Solved

Collapsing Active Directory

Posted on 2012-03-20
7
771 Views
Last Modified: 2012-06-21
Good Afternoon,
Our company has elected to do away with Active Directory and Exchange in favour of a federated infrastructure that more readily allows for BYOD, scalability and private cloud.

Not being an AD expert, I'd like to get advice on how to best collapse the system.

Thanks in advance.
Ian
0
Comment
Question by:IanGP
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 37743017
I dont think you will be getting rid of ad just yet

your basically talking of something like google cloud connect but that will not help with byod
to use byod you will still need things like group policy unless your happy for virus's to get onto your servers as byod devices can be a source

for exchange you talking about google apps ?

see
http://www.google.com/apps/intl/en-GB/business/index.html

you wont be the first one lol m$ is loosing out to google but they are fighting back imho
0
 
LVL 30

Expert Comment

by:IanTh
ID: 37743022
private cloud means vmware vcloud director are you going to own the servers and storge for a private cloud and use it locally
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37743314
Have you looked into office 365?   You can put it all in the cloud or do a mix with onprem or the cloud (adfs and dirsync come into play)

Thanks

Mike
0
 
LVL 5

Expert Comment

by:kollenh
ID: 37743794
Depends on what you mean by 'collapse the system' and your configuration.  Do you have a wide-spread infrastructure?  Lots of locations with a server or two?  I'm assuming you want to consolidate, decommission, and/or re-allocate as your get rid of your domain.

You'll want to make sure you have at least two Domain Controllers running to support Exchange until the very last mailbox is gone and you're ready to shut it down.  Technically only one is needed but if it crashes, you're going to hate life so keep two active.

I can provide more details as I have a better understanding of how things are and what you intend on 'collapsing'.  Tossing AD is a huge step.  Much harder than not using it in the first place, so be prepared for a long project.
0
 

Author Comment

by:IanGP
ID: 37751054
Thanks Kollenh.

I will be removing AD altogether. And yes, we will be consolidating as we remove AD.

Our infrastructure lies across 2 sites; Head Office and data centre. We are moving email over to Gmail and will make use of cloud storage for file sharing.

Regards
Ian
0
 

Author Comment

by:IanGP
ID: 37776186
@mkline71 - Yes, we have looked at Office365, but it does not provide the device/OS independence tthat we are looking for.

@IanTH - The plan is to do away with all servers that we own directly and make use of 3rd party infrastructure. For example, our busines is about web and app dev, we don't want to 'waste time' on non-core business functions, but rather leave that to the infrastructure experts. We will put a security 'shell' around our servers and allow access from any device/OS provided credentials are valid.

I think we digress here.
With regards to collapsing AD, I foresee the following approach:
1) Set up local accounts for all users
2) Detach laptop/Desktop from AD
3) Break down all security groups
4) Decommission Exchange
5) Change system accounts (for websites, ticketing systems etc)
6) Decommission internal DNS structure

Thanks for the input thus far.
Regards
Ian
0
 
LVL 5

Accepted Solution

by:
kollenh earned 500 total points
ID: 37779358
Ian,

I think your approach plan is solid.  I'm sure you'll find additional problems as you go along but the order seems appropriate.

As a side-note, you can redirect the local user accounts to use the same 'profile' as the domain accounts.  I think you'll find that will ease the migration process.  Once you've create the local account and logged onto the system with it, edit the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\{UserAccount-GUID}\ProfileImagePath

Open in new window


Also, make sure that your Domain Controllers are the very last computer you decommission.  Once you think it's no longer needed, shut it down for a week or two, just to make sure nothing pops up.

HTH
0

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now