AD & O365 Divestiture Segmentation

🔀 AD & O365 Divestiture Segmentation

Discovery & Inventory Collection:
- Developed PowerShell scripts to gather information about:
  - User and group accounts with OU paths and membership trees
  - Computer accounts with OS version, last login, and descriptions
  - Group Policy Objects (GPOs) with linked OUs and WMI filters
  - AD-integrated DNS zones and host records
  - File shares, DFS links, and access control lists (ACLs)
- Cross-referenced objects with HR and asset ownership records

Classification & Ownership Mapping:
- Exported CSVs categorizing:
  - Stay-behind vs. migrating assets
  - Shared vs. exclusive resources
- Identified OUs for realignment or creation
- Validated mappings with stakeholders
- Documented results for internal and external audit

GPO & Infrastructure Analysis:
- Audited GPOs for:
  - Login scripts, drive mappings, and software deployment
  - Firewall rules, credential policies, and inheritance scopes
- Flagged cross-tenant GPOs for removal or replacement
- Identified shared network infrastructure and login dependencies

DNS & Service Segmentation:
- Mapped internal DNS zones to services (e.g., file servers, printers, domain controllers)
- Flagged zones for migration or split-horizon reconfiguration
- Documented DNS entries tied to third-party/shared systems

Microsoft 365 / Azure AD Audit:
- Exported users, license usage, mailbox data, and domain federation details
- Identified:
  - Shared mailboxes, distribution groups, Teams memberships
  - Cloud-native vs. synchronized accounts
  - Federated domain dependencies
- Created ownership lists and transfer paths for M365 objects

Validation & Pre-Migration Planning:
- Performed dry-run tests of OU realignment and GPO scoping
- Validated access after removal of test resources
- Prepared migration playbooks for the transition team

This project provided the technical foundation for a clean IT divestiture, ensuring: