Innova Solutions > Active Directory Migration & Consolidation

The client is the single largest financial and administrative healthcare network in the United States, reaching approximately 750,000 physicians, 105,000 dentists, 60,000 pharmacies, 5,000 hospitals, 600 vendors, 450 laboratories, and 1,200 government and commercial payers. The client has developed this network of payers and providers over 30 years in the industry, connecting virtually all private and government payers, claim to submit providers and pharmacies in a hybrid cloud-based, user-centric, and secure infrastructure environment.

Customer Need

Through years of acquisitions, 40 Active Directory forests fell under their management​. Trying to manage and secure these 40 AD Forests was a burden​. Employees had multiple Active Directory accounts and passwords leading to poor user behaviour​. Providing access to applications required extensive documentation and hard to automate​. There were too many service accounts to securely manage and track, ​ plus hundreds of privileged accounts​.

Due to complexity of sites and subnets, ​ users experienced poor AD performance as not all forest trusts were performing as expected​. Large volume of old domain controllers presented operational and security concerns.

Solutions Provided

Innova used the Nephele domain toolset to build environment from code​ with incremental builds to validate features and revisited the following:

  • Built two greenfield, best practices, secure by design, Active Directory forests as migration targets
  • Migrated and merged multiple objects with Quest Migration Manager
  • Implemented Group Managed Service Accounts (GMSA)
  • Executed three tier administrative accounts
  • Standardized and reduced membership of enterprise / domain admins
  • Regulated nomenclature of objects to enhance directory automation
  • Created standardized best practices for backup and recovery

Benefits / Results

  • Reduced complexity of forest management
  • Eliminated multiple accounts for employees
  • Eliminated enterprise/domain admin accounts use outside of domain controllers (Pass-the-Hash prevention
  • Greatly reduced user object service accounts with secure GMSAs
  • Simplified forest operation management
  • Tighter integration with application provisioning
  • Domain & forest functional levels at windows server 2016
  • Disaster recovery plan built into design
  • 60% decrease in the required number of domain controllers to provide directory services

You have a dream?

We have a way to get you there.
Let’s connect and see how we help companies just like yours.