Active Directory Migration How To Guide

From Swivel Knowledgebase
Jump to: navigation, search


Overview

This article describes the steps necessary to ensure that PINsafe continues to sync users properly in the event that you wish to migrate your Active Directory users to a new Active Directory server.

This article assumes that you've already migrated the Active Directory structure and users to a new Active Directory destination. Below are steps required to ensure that your transition is as smooth and controlled as it can be.

Solution

  • Turn off scheduled users syncs:

To prevent PINsafe trying to sync with the old Active Directory repository you can disable scheduled user syncs under Repository -> (Name of your AD Repository) on the PINsafe Administration Console. Set the sync schedule to None, making a note of the current setting so you can restore it later.

  • Amend the repository settings:

Change the Active Directory repository settings under Repository -> (Name of your AD Repository) on the PINsafe Administration Console to reflect any changes.

The most likely settings you may need to change are IP address/hostname, Username and Password to bind to the new Active Directory server.

  • Ignore FQ name changes:

This is 'yes' by default on more recent PINsafe versions, but check to ensure that this is set to 'yes' to be on the safe side.

  • Check group definitions:

Go to Repository -> Groups and check that the definitions (especially the Distinguished Names) are correct and that they can be referenced on your destination Active Directory machine. It might be wise to check the DNs for the groups using some third-party software, we recommend the use of third-party software from Softerra called LDAP Browser. This is available as freeware and as a commercial paid-for product. Available here: http://www.ldapbrowser.com/

  • Perform manual User Sync:

Once you're happy with the new settings, from the User Administration screen, select the Active Directory repository in question from the Repository drop down. Then click the User Sync button to perform a manual User Sync.

  • Restore the scheduled sync:

In the 'Turn off scheduled users syncs' section above you disabled the sync schedule for the repository under Repository -> (Name of your AD Repository) on the PINsafe Administration Console. You should also have made a note of the old setting. Once you're happy that the new repository is working you can proceed to restore the sync schedule. This will take effect once you make the change and click Apply.

Troubleshooting

If the users in the repository get marked as deleted, then you've probably got something wrong somewhere. In which case undelete the users, review the Log Viewer for any revealing messages and make any necessary amendments.