When migrating Office 365 tenancies for acquisitions, mergers, or divestitures; there needs to be a good amount of consideration given to the back-end identity infrastructure supporting each Office 365 tenant.
Active Directory Directory Services (AD DS) is generally the identity store that connects Enterprise to Office 365 Azure Active Directory. There can be various ways the on-premises Active Directory is connected to Azure Active Directory based on each customers’ individual configuration. There could also be a 3rd party Identity provider in the configuration such as Okta, Ping, etc.
Active Directory and Tenant Migrations; Things to Think About
- How are accounts being provisioned today? And how do you integrate that process before, during, and after the migration?
- How do we provide identity coexistence during the tenant to tenant migration?
- How do we move computers and identities between domains and still provide a seamless transition for users?
- Do you want to move your users to the target Active Directory before, during, or after the Office 365 migration?
- Will the network connection structure affect the Active Directory migration?
- How will the use of a 3rd party identity provider impact the migration of Active Directory?
These are items that have to be thought about in addition to the tasks for Office 365 tenant migration. These will be important based on the business and technical requirements of the migration. Identity synchronization and merging of identities into the target Active Directory and Office 365 tenant will be considerations that need to be understood during the migration coexistence planning. Unless there are a small amount of accounts and services migrating to the target Office 365 tenancy, there will likely be a “coexistence” period during the migration.
Another consideration is what migration tool will be used to migrate Active Directory objects? There are various tools to do computer and user migrations for Active Directory. We have used all the leading tool sets to perform migrations for Active Directory. Some work well as others have some issues. Those considerations would be planned for during migration design sessions.
Active Directory migration steps
The following steps are the basics of Active Directory migration. They are the high-level steps needed during a tenant to tenant migration.
- Network connectivity between source and target Active Directory forest/domains is established
- Forest or domain trusts in place for best experience with Active Directory migration
- Synchronize users as mail-enabled users and groups from source to target Active Directory via software migration tool or other solution (script, directory sync process, etc.)
- Update permissions for source servers with synchronized account information (usually done with a migration tool)
- Migrate users workstations to target Active Directory domain
- Migrate source servers to target Active Directory
A high level diagram is shown below of a generic environment:
We can see that there are many things to consider when migrating Active Directory along with a tenant to tenant Office 365 migration. We have experience with many different scenarios for tenant to tenant and Active Directory migrations. If you have questions or need help planning and executing a tenant to tenant and/or Active Directory migration, please connect with us to learn how Perficient can help you and your organization maximize these tools and solutions.