Validation Topology
NOBA's core migration flows have been validated in a real remote lab, not only against static demo data. This page documents what was exercised and where design-partner validation still matters.
Lab Shape
| Area | Validated environment |
|---|---|
| Sites | Two real remote locations connected over WAN/ISP links, with a 4-host cross-site connectivity matrix verified across the final run. |
| Virtualization | Four Proxmox hosts used to run and isolate the test environments. |
| Directories | Samba AD DCs, Windows Server 2025 AD, and an Azure AD / Entra ID development tenant. |
| Flow style | Connection tests, discovery, mapping, dry-run, reconciliation, pre-flight, migration execution, authentication verification, and evidence/reporting paths. |
AD Validation Evidence
| Area | What was exercised | Current boundary |
|---|---|---|
| Sync | Azure AD / Entra Graph API and Samba LDAP sync against real directory data, including role mapping, disabled-user filtering, and cross-directory linking. | Small directory sizes; 1000+ user performance remains a design-partner validation target. |
| Migration directions | LDAP-to-LDAP, Azure-to-LDAP, LDAP-to-Azure, and broader MSAD/Samba/Azure direction coverage recorded in the AD PoC. | Path coverage is strong; customer-scale row-volume testing is still needed. |
| Windows AD behavior | Server 2025 LDAPS via ADCS, LDAP signing-sensitive paths, PSO detection, nested groups via MATCHING_RULE_IN_CHAIN, tombstones, AdminCount/AdminSDHolder, and service-account SPN discovery. | SID history and some cutover-specific enterprise policies still need customer-context validation. |
| LAPS and machines | Windows LAPS lifecycle: schema, domain join, LDAP password read, expiry freeze, encrypted-password behavior, and machine OU move preserving LAPS passwords. | BitLocker recovery-key backup and machine unjoin/rejoin remain bounded until exercised on the right endpoint setup. |
| Scale | 100-user throughput runs recorded at 1.0-8.8 users/sec on the SQLite-backed beta test profile while the same 4-host Proxmox lab was also carrying cross-site AD validation; 484/491 AD tests passed, with expected failures documented. | This is workflow path coverage and small-load evidence, not a known AD architecture ceiling. PostgreSQL and Redis-backed caching are available for heavier deployments, but multi-thousand-user validation still requires customer or design-partner infrastructure. |
What This Proves
- The core AD migration and cross-domain workflow is not a static mockup; it was exercised against real directory controllers and Microsoft Graph paths.
- NOBA handled real cross-site network boundaries instead of assuming a single clean local test subnet.
- The product paths for directory connection, discovery, mapping, safety checks, execution, authentication verification, and evidence summaries were validated end-to-end within current hardware and tenant limits.
Recent Gap Closure
- Live-infrastructure CI now exercises maintained PostgreSQL, MySQL, and AD-backed test environments so some evidence paths are no longer purely manual.
- Recent beta releases closed honesty gaps in scoring and removed placeholder-success behavior from several enterprise surfaces.
- The remaining integration gaps and unwired action surfaces are being tracked as explicit follow-up work rather than silently counted as done.
What Still Needs Broader Validation
- Larger customer directories with hundreds or thousands of users and groups.
- Messier OU structures, legacy ACL conventions, stale objects, and conflicting naming policies.
- More Samba, hybrid AD/Entra, M&A, and cross-domain edge cases than one internal lab can realistically cover.
- Customer-specific compliance evidence expectations and production cutover constraints.
How Design Partners Should Evaluate
- Start with the mock-data cross-domain demo to understand the operator flow.
- Install the beta in a controlled lab environment and connect non-production directories first.
- Run discovery, mapping, reconciliation, and dry-run paths before any write-side execution.
- Define explicit rollback and cutover criteria before testing production-like data.
Walk the AD demo
Review the cross-domain operator flow with mock data before connecting real directories.
Install the beta
Run NOBA in your own controlled lab and compare it against your topology.
Join validation
Tell us which validation area matters most: AD migration, agents/fleet, security/compliance, or general evaluation.
This is deliberate beta positioning: NOBA has gone beyond toy validation, but customer-scale proof still requires customer-scale environments and willing design partners.