Migrating your Active Directory? Here’s why you should use PowerSyncPro

What does PowerSynPro do?

Clients will often ask us during pitches which problems we are solving with deployment of PowerSyncPro? In effect, it’s the migration or sync of the organisation\’s entire underlying AD/Azure AD structure.

Does PowerSyncPro handle both AD Synchronisation and Workstation Migration?

PowerSyncPro splits into two parts; one is synchronisation where we copy entire user groups, and other object data from an Active Directory or an Azure Active Directory to another AD or AAD. We can do bi-directional password sync, we take SIDhistory – which is often used when you do Active Directory migrations – and, then, we also deploy our Workstation Migration Agent, written with the express purpose of taking a Windows 10 or Windows 11 devices between Active Directories or between Azure ADs, or from Active Directory to Azure AD, and changing that device join state. The agent additionally changes access to the Microsoft 365 applications for users when we do Tenant-to-Tenant migrations or Cross-Tenant synchronisation; this changes domain logins for Outlook, Teams, OneDrive, Edge, and Azure user object configuration so that the user can pretty much hit the ground running on day-one post-migration.

Why was PowerSyncPro created?

It’s a funny thing, but seeing how universal the need for AD migration and sync is among large organisations during certain periods of business development, there\’s actually not that many tools that offer synchronisation between AD’s, or AD-AAD. 

Quest and Binary Tree are probably the two best-known third party tools, and with Binary Tree having been bought out by Quest that’s now effectively only one tool. Microsoft has their own tooling, of course, but it’s constantly being deprecated, redeveloped and declared EOL, which kind of leaves us short on options if we want to do a whole migration with a minimal spread of tools. This gap between the commonality of the task and the available solutions was the reason we created PowerSyncPro. Simple supply and demand.

How does PowerSyncPro simplify complex migrations?

A few years ago during Christmas break after a particularly busy Q4, my wife, Shona, suggested I write our own tool, which I did first in PowerShell and our team started using that for the next 18 months or so. Since those early days, we\’ve actually properly developed it into a tool written in .NET, which follows the normal standards for application development. That’s the current PowerSyncPro tool.

Because we create our own tooling, we can think about and target the complex migration aspect more completely, specifically the merger, acquisition and divestiture scenarios that we work on every day. We need a tool that simplifies these complex scenarios, and that is suitable for other partners and other organisations to simplify their own complex or atypical migration tasks.

To work effectively in the migration space you need someone who understands identity, who knows what a user looks like, what the attributes look like, and knows how to copy those from source to target. We needed a tool that was deployable by our IT partners on complex AD migration or cross-tenant synchronisation operations, and the PowerSyncPro tool simplifies that complexity in various ways. We bypass a great many potential issues by using templates. You simply choose the relevant AD environment template and it will be pre-populated with the minimum or usual set of attributes to be migrated across once you\’ve completed the configuration. For example; a standard configuration for Company A, which has a couple of source Active Directories migrating to a third target AD. Using templating under PowerSyncPro, you\’re likely talking less than a week of normal work days to get everything set up, run the pre-launch WhatIf reports to make sure it will do what you expect, and then start the export. Once it’s up and running, we typically don\’t encounter the need for support. You can patch the server as you need. You can reboot it as you need. It\’s pretty resilient, and will recover from almost anything you throw at it.

How successful is PowerSyncPro?

We\’ve had PowerSyncPro installed at a large global client for around two years and they had a sum-total of four support tickets over the sync lifetime. Two of those were actually self-inflicted via an incorrectly decommissioned domain controller that PowerSyncPro was talking to. PowerSyncPro simply showed a fail state until that node was recovered, then resumed normal operation.

The majority of PowerSyncPro deployments are like this. You can, of course, choose to migrate without tools. Without password writeback you can\’t simply copy the passwords over to the new AD, so you have to somehow tell the user what their new password is going to be in the new environment. If you’re keeping the group membership and sync on both sides, it\’s a serious manual effort to keep those in sync. On the Workstation Migration side, the impact to the user if they get a fresh machine with no applications, no credentials, no profiles, nothing on it.. well, that’s quite impactful. Imagine doing that for a team of a hundred people, or a thousand, or fifty-thousand… It\’s pretty much unplannable as a project at any reasonable scale. When you migrate with the PowerSyncPro tool and run workstation migration with the PowerSyncPro Workstation Migration Agent, we’re preserving as much of that as humanly possible, so that the user’s up and running with their familiar desktop and familiar applications out of the gate.

During the operation, the PowerSyncPro server manages sync and it also instructs the agent in what it needs to do, and that communication is secured – signed and encrypted within an SSL tunnel as well – so even if you\’re on a public Wi-Fi, nobody is going to be able to see what\’s going on inside the agent. And so, it\’s definitely built with security in mind.

So what we have in PowerSyncPro is a powerful, capable, scaleable combined toolkit, that is developed for all types of Active Directory migrations, that doesn’t contain superfluous functions, is written and created with massive complexity in mind, but is just at home with simple, everyday migration and sync, and does not require any specific starting point in terms of hardware or particular operating system versioning. Our licencing system is fair and straightforward, and our support is second to none, with a team that has literally written the book on mega-migration in the Microsoft space.

Get in touch – see what we can do for you.

Twan. 

Leave a Comment

Your email address will not be published. Required fields are marked *