Environment
- CB Protection Server: 7.x and Higher
- Microsoft Active Directory
Objective
To outline the recommended steps for migrating Active Directory groups while Active Directory mappings are in use.
Resolution
- Schedule a time to have a Protection admin and the AD admin work together during the migration.
- Create a new group(s) (not moving the existing ones) into the desired location in AD.
- Add the desired users to the new group location.
- Have the Protection admin modify the role mapping to the new AD group.
- Verify the users can log in with the new mapping.
- Delete the old AD group.
Additional Notes
- Simply moving the AD groups into another area in the domain (different or nested OU) can cause issues with the console and console access.
- Having both a Protection and Active Directory admin on hand and working together can help limit downtime in the event of an issue as changes can be undone quicker.