Problem solve Get help with specific problems with your technologies, process and projects.

Windows-to-Linux migrations: Clearing the Active Directory hurdle

With any migration comes challenges, and getting off Active Directory can be the biggest one for companies jettisoning Windows.

Thinking of jumping on the Linux bandwagon? With the coming retirement of Windows NT and the increasing availability of Linux applications, more and more companies are considering Linux for its potential cost savings and increased reliability. Linux is no longer the upstart rebel of the software world; rather, it is a perfectly viable and mature choice with a respected place in numerous corporate data centers.

To take advantage of the benefits of Linux, companies exclusively using Windows must carefully plan a migration. With any migration comes challenges, and getting off Active Directory can be the biggest one for companies jettisoning Windows. In some cases, the challenge of replacing Active Directory may be so big that it becomes a deal-breaker and makes a migration impractical.

Why is breaking up with Active Directory so hard?

In most cases, companies using Active Directory have numerous business functions tied into it.

"Microsoft designed Active Directory to be the foundation for Windows 2000 enterprise deployments," said David Allen, president of Allentown, Pa.-based CR Consulting and lead author of Windows to Linux Migration Toolkit. "Because there are so many dependencies on Active Directory and no direct drop-in open source replacement that offers every feature of Active Directory, it can create a 'lock-in' situation."

Another problem is that so many vendors accept Microsoft's monopoly and offer only products that are intricately tied to Active Directory, depriving customers of choice. According to John Terpstra, president and chief technology officer of PrimaStasys Inc., this complete vendor lock-in should set off alarm bells for corporations.

"If every aspect of the information technology infrastructure is tied to one vendor and one vendor's product alone, then that company may as well own the business," he points out. "Can you really afford to expose your business to a single point of failure?"

What are the alternatives?

There may be no direct parallel to Active Directory available in the open source world, but options do exist that approximate the functionality. It is then up to each individual organization to decide whether the potential losses in functionality outweigh the benefits of more infrastructure freedom.

"It's hard to find an apples-to-apples equivalent," said Mark Hinkle, chief operating officer of Win4Lin Inc. in Austin, Texas.

Hinkle, Terpstra and Allen all agree that the most common recommendation for an open source alternative to Active Directory involves a combination of OpenLDAP and Samba. OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol, and Samba is an open source suite that offers file and print services.

"Although it may seem like a hurdle, it's really not that difficult to migrate from Windows-AD to Linux-OpenLDAP-Samba and still get the directory and authentication features needed by most organizations," Allen said. The migration does have to be carefully planned, but a multitude of resources exist to assist in the migration. Allen points out that his book offers automated scripts to migrate user accounts and other Active Directory information to Linux in minutes.

Making a smooth transition

As with any migration, careful planning is key. "If you're moving your servers, you're looking to move for a reason. You've got to figure out where you're going and plan for what your end result is," Hinkle said. "It is important to examine your desired end result. Your course of action will be considerably different depending on whether you want to make a clean break with Microsoft or you merely want to move some of your corporate server architecture to Linux."

For companies that wish to make a clean break, Terpstra said the key challenge is to first identify and then find suitable replacements for all peripheral applications and services that depend on Active Directory. This may not be an easy task. For example, if a company's telephony infrastructure is dependent on Active Directory, an alternative may mean replacing the voice over IP infrastructure.

Assuming the migration is planned and well researched, many companies find the transition reasonably painless. Terpstra recalls one major corporate client in which an IT manager recommended sticking with Active Directory only to be ordered to roll out a Linux and OpenLDAP-based directory. "The initial replacement happened in one weekend with no downtime," Terpstra said. Another 400 users still need to be migrated, but the company expects that to be completed within two to three weeks, with users remaining blissfully unaware.

Even for companies that don't have such a smooth movement, Hinkle recommends looking at the long-term picture. "The hardest part is the movement, and once you're moved, the disruption is no longer a factor," he said, pointing out that even a migration from one Windows version to another can be disruptive in the short term.

Is the transition ever too hard?

Are the challenges of breaking up with Active Directory ever so insurmountable that it's just not worth the trouble? According to Allen, large organizations with significant investment in Active Directory and Windows-focused IT staff supporting thousands of Windows clients might theoretically find a migration to be too costly, given that the staff might need to be retrained or replaced. However, in such a situation, the sticking point is more in the corporate technology vision than in the technical feasibility of the migration.

"I haven't personally encountered a situation in which Active Directory can't be replaced with OpenLDAP and Samba," Allen said.

The deciding factor

Deciding whether to stick with Windows or migrate to Linux is something each corporation has to do individually. What may be right for one company may be wrong for another, and each company has to judge based on its own business needs and mission. Still, according to Terpstra, more businesses find that even with potential losses of functionality, the benefits of migration are too great to ignore.

"A complete assessment of real costs versus the value of real freedom is a complex issue that cannot be masked forever by the global FUD machine," he said.

Krissi Danielsson is a freelance writer and former TechTarget editor. You can reach her at kdd at danielssonarts dot com.

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.