No matter how you migrated to Active Directory, at some point you’ll need to determine exactly what data you will add or migrate for the objects you create. Will you use the physicalDeliveryOfficeName attribute of the user object? What about the telephonePager attribute? Do you want to merge the internal staff office location list and telephone database during the migration? What if you really need also to know what languages each of your staff speaks or qualifications they hold? What about their shoe size, their shirt size, number of children, and whether they like animals? The point is that some of these already exist in the Active Directory schema and some don’t. At some point you need to design the actual data that you want to include.

Let’s consider MyUnixCorp, a large fictional organization that for many years has run perfectly well on a large mainframe system. The system is unusual in that the login process has been completely replaced in-house with a two-tier password system. A file called additional-passwd maintains a list of usernames and their second Unix password in an encrypted format. Your design for the migration for MyUnixCorp’s system has to take account of ...