Aelita zeros in on Active Directory restructuring

Aelita Software this week will introduce the first software that provides automated tools for reshaping Microsoft’s rigid Active Directory.

DUBLIN, OHIO – Aelita Software this week will introduce the first software that provides automated tools for reshaping Microsoft’s rigid Active Directory.

The company’s Enterprise Migration Manager (EMM) lets users combine different Active Directory architectures or split one directory into several directories, processes referred to as pruning and grafting.

These capabilities are available in Novell’s eDirectory and others.

EMM gives those who initially set up one or many Active Directory forests – a collection of domains, users and resources – options to change those configurations automatically.

The need to combine or split directories might be prompted by divestitures or acquisitions. Users also might be compelled to move domains between forests or groups of users between domains because of corporate restructuring. Users also might want to split a forest into multiple forests to establish security boundaries that are impossible to create between domains in one forest.

One knock against Active Directory has been that once it is set up it is nearly impossible to make those sorts of changes because Microsoft has yet to provide the necessary tools. Also, users who make implementation mistakes typically have to start over from the beginning.

For Community General Hospital in Syracuse, N.Y., EMM made it possible to break away from a health alliance that dissolved into two separate hospitals. EMM was used to create two new and separate directories.

“We met with Microsoft and they said they did not have tools to do this,” says Scott Elia, director of IS for Community General. “We weren’t in a position to just reshape the Alliance directory, we had to rip it in two.”

Two new directory shells were built, and EMM was used to migrate 1,000 users and 400 PCs over nearly a four-week period.

“Basically we preserved the secure IDs that we had established,” Elia says.

Secure IDs are unique identifiers linked to access controls and given to each user in the Microsoft environment. Elia says the company had to clean up secure ID histories and trust issues.

Aelita rivals Bindview, NetIQ and Quest offer Active Directory migration tools, but they are not as advanced as EMM, according to experts.

While Aelita’s EMM will help smooth rough spots, it does not negate the fact that restructuring a directory still is a complex task that requires tinkering with underlying security mechanisms.

“Aelita has a very viable tool,” says John Enck, an analyst with Gartner. “It’s very flexible. Now the penalty for making a mistake when designing Active Directory is much lower.”

EMM, which costs $16 per user, incorporates all aspects of Active Directory migration. EMM provides the option to roll back changes.