P1253297494HyfKr

1
Managing and Automating Active Directory Roundtabl
e
Robbie Allen Cisco Systems
2
Topics

• Build or Buy?
• User Migration
• Management Tools
• Data Provisioning

3
Build or Buy?

• Pros and Cons for each
• Depends on
• Available resources
• Available APIs
• Maturity of products
• Timeline to deliver
• Budget
• Goals
• Not mutually exclusive - odds are you will
  need to do both
• At Cisco we tend to build over buy, but we do
  an evaluation first

4
User Migration

• Analogous to jumping from one moving car to
  another
• Challenges include
• Providing seamless access to resources
• Retaining all desktop settings
• Educating users why the migration is
  necessary/important
• Minimizing downtime
• Staying within budget
• If unsuccessful, you could severely impact
  business!
• Only way to accomplish all of it is to automate

5
User Migration Cisco Process

• Background scripts run daily to do the
  following
• Populate user accounts in AD
• Migrate group accounts from NT4 to AD
• Migrate user and group SIDs from NT4 to AD
• Change logon script setting for targeted
  NT4users to AD migration app
• AD Migration app does the following
• Enables AD user account
• Copies NT4 account profile settings to AD account
• Creates computer account in AD
• Joins computer to AD
• Sets users password in AD
• Reboots machine
• Passwords were the only thing we could not
  migrate

6
Management Tools

• Default AD MMC Snap-ins
• Convenient, good for one-offs
• Limited functionality
• Does not scale well in large enterprises
• Third-party Tools
• Much more robust now
• Lot of vendors and products to choose from
• No silver-bullets
• Develop your own web-based tools
• Can build customized feature set and business
  logic
• Minimal client distribution or support issues
• Requires development resources and expertise

7
Management Tools Cisco Solution

• Developed several web-based tools
• ADAM - Account Mgmt (Users, Groups, Computers)
• ADFM Forest Mgmt (OUs, FSMOs, Trusts, Login
  Scripts)
• ADSM Schema Mgmt (Schema Extensions)
• ADRM Replication Mgmt (Site Topology)
• Allows for support of additional forests in the
  future with limited overhead
• Role-based access and customized business logic
• Each app has its own provisioning component
• Team of 3 people develop and support the apps

8
Data Provisioning

• Reduce TCO and resource requirements by
  automating
• Benefits of automating data maintenance in AD
• Repeatable process that can be used for other
  forests
• Easier to troubleshoot data integrity issues
• Can keep history of changes made
• Have clean-up processes that removes stale data
• Streamline processes, limiting manual
  intervention
• Get creative with potential data sources!

9
Data Provisioning Cisco Example

• Employees and Mailboxes (feed from HR)
• Groups (from NT4 Domains)
• SID History (from NT4 Domains)
• Mail Aliases (feed from Messaging Group)
• Printers (feed from Printer Group)
• Site Topology (from Router Config File
  Repository)
• Schema Extensions (from Web-based App)
• Organizational Units (from Web-based App)
• DC Configuration (DNS settings, Event Logs
  settings, Hotfixes)
• Stale Computers (from AD)