For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Microsoft Active Directory + Quest On Demand Migration

On Demand Migration (ODM) for Active Directory (AD) is an AD migration solution that enables you to migrate and consolidate AD environments, accelerating your enterprise M&A and modernization initiatives. This SaaS solution can integrate and migrate users, groups, and devices between Active Directory, Azure Active Directory, and hybrid directory environments without requiring trusts, SQL, network connectivity, or installing servers.

ODM for Active Directory is built in the Microsoft Azure cloud and helps you turn an AD migration into a repeatable process without trusts or installing servers. You can safely run your AD migration during normal business hours while your users can keep working during the migration without interruption.

The solution provides a management dashboard for scheduling and automation, is highly adaptable to custom configurations, and keeps migrated and un-migrated users and groups in sync during the AD migration.

Streamline AD migration and domain consolidation by performing it in the cloud

 

Flexibility for any scenario

You can customize ODM for Active Directory to meet the requirements of even the most complex AD migration. For example, you can merge two or more Active Directory environments without a trust relationship. ODM for Active Directory supports one-to-one, one-to-many, many-to-one and many-to-many configurations. You can also migrate workstations to any type of environment, including traditional AD, hybrid Azure AD, and even Azure-only environments. 

Migrate Devices to the Cloud

On Demand Migration (ODM) for Active Directory helps your transition to the cloud by migrating Windows 10 and Windows 11 devices to Entra without reimaging and rebuilding profiles.

Minimize end-user disruptions

ODM for Active Directory lets you complete your AD migration on your own schedule, whether that’s during normal business hours or after-hours.  You can even pre-schedule a migration to automatically start at a specific time. End users can keep working during the migration, with only a brief interruption when prompted to allow the computer to restart, and their desktop and applications will look exactly the same when they log back in, so they can continue working with minimal impact.

Ensure a comprehensive migration

ODM for Active Directory lets you migrate any objects, settings, properties, workstations and servers within and between forests. It automatically updates permissions on resources that are migrating and can even update resources that are left behind, to ensure users do not lose access to vital files.

Migrate remote users easily

ODM for Active Directory builds upon Microsoft’s Offline Domain Join (ODJ) functionality that lets you easily migrate remote users without asking them to come to the office.  Users follow a simple wizard to pre-enter their credentials and then they are ready for their AD migration. 

Customize actions

Perform standard migrations using the out-of-box features or enhance your migration by configuring custom actions that automate changes to device and application settings needed for your business.  ODM for Active Directory can run additional scripts and commands that update files, folders, and registry settings to ensure the migrated devices function as expected in the new environment.

Maintain a highly secure AD migration

Security is a top concern when you’re dealing with sensitive data. ODM for Active Directory avoids the use of remote procedure calls (RPC) and remote registry access, and it minimizes the use of open firewall ports. Plus, it is certified to the ISO 27001, ISO 27018, Privacy Shield and Veracode standards.

Device Migration Solutions

Choose from our family of device migration solutions to meet your different needs. For example, if you're:

  • Converting existing hybrid to cloud-only for AD Mod - you may be interested in ODM Entra ID Devices
  • Migrating devices from one environment to another and don't require any coexistence - you may be interested in ODM AD Express
  • Performing a full AD migration that requires customization and/or coexistence - ODMAD is full-featured to meet the most advanced scenarios

The below table may help you in understanding how your needs could match the Quest device solutions:

 

ODM AD

ODM AD Express

ODM Entra ID Devices

Project Management

Wizard-driven project setup

checkmark
checkmark

System-managed workflows

 

checkmark
checkmark

Discover and Match with CSV

 

checkmark
checkmark

Agent servers required for AD environments

checkmark
checkmark

 

Device migrations with an Entra ID or Hybrid Source or Target Environment

Workstation migration from AD/Hybrid to Entra ID

checkmark
checkmark
checkmark

Workstation migration from Entra ID to Entra ID

checkmark
checkmark

 

Workstation migration from Entra ID to AD/Hybrid

checkmark
checkmark

 

Workstation migration from AD/Hybrid to AD/Hybrid

checkmark
checkmark

 

Device migrations from AD to AD

Server and workstation migration from AD to AD

checkmark
checkmark

 

VPN device migration using offline domain join

checkmark
checkmark

 

Intra-forest device migration

checkmark
checkmark

 

Basic AD Migration

Target user provisioning with basic attributes

checkmark
checkmark

 

Target group provisioning with basic attributes and membership

checkmark
checkmark

 

Customized AD Migration

Target user provisioning with full attribute sync, as-is or transformed

checkmark

 

 

Target group provisioning and membership sync with full attribute sync, as-is or transformed

checkmark

 

 

Contact migration with full attribute sync, as-is or transformed

checkmark

 

 

Customizable workflows for directory sync and device migration

checkmark

 

 

Coexistence

Ongoing directory sync

checkmark

 

 

Password sync

checkmark

 

 

SID History migration

checkmark

 

 

NAS File Share ReACL, AD Processing Wizard

checkmark

 

 

FAQ

Performing an AD migration or consolidation can help strengthen your AD security, centralize your domain management, and improve end user experience.  If your company currently maintains separate domains for different departments or regions, you can combine the domains to provide standardized management and security policies, while still maintaining the ability to provide granular access to the consolidated resources. 

Conversely, you might be managing multiple Active Directory domains because of a merger, acquisition, or divestiture.  Configuring integration between the domains can help provide coexistence by syncing passwords and providing cross-domain resource access, but this can result in increased risk and management effort.  If you are maintaining separate domains after a tenant-to-tenant migration, your end users might struggle with managing multiple identities.  You should always make sure Active Directory domain consolidation is part of your tenant-to-tenant migration discussions.

Active Directory is Microsoft’s original on-premises enterprise solution for organizing and managing a company’s resources such as users, groups, and devices.  Active Directory objects are configured within organizational units that belong to a domain, which can itself belong to another domain or forest.  Active Directory is managed by domain controllers, which can physically reside in a company office or datacenter or can run as virtual machines.  When users need to access resources and applications on Active Directory servers, they must have direct network access or connect to a virtual private network.

Azure Active Directory fully resides in the cloud and removes the need for domain controllers, organizational units, and direct network access to physical servers.  Microsoft maintains the infrastructure for your Azure tenant, scaling up as needed to support your company’s tenant activity. Users, groups, devices, and other resources are created and managed in the tenant and users only need Internet connectivity to access Azure resources. Azure Active Directory can also serve as an extension to Active Directory by enabling synchronization between the two environments, allowing users to authenticate to Active Directory for local resources while also having access to the cloud-only resources in Azure Active Directory.

Microsoft 365 and Azure tenants are complex cloud platforms that include many different components and resources. Microsoft supports tenant-to-tenant migrations for many of its individual workloads; however, you cannot migrate an entire tenant as-is, and there are many configurations and resources that must be directly configured in another tenant. 

When it comes to AD migration, Microsoft supports migrating Azure AD objects such as users, groups, contacts, guests, and Azure-joined devices from one tenant to another.  Microsoft also supports tenant-to-tenant migrations for Microsoft 365 content such as mailboxes, OneDrive, Teams, and SharePoint.  You can use migration tools to perform these migrations, enable cross-tenant coexistence, and replicate resource access.   Although there is no direct migration path for Azure applications, virtual servers, and most tenant policies and configurations, the Microsoft community has built a tool for exporting and importing many tenant settings to assist with your tenant migration.