On Demand Migration (ODM) for Active Directory (AD) is an AD migration solution that enables you to migrate and consolidate AD environments, accelerating your enterprise M&A and modernization initiatives. This SaaS solution can integrate and migrate users, groups, and devices between Active Directory, Azure Active Directory, and hybrid directory environments without requiring trusts, SQL, network connectivity, or installing servers.
ODM for Active Directory is built in the Microsoft Azure cloud and helps you turn an AD migration into a repeatable process without trusts or installing servers. You can safely run your AD migration during normal business hours while your users can keep working during the migration without interruption.
The solution provides a management dashboard for scheduling and automation, is highly adaptable to custom configurations, and keeps migrated and un-migrated users and groups in sync during the AD migration.
You can customize ODM for Active Directory to meet the requirements of even the most complex AD migration. For example, you can merge two or more Active Directory environments without a trust relationship. ODM for Active Directory supports one-to-one, one-to-many, many-to-one and many-to-many configurations. You can also migrate workstations to any type of environment, including traditional AD, hybrid Azure AD, and even Azure-only environments.
On Demand Migration (ODM) for Active Directory helps your transition to the cloud by migrating Windows 10 and Windows 11 devices to Entra without reimaging and rebuilding profiles.
ODM for Active Directory lets you complete your AD migration on your own schedule, whether that’s during normal business hours or after-hours. You can even pre-schedule a migration to automatically start at a specific time. End users can keep working during the migration, with only a brief interruption when prompted to allow the computer to restart, and their desktop and applications will look exactly the same when they log back in, so they can continue working with minimal impact.
ODM for Active Directory lets you migrate any objects, settings, properties, workstations and servers within and between forests. It automatically updates permissions on resources that are migrating and can even update resources that are left behind, to ensure users do not lose access to vital files.
ODM for Active Directory builds upon Microsoft’s Offline Domain Join (ODJ) functionality that lets you easily migrate remote users without asking them to come to the office. Users follow a simple wizard to pre-enter their credentials and then they are ready for their AD migration.
Perform standard migrations using the out-of-box features or enhance your migration by configuring custom actions that automate changes to device and application settings needed for your business. ODM for Active Directory can run additional scripts and commands that update files, folders, and registry settings to ensure the migrated devices function as expected in the new environment.
Security is a top concern when you’re dealing with sensitive data.
ODM
for Active Directory avoids the use of remote procedure calls (RPC) and
remote
registry access, and it minimizes the use of open firewall ports. Plus, it
is
certified to the ISO 27001, ISO 27018, Privacy Shield and Veracode
standards.
Choose from our family of device migration solutions to meet your different needs. For example, if you're:
The below table may help you in understanding how your needs could match the Quest device solutions:
ODM AD
ODM AD Express
ODM Entra ID Devices
Project Management
Wizard-driven project setup
System-managed workflows
Discover and Match with CSV
Agent servers required for AD environments
Device migrations with an Entra ID or Hybrid Source or Target Environment
Workstation migration from AD/Hybrid to Entra ID
Workstation migration from Entra ID to Entra ID
Workstation migration from Entra ID to AD/Hybrid
Workstation migration from AD/Hybrid to AD/Hybrid
Device migrations from AD to AD
Server and workstation migration from AD to AD
VPN device migration using offline domain join
Intra-forest device migration
Basic AD Migration
Target user provisioning with basic attributes
Target group provisioning with basic attributes and membership
Customized AD Migration
Target user provisioning with full attribute sync, as-is or transformed
Target group provisioning and membership sync with full attribute sync, as-is or transformed
Contact migration with full attribute sync, as-is or transformed
Customizable workflows for directory sync and device migration
Coexistence
Ongoing directory sync
Password sync
SID History migration
NAS File Share ReACL, AD Processing Wizard
Performing an AD migration or consolidation can help strengthen your AD security, centralize your domain management, and improve end user experience. If your company currently maintains separate domains for different departments or regions, you can combine the domains to provide standardized management and security policies, while still maintaining the ability to provide granular access to the consolidated resources.
Conversely, you might be managing multiple Active Directory domains because of a merger, acquisition, or divestiture. Configuring integration between the domains can help provide coexistence by syncing passwords and providing cross-domain resource access, but this can result in increased risk and management effort. If you are maintaining separate domains after a tenant-to-tenant migration, your end users might struggle with managing multiple identities. You should always make sure Active Directory domain consolidation is part of your tenant-to-tenant migration discussions.
Active Directory is Microsoft’s original on-premises enterprise solution for organizing and managing a company’s resources such as users, groups, and devices. Active Directory objects are configured within organizational units that belong to a domain, which can itself belong to another domain or forest. Active Directory is managed by domain controllers, which can physically reside in a company office or datacenter or can run as virtual machines. When users need to access resources and applications on Active Directory servers, they must have direct network access or connect to a virtual private network.
Azure Active Directory fully resides in the cloud and removes the need for domain controllers, organizational units, and direct network access to physical servers. Microsoft maintains the infrastructure for your Azure tenant, scaling up as needed to support your company’s tenant activity. Users, groups, devices, and other resources are created and managed in the tenant and users only need Internet connectivity to access Azure resources. Azure Active Directory can also serve as an extension to Active Directory by enabling synchronization between the two environments, allowing users to authenticate to Active Directory for local resources while also having access to the cloud-only resources in Azure Active Directory.
Microsoft 365 and Azure tenants are complex cloud platforms that include many different components and resources. Microsoft supports tenant-to-tenant migrations for many of its individual workloads; however, you cannot migrate an entire tenant as-is, and there are many configurations and resources that must be directly configured in another tenant.
When it comes to AD migration, Microsoft supports migrating Azure AD objects such as users, groups, contacts, guests, and Azure-joined devices from one tenant to another. Microsoft also supports tenant-to-tenant migrations for Microsoft 365 content such as mailboxes, OneDrive, Teams, and SharePoint. You can use migration tools to perform these migrations, enable cross-tenant coexistence, and replicate resource access. Although there is no direct migration path for Azure applications, virtual servers, and most tenant policies and configurations, the Microsoft community has built a tool for exporting and importing many tenant settings to assist with your tenant migration.