By Zach DeMeyer Posted September 5, 2018
For many JumpCloud customers, a major milestone in adopting the Directory-as-a-Service® platform is completing the migration of their Windows® machines from Microsoft® Active Directory® (AD) to JumpCloud. JumpCloud prescribes a two step script-driven automation process for this migration, one detailed in our recent tutorial video.
In this blog post we will summarize the two step process for you.
The first step that must be done in AD to JumpCloud migration is converting the AD domain-bound user into a local user. To do so, you will first need to download the JumpCloud AD Migration Toolkit. After unzipping the downloaded file, run the AccountMigration.bat file as an administrator. An interactive PowerShell window will launch where you can specify the username of the new local user account to migrate the domain account to.
NOTE: the user will be given a temporary password: “Temp123!” which will be required to access the Windows account. Once the account is transferred to Directory-as-a-Service, the temporary password will be replaced by the user’s JumpCloud password.
After running the script, the User Profile Wizard will be launched automatically. After choosing the user in question, you can click through the wizard to create the user locally, being sure to enter the new local account name when prompted. Once the wizard is finished, the system will restart, and you will be taken to the login screen for the local user. Using the “Temp123!” password, you should log in to the new local account and ensure that all of the user’s files and information have transferred (Windows 10 users will notice a screen regarding app updates from the Windows App Store). That concludes the first step. You can find a detailed breakdown of this first step, including a sequence diagram of how the migration script works, in our Knowledge Base.
You now have a new local account for the user which the JumpCloud agent can take over. It’s time for step two, leaving the domain and joining the system to your JumpCloud Directory-as-a-Service. After logging out of the local account and back into the administrator account, the SystemMigration PS1 file from the Toolkit must be updated with the a JumpCloud Connect Key. The JumpCloud Connect Key can be found on the systems tab of the JumpCloud admin console by clicking the green plus and selecting the Mac or Windows tab. By updating the PS1 file with your admins JumpCloud Connect Key this will install the JumpCloud Agent onto the system and register it into your JumpCloud organization.
Once completed, you can simply run the SystemMigration.bat as admin, and the system will be unbound from the domain and the JumpCloud Agent will be downloaded onto the system and installed. To finish the process, the system must restart. After the system restarts it will appear in the admin console, where you can associate the user account with a matching username to the local user account you migrated in Step 1 with the JumpCloud system. The temporary password for this account will be updated to the user’s JumpCloud password. You can find a detailed breakdown of this final step, including screenshots, at our Knowledge Base.
Your domain bound Windows user has now been migrated from AD to JumpCloud. If you have any questions, feel free to contact us to learn more.