Collapsing Active Directory

Posted on 2012-03-20
Last Modified: 2012-06-21
Good Afternoon,
Our company has elected to do away with Active Directory and Exchange in favour of a federated infrastructure that more readily allows for BYOD, scalability and private cloud.

Not being an AD expert, I'd like to get advice on how to best collapse the system.

Thanks in advance.
Question by:IanGP
  • 2
  • 2
  • 2
  • +1
LVL 30

Expert Comment

ID: 37743017
I dont think you will be getting rid of ad just yet

your basically talking of something like google cloud connect but that will not help with byod
to use byod you will still need things like group policy unless your happy for virus's to get onto your servers as byod devices can be a source

for exchange you talking about google apps ?


you wont be the first one lol m$ is loosing out to google but they are fighting back imho
LVL 30

Expert Comment

ID: 37743022
private cloud means vmware vcloud director are you going to own the servers and storge for a private cloud and use it locally
LVL 57

Expert Comment

by:Mike Kline
ID: 37743314
Have you looked into office 365?   You can put it all in the cloud or do a mix with onprem or the cloud (adfs and dirsync come into play)


Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Expert Comment

ID: 37743794
Depends on what you mean by 'collapse the system' and your configuration.  Do you have a wide-spread infrastructure?  Lots of locations with a server or two?  I'm assuming you want to consolidate, decommission, and/or re-allocate as your get rid of your domain.

You'll want to make sure you have at least two Domain Controllers running to support Exchange until the very last mailbox is gone and you're ready to shut it down.  Technically only one is needed but if it crashes, you're going to hate life so keep two active.

I can provide more details as I have a better understanding of how things are and what you intend on 'collapsing'.  Tossing AD is a huge step.  Much harder than not using it in the first place, so be prepared for a long project.

Author Comment

ID: 37751054
Thanks Kollenh.

I will be removing AD altogether. And yes, we will be consolidating as we remove AD.

Our infrastructure lies across 2 sites; Head Office and data centre. We are moving email over to Gmail and will make use of cloud storage for file sharing.


Author Comment

ID: 37776186
@mkline71 - Yes, we have looked at Office365, but it does not provide the device/OS independence tthat we are looking for.

@IanTH - The plan is to do away with all servers that we own directly and make use of 3rd party infrastructure. For example, our busines is about web and app dev, we don't want to 'waste time' on non-core business functions, but rather leave that to the infrastructure experts. We will put a security 'shell' around our servers and allow access from any device/OS provided credentials are valid.

I think we digress here.
With regards to collapsing AD, I foresee the following approach:
1) Set up local accounts for all users
2) Detach laptop/Desktop from AD
3) Break down all security groups
4) Decommission Exchange
5) Change system accounts (for websites, ticketing systems etc)
6) Decommission internal DNS structure

Thanks for the input thus far.

Accepted Solution

kollenh earned 500 total points
ID: 37779358

I think your approach plan is solid.  I'm sure you'll find additional problems as you go along but the order seems appropriate.

As a side-note, you can redirect the local user accounts to use the same 'profile' as the domain accounts.  I think you'll find that will ease the migration process.  Once you've create the local account and logged onto the system with it, edit the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\{UserAccount-GUID}\ProfileImagePath

Open in new window

Also, make sure that your Domain Controllers are the very last computer you decommission.  Once you think it's no longer needed, shut it down for a week or two, just to make sure nothing pops up.


Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question