so you think your directory is ready for office 365?
TRANSCRIPT
![Page 1: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/1.jpg)
SO YOU THINK YOUR DIRECTORY IS READY FOR OFFICE 365?
![Page 2: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/2.jpg)
OUR SPEAKERS
Justin HarrisMicrosoft Certified Master: ExchangeMicrosoft MVP: ExchangeSenior Solution Architect, Binary Tree
@ntexcellence
![Page 3: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/3.jpg)
MIGRATION PLANNING
EXCHANGE SIZE
EXCH
ANGE
COM
PLEX
ITY
Amount of planning grows as the amount of size and complexity increase
![Page 4: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/4.jpg)
COMPLEXITY
START
Design Requirements
FINISH
Scope Creep
![Page 5: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/5.jpg)
HYBRID IS THE ANSWER!
• Glue between on-premises Exchange and Exchange Online
• Allows flexibility • Seamless coexistence• User doesn’t know where his or her mailbox resides• Unique point of differentiation
![Page 6: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/6.jpg)
HYBRID = AZURE ACTIVE DIRECTORY
Exchange Online Exchange On Premises
Sync Users
TREY RESEARCHAD OBJECTS
No Trust
![Page 7: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/7.jpg)
PLANNING STAGE
Admins focus onfeature/functionality
Sound migration practices are often
overlooked
Management focus on mitigating risk
Additional items need to be considered
![Page 8: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/8.jpg)
Successful Migration
SUCCESSFUL MIGRATIONS
Prime directiveDo not disrupt users with
unscheduled outages
Affecting productivityis a costly proposition
Depending on business vertical – a miscue could
be catastrophic
Unhappy users will flavor the migration in a negative light
![Page 9: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/9.jpg)
REFLECTING ON SUCCESSFUL MIGRATIONS
Exhibited similarsuccess criteria Careful planning UPFRONT analysis
of environment
Remediation BEFORE migration
LOE = size and complexity of environment
![Page 10: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/10.jpg)
PLAN
• Health of on-premises Active Directory is often overlooked
• Alarming trend• Many Active Directory environments have been in
production since Windows 2000 timeframe• Staff turn over
![Page 11: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/11.jpg)
• What are the business drivers?• Are there any regulatory, legal, retention or compliance
requirements?• How is the on-premises AD topology dependent on
existing on-premises infrastructure?• Existing network capacity? • Understanding Bus and Tech requirements are often
one of the largest challenges in the project
BUSINESS AND TECHNICAL REQUIREMENTS
![Page 12: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/12.jpg)
DISCOVERY
AD components
External componentsHEALTH OF AD
ENVIRONMENTS
OBJECTANALYSIS
Identify object mappings
Identify potential conflicts
Identify duplicate objects
Identify inactive objects
![Page 13: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/13.jpg)
CEDAR PARK CONSULTING
Planning a move to 365
Designed & Funded
Notifications Sent
Migration Problems
![Page 14: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/14.jpg)
SCOPE CREEP!
• This project has just evolved into a complex migration
• Scope creep has been introduced into the project. • Switch gears to perform a discovery and rationalization exercise that was not budgeted and accounted for.
• Project dates are now slipping even before test mailboxes have been migrated to Exchange Online.
• Project fail!
![Page 15: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/15.jpg)
COST OF PAST ACTIVE DIRECTORY DEPLOYMENTS
Resource Forest
GAL SYNC
Account Forest
![Page 16: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/16.jpg)
RISK
![Page 17: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/17.jpg)
Network Port Numbers
NetworkLandscape
PREPARATION IS KEY
DatacenterLayout
Racks and/or Hyper-V
![Page 18: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/18.jpg)
SIMPLIFYING ACTIVE DIRECTORY
![Page 19: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/19.jpg)
UNDERSTAND TARGET ENVIRONMENT
Forest 1 Forest 3
Forest 4
Forest 2
Forest 6Forest 5
![Page 20: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/20.jpg)
UNDERSTANDING HOW USERSARE GRANTED PERMISSIONS
http://bthlp.com/ACL-NTFS
@ntexcellence
![Page 21: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/21.jpg)
sIDHistory
http://bthlp.com/SidHist
• Collapsing domains normally requires a period of coexistence
• All users and group objects has an attribute called sIDHistory
• Attribute holds all SIDs previously assigned to the security principal
• When access token is built at login all the SIDs in sIDHistory attribute are added to keyring
@ntexcellence
![Page 22: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/22.jpg)
ISSUES WITH MAX TOKEN SIZE
MAX TOKEN SIZE 10K
10
![Page 23: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/23.jpg)
INTRA-FOREST MIGRATIONS
Contoso.com NA.Contoso.com
![Page 24: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/24.jpg)
TRUSTED MIGRATIONS
Contoso.com Fabrikam.com
![Page 25: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/25.jpg)
TRUSTLESS MIGRATIONS
Contoso.com Fabrikam.com
![Page 26: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/26.jpg)
KEEPING THE COMPLEXITY
• There are valid scenarios where multiple domains and multiple forests must remain in existence
• The complexity of maintaining multiple forests would actually be less administrative overhead than attempting to enforce the required segregation
• Microsoft and many other vendors offer licensing models that encourage using a single tenant
• The difficulty comes in merging forests designed to segregate users’ on-premises into one unified tenant in Office 365
![Page 27: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/27.jpg)
THE CLOUD FOREST APPROACH
![Page 28: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/28.jpg)
REMEDIATE KNOWN ISSUES
![Page 29: So you think your directory is ready for office 365?](https://reader036.vdocuments.mx/reader036/viewer/2022070601/5883eef61a28ab34428b5c13/html5/thumbnails/29.jpg)
KEY TAKEAWAYS
Argument was made that a proper discovery
effort should be completed prior to any
migration
Multi-forest scenarios introduce a tremendous amount of complexity and risk that could introduce scope
creep into the migration project
Unintended consequences could unknowingly
be introduced into the migration project
without a full rationalization of the on-premises Active Directory
Best practices were discussed to help simplify the existing on-premises
directory while mitigating risk