It’s understandable if IT admins balk at the suggestion of migrating dozens, or even hundreds of users, away from Active Directory (AD). That’s why JumpCloud provides a free and open source (FOSS) tool called Active Directory Migration Utility (ADMU) to assist with endpoint migrations. Migrating users from AD to JumpCloud unifies cross-domain identity and device management, which reduces costs, improves operational efficiencies, and strengthens cybersecurity.
What Is the ADMU?
ADMU is an open source tool that provides automation for IT admins to migrate AD and Azure AD (AAD) profiles to local accounts, which is necessary to enable JumpCloud to manage those profiles. Administrators have flexible options for change management and can pre-plan which accounts to take over and when for subsequent JumpCloud takeover and management.
JumpCloud can also make AD better. The Active Directory Integration (ADI) makes it possible for small and medium-sized enterprises (SMEs) to extend AD while keeping in place what it does well.
How Does ADMU Work?
The tool copies information from an AD/AzureAD profile into a new local profile which is taken over by JumpCloud during migration. The user can then be loaded directly into JumpCloud from this state. The ADMU also unbinds said user and their system from the domain and installs the JumpCloud system agent. Once this process is complete, the admin can take full advantage of the JumpCloud directory service to manage their migrated users/systems. Some larger migrations may leverage a slightly different order of operations to take advantage of JumpCloud commands for greater optionality to select which user profile to migrate to for each endpoint.
“ChetAtkins” is set to be converted to “bob.smith”. The tool will install the JumpCloud agent, create a new account “bob.smith”, and migrate Chet’s account over to Bob. Then, it will associate the JumpCloud account “bob.smith” to the local account “bob.smith”.
Flexible Deployment Options
One size doesn’t always fit all. That’s why ADMU can be deployed for both small and large-scale migrations in a number of ways, and includes an intuitive graphical user interface (GUI), and a PowerShell Module that can be utilized with PowerShell remoting (PSRemoting) to migrate multiple systems and profiles at once. It can be deployed in following ways:
- A GUI to conveniently migrate small batches of endpoints
- A command-line interface (PSModule)
The ADMU is a FOSS tool that facilitates the transfer of Active Directory-bound users and systems off the domain and into JumpCloud. ADMU prevents admins from having to carry out arduous manual tasks just to get a user and system migrated from their AD domain. ADMU makes this process largely automated, with multiple implementation methods available, for admins of any technical skill level. It streamlines the ability to take advantage of the full breadth of features that JumpCloud makes available that would otherwise not be possible with AD.
What JumpCloud Offers Beyond AD
JumpCloud is an open directory platform with centralized identity and access management (IAM) and unified endpoint management (UEM), regardless of the underlying authentication method or device ecosystem. JumpCloud authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys. The platform provides secure, frictionless access to resources. JumpCloud ensures that every resource has a “best way” to connect to it. Let’s explore its features in more detail.
Frictionless Access Control
- Servers use SSH keys, offering greater security than passwords alone.
- Passwordless certificates for cloud RADIUS and secure Wi-Fi access.
- Cloud RADIUS with multi-factor authentication (MFA) secures access to network devices and Wi-Fi.
- LDAP with integrated MFA secures access to network devices such as switches, network attached storage (NAS), and firewalls.
- Web applications leverage SAML and OIDC protocols.
- JumpCloud has a large collection of pre-built connectors for single sign-on (SSO) apps and doesn’t charge when you create custom SAML applications.
- SCIM provisioning can be used for authorization to streamline user onboarding.
- A provisioning API (coming soon) will support apps that don’t use supported protocols.
- JumpCloud Password Manager is an integrated add-on for additional security and convenience to create, store, and protect user credentials. Admins have full visibility.
Identity and Access Management
- Optional conditional access rules can be used for privileged access management; device conditions account for device posture, location, and more.
- The JumpCloud Protect authenticator app supports biometrics, TOTP, and push notifications.
- JumpCloud is developing a device-bound credential that’s hardware protected and phishing resistant.
Unified Endpoint Management (UEM)
JumpCloud provides EMM (Enterprise Mobility Management) and MDM (mobile device management), in addition to agent-based management for UEM. MDM enforces tamper-proof security policies and configurations to demonstrate and comply with organization compliance requirements. Policies can be applied to endpoints and groups using templates. Agents offer additional telemetry through JumpCloud’s System Insights and pre-built reporting. JumpCloud supports Android, Apple devices from iOS to macOS, Linux, and Windows.
Other device management features include:
- Unlimited remote assist
- Root-level commands, including queued commands
- Optional cross-OS patch management for devices and most popular web browsers
Onboarding can be challenging in AD without extensive customizations and add-ons. JumpCloud solves that problem by integrating with popular HR systems and other identity providers (IdPs), including Okta, Google, and Microsoft. Memberships and entitlements are managed through dynamic groups, either through suggestions or with full automation.
Try ADMU for Free
JumpCloud also offers a variety of Professional Services to help ease the load your employees face, including dedicated migration services. Learn more or schedule a free 30-minute technical consultation.