I am a petrol head; I love the smell of burning fuel. I always service my car at the right time, wash it regularly, put in the best oil which is recommended, and do all the tune ups when required. Because of that, my little beast never gets me in trouble when I am on the wheels, touch wood!

Likewise, it doesn't matter how good your Active Directory infrastructure is today; if you do not maintain and tune it, you are not going to get much out of it. Following, I have listed things you need to do after Active Directory migration to get the most out of it:

• Add to the monitoring system: The new domain controllers now hold the responsibilities of your identity infrastructure. It is important to get notified if there is any failure of the hardware or system service which will affect company operations. For that task, I prefer to use an advanced application layer monitoring system, such as SCOM or OMS, which not only alerts about service and system failures, but also predicts issues in advance and allows engineers to rectify them. OMS also provides guidance based on Microsoft best practices to improve the performance and security in the identity infrastructure.
• Add to the DR solution: In the event of hardware failure or natural disaster, the company should be able to recover its workloads to continue its operations. It can be backed up, or you can use any other DR solution. My preference for this is to keep additional domain controllers in DR sites, along with backup. In a disaster, it will allow the other application to continue its operations with minimum impact. Once you add new domain controllers to the backup or DR solution, make sure to test them periodically to verify the validity.
• Implement new features: Once the domain and forest functional levels are updated, you can start implementing or start using the new features of AD DS 2016, that I described in Chapter 2, Active Directory Domain Services 2016. Applying new features is one main objective of any AD DS migration project. When applying features, try to apply them first to test devices or a group of test users before applying them organization-wide. It will minimize the impact if you need to alter it or completely remove it. The features you can use for your organization depend on the organization's business model and operations.
• Group Policy reviews: Group policies can be used to manage systems, application and security settings for users, devices, and other resources in the Active Directory infrastructure. As the system migrates from one AD DS version to another, Group Policy capabilities change too. In an infrastructure, there can be group policies which contain legacy settings no longer valid for the organization's operations. Or else, the newer AD DS version may have a better way of doing things. Therefore, after AD DS migrations, review your group policies and make any required amendments or implementations. For Group Policy testing, always try it against a test group and test devices before applying it to production.
• Documentation: Documentation is required for any system implementation. Once the migration process is complete, prepare a document including data about design, implementation steps, configuration changes, test results, resources that have been used, Group Policy changes, new feature configurations, and so on. It will be a good starting point for engineers and management to plan future AD DS migrations. Also, it will help engineers in maintenance and system troubleshooting.