Methodology and Process
Developing a solid process and methodology for integrating two computing environments can be just as challenging as trying to solve the technical issues encountered during the integration.
The best way to plan for coexistence is to follow a standard project implementation methodology. Many organizations already have a standard methodology that they follow when implementing a new project. Although there are many methodologies, most of them follow the same basic steps. In the context of planning for coexistence, those steps would be
Identify the stakeholders.
Form a project team that includes stakeholders as well as individuals who will implement the plan.
Document the existing directory environment.
Map the existing directory data into future directory schema.
Plan the infrastructure to support coexistence.
Assess any risks associated with implementing the coexistence plan identified during the planning phase.
It is important to note that although planning for coexistence can be approached as a stand-alone project, it should be executed in the context of the entire Active Directory planning and deployment project. The output from this project, specifically the identification of directory data and the mapping of that data to Active Directory, is utilized by the overall Active Directory design team. In addition, many of the members of the coexistence planning team also participate on the overall Active Directory planning team.
It is extremely important that any project that involves planning, including this project for developing a coexistence plan, must be executed in the context of a larger information technology life cycle. If planning is conducted in isolation, any plan for deliverables runs the risk of being out of sync, and actually being contrary to, the Information Technology (IT) needs of the organization.
Identify the Stakeholders
The process of identifying all the stakeholders relative to your directory coexistence project can be cumbersome. However, it is an important step in planning for coexistence. As previously noted, many of the problems that can occur during project implementation can be mitigated early on by identification of and coordination with all the individuals who have a stake in the project. In the case of planning for coexistence between a legacy directory and Active Directory, there are several different types of stakeholders.
The most obvious type of stakeholder is the individual who owns the object in the directory. This individual typically has the rights to create and update the object. More than likely, this individual is part of the IT or the Information Systems (IS) groups. There might be a few exceptions, such as a directory object owned by an individual in the finance or Human Resources (HR) department.
The second type of stakeholder is either the individual whom the object effects or the individuals, or groups, who utilize the object. In the case of a user object in the directory, the stakeholders are the users themselves. It would not be practical to include every user in the planning process for directory coexistence; therefore, a single individual typically assumes proxy responsibility for representing the best interests of the users. Another example would be the case of an object in the directory that is used to support a sales-force-automation application, such as Siebel. The sales force is not the actual owner of the object, but certainly, an individual on the planning team should have the responsibility to make sure the needs of the sales force are recognized and addressed.
The third type of stakeholder is the individual, or set of individuals, who has a direct interest in making sure that the coexistence project is planned and implemented properly. This certainly includes the project manager, the IT/IS manager, and the company CIO.
Form a Project Team
After all the stakeholders are identified, it is possible to form a project team for planning the coexistence. The project team should obviously be headed up by a project manager. In smaller organizations with limited directory needs, the project manager who heads the overall Active Directory project might also be the team lead for the coexistence project. In larger organizations, coexistence might be a sub-project headed up by a different project manager than the one who is heading up the entire Active Directory project.
The team should include executive sponsorship. This might be an executive who checks on the progress of the team on a periodic basis actually participates in an active way. Whichever is the case, the executive's role should be to facilitate the removal of roadblocks to the successful completion of the project. In addition, he or she should monitor the progress of the team and report that progress to the executive committee of the company on a regular basis. Communication is one of the most important aspects of a successful project.
The project team should also include representation from all the stakeholders previously identified. This does not mean that every stakeholder should be present on the team. It is possible to identify a single individual, such as a representative from IT/IS, to represent the needs of several stakeholders.
The team should include directory experts who understand the internal workings of both Active Directory and the legacy directory environment. These individuals should also have detailed knowledge of the Microsoft Directory Synchronization (DirSync) server application.
Finally, the team must certainly include representation for all the support groups in the organization. This should include the groups that support the end users as well as central IT/IS. The implementation of any coexistence plan has an impact on the supportability of the existing environment.
Depending on the size of the organization that is planning Active Directory implementation, some of the people on this team might play several different roles. For example, the executive sponsor might also represent one of the business units.
Document Existing Environment
The process of documenting your existing environment should start by identifying the hierarchy of the legacy directory. It is important that the hierarchy is identified before the actual data is documented so that relationships between objects can be identified and understood.
After the directory hierarchy is documented, the next step is to identify all the data that exists in the legacy environment that needs to be synchronized with Active Directory. The best way to do this is to create a table that contains each object in the legacy directory and details whether there is a need to synchronize each of the object properties. See Table 6.1 for an example.
| Object Name | Properties to Synchronize | Periodic or One-time Object | Owner |
|---|---|---|---|
| User | All | Periodic | Network Administrator |
| File Share | Share Name | One-time | Workgroup Administrator |
After you have identified all the data in the legacy directory that will be synchronized, you need to contact the object owner for each object and work with them to formulate a comprehensive coexistence strategy. Most major issues with coexistence and migration occur if the team that is planning the coexistence and migration does not identify all the individuals and organizations who have a stake in the process and work with them to mitigate any possible disruptions or problems with the process.
Map the Data to Directory Schema
After the project team has identified all the data to be included in directory synchronization, it is time to map the existing data into the new directory schema that is implemented in Active Directory. This essentially means identifying the containers in Active Directory and Novell Directory Services (NDS), which will be synchronized. Because synchronization occurs on a container basis, it is not necessary to map specific objects in one directory to specific objects in the other directory. In other words, the level of granularity needed in identifying synchronization between directories is minimal. This process varies depending on the third-party directories that are being synchronized with Active Directory.
Plan the Infrastructure
Planning the infrastructure for integrating the two directory environments is critical to the success of the implementation of your coexistence plan. When planning the infrastructure, it is important to take into account the location of the legacy directory server with which Active Directory will be coexisting. The placement of servers should be such that unnecessary load is not placed on the network when the synchronization traffic starts between the two directory environments. Much of the data about the network, its clients, and its servers, is gathered during the Active Directory design project. Most of this data is valid for the coexistence project, and it should be used where appropriate.