Migrating Directory Servers from eDirectory to AD

Version 1

    Details

    PROBLEM
    To migrate from LDAP to AD, there is no need to delete all the LiveTime users and start over. Instead, the email addresses inside the LiveTime GUI can be changed to to match whatever the email address will be on the AD side, and running a sync on the new AD Authentication will bring the changes over to the existing users.

    ENVIRONMENT
    LiveTime (Legacy), LiveTime (Premium), LiveTime (Standard), LiveTime (Help Desk)

    RESOLUTION


    • Get a list of the changes between AD and LDAP so you can begin testing while knowing what the email changes and username changes will be.

    • Back up the existing production database. Give the backup a similar name, but with the suffix _AD so you can be sure you are connecting only to the test database until you are finished testing.

    • Note all the current settings on the Authentication -- Admin -- Setup -- Authentication. Once you have the settings from your production LDAP connection written down, the key is to put LiveTime into *Internal Authentication* mode so that you have access to change fields on users.
      (Admin user -- Setup -- Authentication -- Edit -- Server Type Drop Down -- Internal Auth.)

    • Edit a user in LiveTime. (This is now possible because you are temporarily using internal authentication.) Change the email address from the LDAP format to what it should be from the AD server. (Note: Once you run through all these steps, remember this is a test for one user so we will be starting over if all goes well with the one user to manually change all users before running the sync on production if the test is a success.)

    • Enter the settings on Authentication that are correct for your AD server now, and test to ensure it can find the groups. (This guide assumes that you already have AD all set up with all your users properly moved over from LDAP. These steps are not covered here, as the admin will need to ascertain these.) (It also should be important to check that the Authentication -- Advanced tab for the group names that will need to be created in AD.)

    • Run the sync, and check Admin--Reports--System to see when the task has finished. You can also look to see it running from the Users tab. '(Synchronizing)' will show up there. (After running the sync, you should see your requests, as well as some that were reassigned due to this only being a test. Some users will not be synced yet, so if users are deleted they may be next in line to be reassigned. Hence, the extra requests at this point.)

    • Restore the production database from backup, overwriting the test database. This time when you get to the part to edit the email for users, do this for all users to match AD before running the sync. AD can now be synced in a test or production. (Seek help from a DB admin to properly back up data, or email globalservice@HEATsoftware.com for help if unsure how to proceed.)

    Note: You can either run this test for all users on a test database, which is recommended, or run it on production once you have verified the function on a single user as a test. Either way, make a backup of existing production before making any changes.

    ADDITIONAL INFORMATION
    Contact globalservice@HEATsoftware.com if you have any further questions.

     


    Resolution

    PROBLEM
    To migrate from LDAP to AD, there is no need to delete  all the LiveTime users and start over. Instead, the email addresses  inside the LiveTime GUI can be changed to to match whatever the email  address will be on the AD side, and running a sync on the new AD  Authentication will bring the changes over to the existing users.

    ENVIRONMENT
    LiveTime (Legacy), LiveTime (Premium), LiveTime (Standard), LiveTime (Help Desk)

    RESOLUTION


    • Get a list of the changes between AD and LDAP so you can begin testing  while knowing what the email changes and username changes will be.

    • Back up the existing production database. Give the backup a similar  name, but with the suffix _AD so you can be sure you are connecting only  to the test database until you are finished testing.

    •   Note all the current settings on the Authentication -- Admin -- Setup --  Authentication. Once you have the settings from your production LDAP  connection written down, the key is to put LiveTime into *Internal  Authentication* mode so that you have access to change fields on users.
      (Admin user -- Setup -- Authentication -- Edit -- Server Type Drop Down -- Internal Auth.)

    • Edit a user in LiveTime. (This is now possible because you are  temporarily using internal authentication.) Change the email address  from the LDAP format to what it should be from the AD server. (Note:  Once you run through all these steps, remember this is a test for one  user so we will be starting over if all goes well with the one user to  manually change all users before running the sync on production if the  test is a success.)

    • Enter the settings on  Authentication that are correct for your AD server now, and test to  ensure it can find the groups. (This guide assumes that you already have  AD all set up with all your users properly moved over from LDAP. These  steps are not covered here, as the admin will need to ascertain these.)  (It also should be important to check that the Authentication --  Advanced tab for the group names that will need to be created in AD.)

    • Run the sync, and check Admin--Reports--System to see when the task has  finished. You can also look to see it running from the Users tab.  '(Synchronizing)' will show up there. (After running the sync, you  should see your requests, as well as some that were reassigned due to  this only being a test. Some users will not be synced yet, so if users  are deleted they may be next in line to be reassigned. Hence, the extra  requests at this point.)

    • Restore the production  database from backup, overwriting the test database. This time when you  get to the part to edit the email for users, do this for all users to  match AD before running the sync. AD can now be synced in a test or  production. (Seek help from a DB admin to properly back up data, or  email globalservice@HEATsoftware.com for help if unsure how to proceed.)

    Note:  You can either run this test for all users on a test database, which is  recommended, or run it on production once you have verified the  function on a single user as a test. Either way, make a backup of  existing production before making any changes.

    ADDITIONAL INFORMATION
    Contact globalservice@HEATsoftware.com if you have any further questions.