none
Years of legacy start over again, how would you do it - Active Directory RRS feed

  • Question

  • Hi everyone,

    I need your opinion.

    Say i have a domain with years of legacy. Groups and nested groups that have rights on maps on fileservers, rights on certain servers and applications.

    We want to start with an RBAC inventarisation and implementation.

    With a old hierarchy in mind and many groups, nested groups, Exchange and fileservers. How would you start?

    New domain, new accounts (for the user a second account or test account) with loss of SID history (start all over again)

    New domain, migrate with SID history

    Or do implementation in existing domain with new OU and new groups. I hope to get a lot of tips so i have a complete idea.

    Many thanks

    Tuesday, September 17, 2019 9:31 AM

All replies

  • Hi,

    Based on my experience, generally it is not required to do it in a new domain, or need a migration.

    If this domain exists for too long, the environment is too complicated, of course, you can also consider the new domain environment.

    So,it depends on the actual situation of the domain environment, i 'm afraid i can't tell which way is better here.

    Have a nice day!

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 18, 2019 7:50 AM
  • Many thanks for taking your time to answer.

    I will have a look at the customer site then. I just wanted some info in front. 

    And yes it is really legacy so that's why i was thinking of a second domain for the new implementation.

    Because taking SID history gives you the same result. Legacy

    Thursday, September 19, 2019 11:31 AM
  • Hi,

    Thanks for your posting here and welcome to share the progress here.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, September 24, 2019 1:26 AM
  • Thank you Fan for your reply, 

    Next week I have vacation and then I'm going to do more research. There are great articles about why people choose a certain implementation.

    I did do an implementation in existing domain, so I will keep this thread up with my experience in this new case when I start in October.

    Take care!

    Kind regards,

    Andre

    Tuesday, September 24, 2019 5:25 PM
  • Hi,

    Thanks for your posting here and sharing the updates!

    This will benefit all people accessing this forum. Your sharing will be highly appreciated.

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 25, 2019 1:17 AM