It鈥檚 understandable if IT admins balk at the suggestion of migrating dozens, or even hundreds of users, away from Active Directory (AD). That鈥檚 why 探花大神 provides a free and open source (FOSS) tool called (ADMU) to assist with endpoint migrations. Migrating users from AD to 探花大神 unifies cross-domain identity and device management, which reduces costs, improves operational efficiencies, and strengthens cybersecurity.
What Is the ADMU?
ADMU is an open source tool that provides automation for IT admins to migrate AD and Azure AD (AAD) profiles to local accounts, which is necessary to enable 探花大神 to manage those profiles. Administrators have flexible options for change management and can pre-plan which accounts to take over and when for subsequent 探花大神 takeover and management.
探花大神 can also make AD better. The Active Directory Integration (ADI) makes it possible for small and medium-sized enterprises (SMEs) to extend AD while keeping in place what it does well.
How Does ADMU Work?
The tool copies information from an AD/AzureAD profile into a new local profile which is taken over by 探花大神 during migration. The user can then be loaded directly into 探花大神 from this state. The ADMU also unbinds said user and their system from the domain and installs the 探花大神 system agent. Once this process is complete, the admin can take full advantage of the 探花大神 directory service to manage their migrated users/systems. Some larger migrations may leverage a slightly different order of operations to take advantage of 探花大神 commands for greater optionality to select which user profile to migrate to for each endpoint.
鈥淐hetAtkins鈥 is set to be converted to 鈥渂ob.smith鈥. The tool will install the 探花大神 agent, create a new account 鈥渂ob.smith鈥, and migrate Chet鈥檚 account over to Bob. Then, it will associate the 探花大神 account 鈥渂ob.smith鈥 to the local account 鈥渂ob.smith鈥.
Flexible Deployment Options
One size doesn鈥檛 always fit all. That鈥檚 why ADMU can be deployed for both small and large-scale migrations in a number of ways, and includes an intuitive graphical user interface (GUI), and a PowerShell Module that can be utilized with PowerShell remoting (PSRemoting) to migrate multiple systems and profiles at once. It can be deployed in following ways:
- A GUI to conveniently migrate small batches of endpoints
- A command-line interface (PSModule)
- This can be invoked with a series of commands for mass deployment. Please refer to these resources for more information:
- This can be invoked with a series of commands for mass deployment. Please refer to these resources for more information:
Why ADMU?
The ADMU is a FOSS tool that facilitates the transfer of Active Directory-bound users and systems off the domain and into 探花大神. ADMU prevents admins from having to carry out arduous manual tasks just to get a user and system migrated from their AD domain. ADMU makes this process largely automated, with multiple implementation methods available, for admins of any technical skill level. It streamlines the ability to take advantage of the full breadth of features that 探花大神 makes available that would otherwise not be possible with AD.
What 探花大神 Offers Beyond AD
探花大神 is an open directory platform with centralized identity and access management (IAM) and unified endpoint management (UEM), regardless of the underlying authentication method or device ecosystem. 探花大神 authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys. The platform provides secure, frictionless access to resources. 探花大神 ensures that every resource has a 鈥渂est way鈥 to connect to it. Let鈥檚 explore its features in more detail.
Frictionless Access Control
- Servers use SSH keys, offering greater security than passwords alone.
- Passwordless certificates for cloud RADIUS and secure Wi-Fi access.
- Cloud RADIUS with multi-factor authentication (MFA) secures access to network devices and Wi-Fi.
- with integrated MFA secures access to network devices such as switches, network attached storage (NAS), and firewalls.
- Web applications leverage SAML and OIDC protocols.
- 探花大神 has a large collection of pre-built connectors for single sign-on (SSO) apps and doesn鈥檛 charge when you create .
- SCIM provisioning can be used for authorization to streamline user onboarding.
- A provisioning API (coming soon) will support apps that don鈥檛 use supported protocols.
- 探花大神 Password Manager is an integrated add-on for additional security and convenience to create, store, and protect user credentials. Admins have full visibility.
Identity and Access Management
- Optional conditional access rules can be used for privileged access management; device conditions account for device posture, location, and more.
- The 探花大神 Protect authenticator app supports biometrics, TOTP, and push notifications.
- 探花大神 is developing a device-bound credential that鈥檚 hardware protected and phishing resistant.
Unified Endpoint Management (UEM)
探花大神 provides EMM (Enterprise Mobility Management) and MDM (mobile device management), in addition to agent-based management for UEM. MDM enforces tamper-proof security policies and configurations to demonstrate and comply with organization compliance requirements. Policies can be applied to endpoints and groups using templates. Agents offer additional telemetry through 探花大神鈥檚 and pre-built reporting. 探花大神 supports Android, Apple devices from iOS to macOS, Linux, and Windows.
Other device management features include:
- Unlimited remote assist
- Root-level commands, including queued commands
- Optional cross-OS patch management for devices and most popular web browsers
Lifecycle Management
Onboarding can be challenging in AD without extensive customizations and add-ons. 探花大神 solves that problem by integrating with popular HR systems and other identity providers (IdPs), including Okta, Google, and Microsoft. Memberships and entitlements are managed through dynamic groups, either through suggestions or with full automation.
Try ADMU for Free
Admins can use Active Directory Migration Utility . Sign up for a 探花大神 demo for a guided tour of this migration feature and more.
