When you are planning any major IT transformation, we recommend that you do what the great craftsmen do: Measure twice. Cut once. That’s because we have seen it happen time and again. You spend all this effort creating a pristine plan and understanding the cool new features of the cloud platform you are migrating to. You market those features to your end users, to help show them how it will be a change for the better. And then the moment you start migrating, you run into issues. Now you have to stop the project and remediate these problems before you can keep going.
Sound familiar? It happens to a lot of organizations. Here’s how you prevent this from happening to you. Before you load up your migration software and start moving users to the cloud, such as Microsoft 365, you should take the time—as much time as it takes—to find and fix issues with your Active Directory environment. Depending on the complexity of your environment, this discovery phase can take longer than the migration itself.
If you are like many organizations, you have had Active Directory in place since the early Windows 2000 days. That could mean over 20 years of different admins, IT changes, and mergers. You might not be able to easily find issues and inconsistencies with native monitoring tools. As a result, most companies don’t realize how important it is to perform an Active Directory health check before they migrate their messaging. So they tend to run into issues during their migration instead.
Problems with Active Directory tend to cause serious scope creep. Here are some things to watch out for:
If you have not done a deep dive on your Active Directory environment in a while, where do you start? First, do a discovery on your on-premises AD environment is a start. To help take stock, leverage an Active Directory Monitoring and Reporting tool. Use them to do an inventory of all of your accounts and what they are for. Take a look at your forests and how they are configured. Is it an account resource or empty root model? If you have multiple forests, you likely have trusts pointing in all different directions, which can easily form a tangled mess and impose security risks.
Now that you know what you have, you can make intelligent decisions to simplify, consolidate, or otherwise clean house. Let’s assume that you do a discovery and find that you have multiple domains. So you decide you need to simplify or collapse/consolidate your existing forests. As you go down that path, you need to understand how permissions are granted, which can also cause issues later.
Active Directory is the foundation of your network, and the structure that controls access to the most critical resources in your organization. The ENow Active Directory Monitoring and Reporting tool uncovers cracks in your Active Directory that can cause a security breach or poor end-user experience and enables you to quickly identify and remove users that have inappropriate access to privileged groups (Schema Admins, Domain Administrators). While ENow is not an auditing software, our reports reduce the amount of work required to cover HIPAA, SOX, and other compliance audits.
Access your FREE 14-day trial to accelerate your security awareness and simplify your compliance audits. Includes entire library of reports.