The process of migrating a Windows® workstation from Active Directory® (AD) to ̽»¨´óÉñ® just got easier. Our Solutions Architecture team is excited to announce the (ADMU), which automates the steps required to non-destructively convert a Windows domain account to a local user account and begin managing that account with ̽»¨´óÉñ.
For organizations that have been apprehensive about uprooting their existing AD infrastructure, the ADMU presents a new opportunity to complete the transition to the cloud. This new utility minimizes the time commitment, manual labor, and risk involved with implementing ̽»¨´óÉñ as a replacement for AD.
Using the ADMU, small-to-medium-sized enterprises can complete the transition to ̽»¨´óÉñ in anywhere from a few hours to a couple days. The result is a consolidated user and system management experience for admins, with end users barely noticing the change. Read on for more details about how the ADMU works and the tasks it automates.
Breaking Up with Active Directory
Don’t let your directory hold you back. Learn why it’s time to break up with AD.
Migrating Domain-Bound Systems to ̽»¨´óÉñ
̽»¨´óÉñ achieves its system management capabilities using a lightweight that runs in the background and communicates with our core directory service. In order to avoid a situation where ̽»¨´óÉñ would compete with AD for authoritative control over a Windows machine, this agent won’t run on systems that remain bound to an AD domain. Because of this, a full transition to ̽»¨´óÉñ from AD requires that domain accounts be converted to local user accounts, which can then be taken over by the ̽»¨´óÉñ agent. The ADMU automates this entire process: You start with a domain-bound system and end with a ̽»¨´óÉñ-managed system, with the original user account and its attributes intact.
Once a workstation has been migrated to ̽»¨´óÉñ, the user’s login experience doesn’t change, but the system now contacts your new cloud directory instead of AD as its authoritative source of truth for authentication. As an admin, you can now control the following functions remotely from ̽»¨´óÉñ’s web console:
- Add the system to a system group and apply GPO-like policies across that groupÂ
- Toggle on multi-factor authentication at Windows system login
- Enforce new password complexity and rotation requirements
- Control network connections with RADIUS
- Retrieve OS-level status and usage data using System Insightsâ„¢ (this premium feature is available to all for testing)
New to ̽»¨´óÉñ? Learn more about the benefits of migrating from Active Directory to a modern cloud directory service→
How the ADMU Works
The ADMU is a Windows application (.exe) that launches a GUI on an individual machine that needs to be migrated. You can also use the PowerShell version in .
The utility works by mirroring the existing domain account to a new local system user account, and gives you the option to leave both accounts intact. This is a great way to build confidence as you test migration in a one, some, many workflow, because you can compare the new account to the original before unbinding the original from the AD domain. You can set key preferences — like whether to automatically leave the domain — using the GUI.
For a full walkthrough of the migration process using the ADMU, check out our demo video:
If you’re curious about what’s going on under the hood, the ADMU leverages the Windows Assessment and Deployment Kit (ADK), which was designed to help admins install and configure the Windows operating system on new machines at scale. This incorporation of Microsoft’s® own existing framework for unbinding accounts from AD helps to ensure compatibility across different domain environments and reinforce security throughout the migration process.
Evaluating ̽»¨´óÉñ Before Migration
For many organizations, the possibility of replacing AD with an alternative directory service represents uncharted territory. It’s normal to have questions about how ̽»¨´óÉñ’s consolidated access control and system management platform works and whether it could really replace AD for your environment.
That’s why we’re committed to making the testing and evaluation process as straightforward and transparent as possible. You can try the full version of . Here are some more tips to help you explore our cloud directory service:Â
- . We won’t even ask for a credit card.
- Browse our library of quick-start tutorial videos to get a feel for managing users and systems with DaaS without actually migrating.
- As an alternative to immediate migration, you can also layer DaaS on top of AD to extend AD identities to a full spectrum of modern IT resources. Learn more about ̽»¨´óÉñ’s AD Integration.
Downloading the Active Directory Migration Utility
Ready to begin testing automated migration for your environment? You can . Then, all you need is a to get started. We recommend first running the ADMU on a single spare laptop or domain-bound VM, then migrating other systems as desired.
Have questions about what it would look like to implement ̽»¨´óÉñ for your unique environment? Contact us to connect with our team of engineers.
