENTS
Resource Forest
GAL SYNC
Account Forest
RISK
Network Port Numbers
NetworkLandscape
PREPARATION IS KEY
DatacenterLayout
Racks and/or Hyper-V
SIMPLIFYING ACTIVE DIRECTORY
UNDERSTAND TARGET ENVIRONMENT
Forest 1 Forest 3
Forest 4
Forest 2
Forest 6Forest 5
UNDERSTANDING HOW USERSARE GRANTED PERMISSIONS
http://bthlp.com/ACL-NTFS
@ntexcellence
sIDHistory
http://bthlp.com/SidHist
• Collapsing domains normally requires a period of coexistence
• All users and group objects has an attribute called sIDHistory
• Attribute holds all SIDs previously assigned to the security principal
• When access token is built at login all the SIDs in sIDHistory attribute are added to keyring
@ntexcellence
ISSUES WITH MAX TOKEN SIZE
MAX TOKEN SIZE 10K
10
INTRA-FOREST MIGRATIONS
Contoso.com NA.Contoso.com
TRUSTED MIGRATIONS
Contoso.com Fabrikam.com
TRUSTLESS MIGRATIONS
Contoso.com Fabrikam.com
KEEPING THE COMPLEXITY
• There are valid scenarios where multiple domains and multiple forests must remain in existence
• The complexity of maintaining multiple forests would actually be less administrative overhead than attempting to enforce the required segregation
• Microsoft and many other vendors offer licensing models that encourage using a single tenant
• The difficulty comes in merging forests designed to segregate users’ on-premises into one unified tenant in Office 365
THE CLOUD FOREST APPROACH
REMEDIATE KNOWN ISSUES
KEY TAKEAWAYS
Argument was made that a proper discovery
effort should be completed prior to any
migration
Multi-forest scenarios introduce a tremendous amount of complexity and risk that could introduce scope
creep into the migration project
Unintended consequences could unknowingly
be introduced into the migration project
without a full rationalization of the on-premises Active Directory
Best practices were discussed to help simplify the existing on-premises
directory while mitigating risk