Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 790
  • Last Modified:

Collapsing Active Directory

Good Afternoon,
Our company has elected to do away with Active Directory and Exchange in favour of a federated infrastructure that more readily allows for BYOD, scalability and private cloud.

Not being an AD expert, I'd like to get advice on how to best collapse the system.

Thanks in advance.
Ian
0
IanGP
Asked:
IanGP
  • 2
  • 2
  • 2
  • +1
1 Solution
 
IanThCommented:
I dont think you will be getting rid of ad just yet

your basically talking of something like google cloud connect but that will not help with byod
to use byod you will still need things like group policy unless your happy for virus's to get onto your servers as byod devices can be a source

for exchange you talking about google apps ?

see
http://www.google.com/apps/intl/en-GB/business/index.html

you wont be the first one lol m$ is loosing out to google but they are fighting back imho
0
 
IanThCommented:
private cloud means vmware vcloud director are you going to own the servers and storge for a private cloud and use it locally
0
 
Mike KlineCommented:
Have you looked into office 365?   You can put it all in the cloud or do a mix with onprem or the cloud (adfs and dirsync come into play)

Thanks

Mike
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
kollenhCommented:
Depends on what you mean by 'collapse the system' and your configuration.  Do you have a wide-spread infrastructure?  Lots of locations with a server or two?  I'm assuming you want to consolidate, decommission, and/or re-allocate as your get rid of your domain.

You'll want to make sure you have at least two Domain Controllers running to support Exchange until the very last mailbox is gone and you're ready to shut it down.  Technically only one is needed but if it crashes, you're going to hate life so keep two active.

I can provide more details as I have a better understanding of how things are and what you intend on 'collapsing'.  Tossing AD is a huge step.  Much harder than not using it in the first place, so be prepared for a long project.
0
 
IanGPAuthor Commented:
Thanks Kollenh.

I will be removing AD altogether. And yes, we will be consolidating as we remove AD.

Our infrastructure lies across 2 sites; Head Office and data centre. We are moving email over to Gmail and will make use of cloud storage for file sharing.

Regards
Ian
0
 
IanGPAuthor Commented:
@mkline71 - Yes, we have looked at Office365, but it does not provide the device/OS independence tthat we are looking for.

@IanTH - The plan is to do away with all servers that we own directly and make use of 3rd party infrastructure. For example, our busines is about web and app dev, we don't want to 'waste time' on non-core business functions, but rather leave that to the infrastructure experts. We will put a security 'shell' around our servers and allow access from any device/OS provided credentials are valid.

I think we digress here.
With regards to collapsing AD, I foresee the following approach:
1) Set up local accounts for all users
2) Detach laptop/Desktop from AD
3) Break down all security groups
4) Decommission Exchange
5) Change system accounts (for websites, ticketing systems etc)
6) Decommission internal DNS structure

Thanks for the input thus far.
Regards
Ian
0
 
kollenhCommented:
Ian,

I think your approach plan is solid.  I'm sure you'll find additional problems as you go along but the order seems appropriate.

As a side-note, you can redirect the local user accounts to use the same 'profile' as the domain accounts.  I think you'll find that will ease the migration process.  Once you've create the local account and logged onto the system with it, edit the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\{UserAccount-GUID}\ProfileImagePath

Open in new window


Also, make sure that your Domain Controllers are the very last computer you decommission.  Once you think it's no longer needed, shut it down for a week or two, just to make sure nothing pops up.

HTH
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now