Microsoft Active Directory Project

Simcoe County District School Board

Project Kick-off Meeting

Rami Wehbe (Solution Architect)

January 18, 2012
Agenda
Introductions
Project objectives and drivers
Approach (MSF Phases)
Key Activities & Deliverables
Technical Overview (High Level)
Project Management
Expectations & Assumptions
Shared Lessons Learned
Acceptance Criteria
Next Steps
 Introductions

Introduce the Team Members from:

- SCDSB
- Vince Garrett, Project Coordinator - Technology
- Itergy
- Abdallah Chammas , Services Director
- Rami Wehbe, Solution Architect
- Riyaz Lalani, Senior Account Manager – Education Sector
 Project Drivers
 Key Driver - AD Project driven from recent Audit recommendation and
upcoming business needs and newer Platform deployment (IPPS.Net &
SharePoint)

 Common, Active Directory Service Environment ─ this directory service

will then be used to facilitate authentication capabilities for common
Board applications, services, and centralized management of identities.

 Delegated Data Management ─ for ICT Team to manage their directory

objects and services in the most efficient management.

 Centrally Managed Directory Services ─ Taking advantage of a corporate

center of excellence team to deliver authentication, replication and
directory read/write access to the broad base of users and business
groups.
 Project Objectives
 Reduced Cost and Complexity ─ Creating centers of expertise and
consolidated device management will enable the Board to broadly leverage in-
house expertise as well as investments in hardware and software providing
common business services using fewer resources and devices.
 Fewer servers ─ Centered in strategic data center locations.
 Fewer Technologies ─ providing a single location for all “standard” directory
and authentication.
 One team ─ providing services at a reduced cost to operate and maintain.
 Authentication and Improved Security – Delivering common authentication
services provides a common security model for sharing and protecting data.
 One Logon: The Microsoft Active Directory Domain will provide authentication
for Windows integrated services, such as Microsoft SharePoint, Office 365 for
Education, Microsoft Office SQL Server, as well as third-party applications.
Single sign-on ability to all application resources will become closer to reality
and improve user experience and overall security of the environment
Approach and Phases
 Project Approach
Envisioning Planning Development Stabilization Deployment Operations

Microsoft Solutions Framework (MSF) Overview

The following sections describe the tasks and deliverables to be completed in the course of
the project.

• Envisioning Phase – creating business vision and defining the scope of work
• Planning Phase – developing the functional requirements and solution architecture
• Developing Phase – developing the implementation and operational guides, as the proof-
of-concept
• Stabilizing Phase – validate the production environment, piloting the solution and
developing deployment plan
• Deployment Phase – deploying the solution
• Operations Phase – Training and handover to the operational team

7
Design and Implementation for Active Directory Deliverables

Phase Deliverable Description

Envision Vision and Scope Document A word document with a definition of the vision, the requirements, and the scope of the
solution. Also includes high-level architecture diagram(s) (with alternatives) a
description of components involved in the system, a risk matrix, and a project roadmap.
Envision Project Plan (Draft) Microsoft® Office Project.MPP document describing the complete execution of the
effort
Plan Functional Specification A word document and Microsoft® Office Visio® diagrams defining all components
included in the solution and their definitions.
Plan Project Plan (Baseline) Microsoft Project.MPP document describing the complete execution of the effort, used
to track project progress.
Plan Sponsor Presentations PowerPoint presentation at major design review milestone meetings with the steering
committee.
Develop Build and Configuration Guide Word Document and Visio® Diagrams describing the process of configuring the end state
architecture.
Stabilize Production Pilot Deployed, fully configured pilot of end-state directory on the production network for a
representative user population selected in the Plan Phase.

Deployment Production Deployment Deployment and Migration of Active Directory based on design and migration
(Migration) document. Then Decommissioning identified AD Servers
 Solution Phase - Envisioning
Envisioning Phase
Key Itergy Activities:
• Kick Off Meeting:
– Project Team Assembled
– Project vision, objectives, approach and deliverables
– Change & Communication Process defined
– Identify, prioritize risk, and plan risk mitigation (Show Sample Project Status Report & Change Order)

• Conduct workshops with project stakeholders and infrastructure teams to review Requirements
and conceptual future architecture.
– Review the current Active Directory deployments and current state. (Questionnaire)
– Examine the pros and cons of different architectures and migration processes.
– Review the network and datacenter architectures
– Review & document user demographics and account management
– Outline Conceptual future state

• Confirm project approach and objectives

• Create & review conceptual designs with the sponsors
• Document the results and findings into the Vision & Scope document.
• Review Vision & Scope with Project team to gain consensus
• Update project plan

9
Solution Phase – Envisioning
Envisioning Phase
Key SCDSB Activities:
• Project Governance Document (Main)
• Assist with completion of Vision & Scope activities
• Participate in the workshops
• Engage your subject matter experts during the envisioning sessions
• Provide all necessary information regarding the existing environments:
– Current active directory implementations
– Physical environment characteristics
– Application and system dependencies
• Provide requirements for future Active Directory (IPPS.Net & SharePoint)
• Provide information on applications currently using Active Directory
authentication/services
• Approve the Vision & Scope document

10
 Solution Phase - Planning
Planning Phase
Key Itergy Activities:
• Conduct Active Directory Planning Sessions and Workshops to define the End-State, documenting the
results in the Functional Specification Document.
• Design the Active Directory architecture consisting of the following topics:
– Authentication (domain and forest design)
– Name Resolution (DNS, WINS)
– OU Design and delegation of administration
– Policy-based management (Group Policies Objects)
– Physical Architecture/Topology including domain controller sizing and placement
– Migration and coexistence of the new Active Directory structure & current state systems
– Processes for redirecting (migrating) users and resources (e.g. groups, user accounts, workstations) from current
directories to the new directory.
• Develop test lab requirements and provide guidance on test plan development
• Understand SCDSB Backup and Recovery requirements
• Review Active Directory Management Tools – Provide Recommendations (Solution Briefing)
• Conduct AD Design milestone review meeting
• Finalize specifications for all hardware and software for pilot and production

11
 Solution Phase - Planning
Planning Phase

Key SCDSB Activities:

• Engagement and scheduling of your staff to participate in the planning sessions
• Review and approve project deliverables.
• Obtain your executive sponsor approval of the deliverables
• Create the Communications Plan for all external communication activities,
content, and media used by the project
• Procure lab hardware
• Set up the test lab prior to the start of the Development phase (Base OS &
Patches)
• Document the Test Plan and acceptance criteria
• Validate and approve designs

12
TECHNICAL OVERVIEW
(HIGH LEVEL)
 Current Architecture State
– Schools Active Directory Forest and the Admin Active Directory Forest

SCHOOLS FOREST ADMIN FOREST

4 DCs: 2 DCs:
Roots03 Adminroot01
Roots06 Adminroot02
Roots07
Tersimcoegc

SIMCOE.PRI
SCDSB.PRI

19200 Students/Teachers 34000 Students/Teachers 900 Administrative Staff

5700 Desktops/Laptops 5100 Desktops/Laptops 1150 Desktops/Laptops

4 DCs: 4 DCs: 4 DCs:

DNSS01 Elemamss01 Teradminbdc
SCHOOLSPDC Elems03 Netvs03
SECAMSS01 Elems04 Nets02
SCHOOLVDC Terelembdc Nets01

SCHOOLS.SIMCOE.PRI ELEM.SIMCOE.PRI ADMIN.SCDSB.PRI

 Migration Options
Options (main) Pros Cons
Option 1: •No change required in Exchange Moving bigger Forest /
Admin Active infrastructure Domain to smaller Forest /
Directory Forest •Migration can be planed during Domain
Merging to Schools Holidays, no impact as we are only
Active Directory touching the School Forest /
Forest Domain not the Admin Forest /
Domain
Option 2: Admin Moving Smaller Forest/Domain to Moving the Exchange
Child Domain bigger Forest/Domain infrastructure and its
Merged with the objects from one forest to
Schools Active another is more complex
Directory Forest requiring more planning
End State Option 1/2
ADMIN FOREST
Note: Capacity Planning to determine the number of To become the Active Directory Forest Root Domain
Domain Controllers that will be required from the
decommissioned forest

4 DCs:
Roots03
Roots06
Roots07 2 DCs:
Tersimcoegc Adminroot01
Adminroot02

SCDSB.PRI

19200 Students/Teachers 34000 Students/Teachers 900 Administrative Staff

5700 Desktops/Laptops 5100 Desktops/Laptops 1150 Desktops/Laptops

4 DCs: 4 DCs: 4 DCs:

DNSS01 Elemamss01 Teradminbdc
SCHOOLSPDC Elems03 Netvs03
SECAMSS01 Elems04 Nets02
SCHOOLVDC Terelembdc Nets01

SCHOOLS.SCDSB.PRI ELEM.SCDSB.PRI ADMIN.SCDSB.PRI

Migration tools high level overview
Factors Option 1 Option 2
Tool name  ADMT(Active Directory Migration  Third Party Migration tools (e.g. DMM
Tool) from Quest)
Advantage  Free tool from Microsoft  Big list of Server infrastructure
update
 Good documentation from
MStechnet  Continuous synchronization

 Statistics & Reporting

Disadvantage  Limited undo  Cost of the license (TBD, check with

vendor, around $ 8.58 per username)
 No Clean-up SIDHistory

 Limited Server infrastructure

update

 Statistics and reporting (limited)

Time  Need more time for preparation  Need time for preparation, but less
and migration time in migration
Risk  Higher risk  Lower risk
PROJECT MANAGEMENT
Project Team

SCDSB
Active Directory
Project Steering
Committee

Main Communication
Itergy Project Channel SCDSB
Manager Project Manager

Itergy Solution Itergy Senior Itergy Consultant SCDSB Operations

SCDSB Project Team
Architect Consultant Migrator Team
Weekly Project Management Activities

• Communication Management
• Weekly coordination meeting
• Weekly Status Report (Sample)
• Risk and Issue tracking and Management
• Resource and time management
• Change Management
• Quality Management

Link
Timeline Overview
• The project will be divided into phases as depicted below.
• This timeline is based on our current planning assumptions and may
change during the course of the project.

Detail Project Schedule (Link)

21
Expectations & Assumptions
Before starting the engagement Itergy assumes the following requirements are ready
or a plan is in place:
• The required Lab hardware will be ready for Operating System Deployment.
• There are no network (LAN, WAN) problems that may stop the Lab creation.
• Provide access to the existing documentation (if any)
• Work with Itergy consultants during the project as required.
• Provide physical access to site as required during the project.
• Provide a work area for on-site, with telephone & access internet connectivity.
• Some tasks may be performed remotely or off-site.
• Availability and access to pertinent IT personnel and project stakeholders (e.g.
Operations, representatives from Technical Support groups).
• Itergy will provide weekly status updates to SCDSB project manager and key
stakeholders.
• Current Active Directory Infrastructure is healthy without any major issue that
may impact the migration or integration
• Active Directory Infrastructure core components are functional.
• Start date to be mutually agreed upon
 Share Lessons Learned
Key Success factors Solutions
Communication •Prepare communication package (standard)
•Share information with people on time
•Coordination
•Notification
Hardware readiness ( servers for •Make sure you order hardware on time
migration) •Specify how to distribute the hardware
•Prepare standard environment
•Prepare configuration checklist
•Use virtualization and cloning
Information Gathering (Envisioning) • Site Survey document (standard)
•Sites contact lists
•Information should be ready on time
•Analyzing collected information
•Consider custom configurations (E.g. Auto logon)
 Share Lessons Learned(Cont)
Key Success Factors Solutions
Servers readiness •List of services
•Contact of servers administrators
•Maintenance Windows
Computers/Accounts readiness •List of in-scope computers
•Complete Decryption (if required)
•Quest Agent installation (if required)
•Schedule the migration
Migrating Management Infra •Dependency
(SMS/SCCM/SCOM) •Specify required features
•Set new design and migration plan
Manage end users incidents •Incident Management plan
•Support Email/telephone numbers
•Support time (Schedule)
Mobile devices authentication (Wi-Fi) •Build a new Wi-Fi authentication infrastructure
•Simplicity
 Acceptance Criteria (PM)
Criteria Acceptance

Create and review Project governance document that explains how to manage the project
Send weekly project status report to project stakeholders to share the project status, decisions,
changes, risk, and issues

Conduct weekly coordination meeting to review project status and manage any risk or issue.

Minimize the impact of AD migration on the educational processes and IT operations.

Efficiently utilize SCDSB resources and time during the project life cycle

Set migration process based on Microsoft recommended practices

Set clear detailed project plan for the migration that shows phases and milestones

Follow the change management process for any change to the scope or deliverables.
Next Steps
Tasks Schedule Owner
Specify timeline of the project and resource TBD Itergy and SCDSB
management option (preferable this Project Owner
week)

Communication; announce project kick-off Today SCDSB Project PM

(send email to all project stakeholders)
Set Project Communication Plan This week SCDSB and Itergy PMs
Logistics; arrange location for Itergy team TBD SCDSB PM
Envisioning: start preparing the required Start today Itergy Consultant
information (Questionnaire)
Conduct internal meeting with SCDSB Mid of next SCDSB and Itergy
technical team (kick-off the envisioning week technical team
phase)
OPEN DISCUSSION