New Feature: Automated Migration from AD to JumpCloud

Written by Mike Ranellone on March 12, 2020

Share This Article

The process of migrating a Windows® workstation from Active Directory® (AD) to JumpCloud® just got easier. Our Solutions Architecture team is excited to announce the Active Directory Migration Utility (ADMU), which automates the steps required to non-destructively convert a Windows domain account to a local user account and begin managing that account with JumpCloud.

For organizations that have been apprehensive about uprooting their existing AD infrastructure, the ADMU presents a new opportunity to complete the transition to the cloud. This new utility minimizes the time commitment, manual labor, and risk involved with implementing JumpCloud as a replacement for AD.

Using the ADMU, small-to-medium-sized enterprises can complete the transition to JumpCloud in anywhere from a few hours to a couple days. The result is a consolidated user and system management experience for admins, with end users barely noticing the change. Read on for more details about how the ADMU works and the tasks it automates.


Breaking Up with Active Directory

Don’t let your directory hold you back. Learn why it’s time to break up with AD.

Migrating Domain-Bound Systems to JumpCloud 

JumpCloud achieves its system management capabilities using a lightweight system agent that runs in the background and communicates with our core directory service. In order to avoid a situation where JumpCloud would compete with AD for authoritative control over a Windows machine, this agent won’t run on systems that remain bound to an AD domain. Because of this, a full transition to JumpCloud from AD requires that domain accounts be converted to local user accounts, which can then be taken over by the JumpCloud agent. The ADMU automates this entire process: You start with a domain-bound system and end with a JumpCloud-managed system, with the original user account and its attributes intact.

Diagram of how JumpCloud's Active Directory Migration Utility Works

Once a workstation has been migrated to JumpCloud, the user’s login experience doesn’t change, but the system now contacts your new cloud directory instead of AD as its authoritative source of truth for authentication. As an admin, you can now control the following functions remotely from JumpCloud’s web console:

  • Add the system to a system group and apply GPO-like policies across that group 
  • Toggle on multi-factor authentication at Windows system login 
  • Enforce new password complexity and rotation requirements
  • Control network connections with RADIUS
  • Retrieve OS-level status and usage data using System Insights™ (this premium feature is available to all free accounts for testing)

How the ADMU Works

The ADMU is a Windows application (.exe) that launches a GUI on an individual machine that needs to be migrated. You can also use the PowerShell version in mass migration scenarios.

The utility works by mirroring the existing domain account to a new local system user account, and gives you the option to leave both accounts intact. This is a great way to build confidence as you test migration in a one, some, many workflow, because you can compare the new account to the original before unbinding the original from the AD domain. You can set key preferences — like whether to automatically leave the domain — using the GUI.

For a full walkthrough of the migration process using the ADMU, check out our demo video:

If you’re curious about what’s going on under the hood, the ADMU leverages the Windows Assessment and Deployment Kit (ADK), which was designed to help admins install and configure the Windows operating system on new machines at scale. This incorporation of Microsoft’s® own existing framework for unbinding accounts from AD helps to ensure compatibility across different domain environments and reinforce security throughout the migration process.

Evaluating JumpCloud Before Migration 

For many organizations, the possibility of replacing AD with an alternative directory service represents uncharted territory. It’s normal to have questions about how JumpCloud’s consolidated access control and system management platform works and whether it could really replace AD for your environment. 

That’s why we’re committed to making the testing and evaluation process as straightforward and transparent as possible. You can try the full version of Directory-as-a-Service® (DaaS) for an unlimited amount of time, managing up to 10 users and systems completely free. And if you do decide to migrate your whole environment to JumpCloud, those first 10 users and systems stay free forever. Here are some more tips to help you explore our cloud directory service: 

Downloading the Active Directory Migration Utility 

Ready to begin testing automated migration for your environment? You can download the ADMU for free here. Then, all you need is a free JumpCloud admin account to get started. We recommend first running the ADMU on a single spare laptop or domain-bound VM, then migrating other systems as desired.

Have questions about what it would look like to implement JumpCloud for your unique environment? Contact us to connect with our team of engineers.

Mike Ranellone

Mike is a writer at JumpCloud who's especially interested in the changing role of tech in society. He cut his teeth in the ad agency world and holds an M.F.A. in creative writing from the University of Colorado-Boulder and a B.A. in English and music from St. Lawrence University in Canton, NY. Outside of JumpCloud, he's an avid skier, cellist, and poet.

Continue Learning with our Newsletter