Consolidate Active Directory (AD) Domains

Project Status

Estimated project completion: see Projects

Executive Summary

The Domain Consolidation project aims to merge the student and counseling center Active Directory (AD) forests into the faculty and staff forest. This consolidation is necessary to resolve synchronization limitations with Microsoft Entra ID, enable better integration with Microsoft 365 and Google Suite, and unify our push-pull printing infrastructure. By consolidating AD domains, the institution will simplify identity management, improve user experience, and reduce administrative overhead.

Currently, the institution operates three separate AD forests: one for faculty and staff, one for students, and one for the student mental health counseling center. This structure creates significant challenges in synchronizing user identities with cloud services, managing printing services, and ensuring seamless communication through Microsoft tools. The project will enable full Microsoft Entra ID synchronization, facilitate the automation of account provisioning and deprovisioning, and support key applications such as Microsoft Teams, Bookings, . Additionally, it will standardize our push-pull printing system, eliminating reliance on outdated and unsupported software.

By consolidating AD domains, the institution will enhance operational efficiency, improve security, and streamline IT support processes. This transformation aligns with the college’s strategic priorities of modernization, cost reduction, and improved service delivery to students, faculty, and staff. 

Project Description & Scope

Approach

The project will be executed in multiple phases, including planning, pre-migration assessment, migration execution, and post-migration support. A vendor, Weaver Technologies, has been contracted to perform the work, ensuring a structured and professional transition. The Active Directory Migration Tool (ADMT) will be used to migrate accounts, groups, policies, and services while maintaining security identifiers (SIDs) to preserve permissions and access.

Scope

In Scope: 

  • Consolidation of the student (students.mclennan.edu) and counseling center (ucenter.mclennan.edu) AD forests into the faculty and staff (mclennan.edu) forest.
  • Migration of user accounts, computer accounts, groups, Group Policy Objects (GPOs), and Organizational Units (OUs).
  • Deployment of Microsoft Entra ID Connect for automatic synchronization with on-prem AD.
  • Implementation of Google Directory Sync and Google Password Sync in the consolidated domain.
  • Migration of associated services, including SQL, application, print, and file servers.
  • Decommissioning of the legacy AD forests and associated services post-migration.

Out of Scope: 

  • Major redesign of group policies or user permissions beyond necessary adjustments for migration.
  • Hardware procurement beyond project needs.
  • Migration of applications not currently integrated with Active Directory.

Project Goals & Success Metrics: 

  • Enable Microsoft Entra ID synchronization across all user accounts.
  • Automate Entra ID account provisioning, license assignment, and deprovisioning to reduce administrative workload.
  • Improve Microsoft 365 functionality, ensuring seamless Teams integration and readiness for future service enhancements.
  • Reduce IT administrative overhead by maintaining a single AD forest instead of three.
  • Increase security and compliance by centralizing identity management.
  • Minimize downtime and ensure a smooth transition through phased migration.

Impact Analysis

Affected Stakeholders: 

  • Students, faculty, and staff: Users will experience changes in authentication and access management but will benefit from enhanced service integration.
  • Information Systems & Services (ISS): Reduced complexity in identity management, licensing, and support.

Assumptions: 

  • Microsoft Entra ID Connect and Google Sync will function as expected in the new environment.
  • The current faculty and staff AD forest (mclennan.edu) has sufficient capacity and scalability.
  • Necessary user training will be provided to minimize disruption.
  • Stakeholders will collaborate to ensure a smooth transition.
  • Vendor support will be available as per the contract.

Constraints: 

  • Timeframe: The project must be completed within the agreed timeline with Weaver Technologies.
  • Budget: Limited to the existing contract and institutional ISS budget.
  • Resources: ISS staff will need to balance migration tasks with ongoing operational responsibilities.
  • Legacy System Compatibility: Some applications may require reconfiguration post-migration.

Risks: 

  • Service Disruptions: Possible temporary authentication or access issues during and immediately following migration.
  • Data Integrity Risks: Ensuring that user attributes, passwords, and permissions migrate correctly.
  • Training and Adoption Challenges: Users may require support to adjust to changes.
  • Dependency on Vendor Performance: Success depends on Weaver Technologies delivering as planned.
  • Application Compatibility: Some legacy applications may require additional adjustments post-migration.

Next Steps: 

  • Finalize migration planning with Weaver Technologies.
  • Communicate changes and timelines to stakeholders.
  • Conduct pilot migration with test accounts before full deployment.
  • Monitor and validate post-migration performance and address any issues. 

Documentation

  • Consolidate Active Directory (AD) Domains Project Charter

Last updated: 3/28/2025

Contact Hours

Information on Tech Support
Questions?

Please contact Tech Support