Migration without AD


I have a big challenge, at least for me. Pasted december the previous administrator migrated from NT 4 to 2000. It seem like it is a mess, so I need to do a clean install. The challenge is to move users from the old intallation to the new, but I don't want to copy the AD because I don't want the same mess on another domain.

Right now we have our root domain with five child domains, and the idea is to have just one domain. So I want to do this as seemless as possible, and especially I don't want to go to each computer other than the servers (If possible).

Bottom line, I need to migrate users, computers, and shares from my old 2k installation in various domains to the new one. The new domain would have the same name as my current root domain. I don't know if I am making my self clear, but the idea is not to move the whole AD. I just want to move what I mentioned, and do the least possible on each client.

I hope anyone can help me, I'll accept other alternatives.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ivan_mxAuthor Commented:
I forgot, we do have an exchange server. We are thinking of moving to 2003 if necessary, but it really would not make a difference.
It's actually not as bad as you think.

I don't have the complete picture i guess because if you have all of these domains then the organization may be large or the IT department may have wanted some partitioning of the enterprise in some way.

First question - Would you like to keep the current name space or are you planning to change it to something else (i.e. from MessyDomain.com to PrestineDomain.Com ) ha..ha.

If you need to keep the name space than that will make things a little bit more difficult but still do able.

Sorry i didn't read your post completely.

If the root domain just a place holder or does it contain user accounts?

I have done plenty of migrations projects that seemed like a disaster but after i calmly gave it some thought i found a resolve.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

ivan_mxAuthor Commented:
I guess I have both scenarios.

root.com would stay the same.

The users, computers, and shares from:

child1.com would move to root.com
child2.com would move to root.com
child3.com would move to root.com
child4.com would move to root.com
child5.com would move to root.com

I don't know if this answers your question.
ivan_mxAuthor Commented:
My root also contains users.
Before you do any kind of migration or restructure try and remove any useless junk out of the old AD so that you have less to deal with.

Is there group policy set on any of the child domains? Do you know if there was any NT policies?

....and the plot thickens.

Here is what i would do despite not having the whole picture clearly in mind.

I would first remove all useless crap (Users, computer icons, ect..).

I would then consolodate the domains by migrating the user accounts from the child domains to the root domains using the ADMT tool (First i would test this by copying a user account with many settings and then migrating that account and test it)

- I assume your exchange server is in the root domain.

Use another machine as an additional domain controller in the root domain. Consider transfering all the roles to that machine and demoting the original if it contains operating system problems.

Moving the exchange server is more difficult.

Before you remote any NT servers that are domain controllers deactivate any policies that the NT machines have on them. (Simply delete them with cause the policies to be Tatooed on to the machine's registries and then you'll be hurtin)

NOTE: Don't make too many changes too soon or you my have problems. Document everything you are doing so that you have reference info. Try and use a program like Visio to create flow charts to get a clearer picture. Get a copy of Norton Ghost so that you can image machine incase there is a disaster. Perform backups if possible.

Hope any of this helps.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ivan_mxAuthor Commented:
Ok, I checked the Group Policy and I don't have any. We don't have any NT server running now.
But if I move the users would I still have the same SID, or would I need to do some extra work at the clients' computers.?
ivan_mxAuthor Commented:
I created a new domain and I'm trying to change users from my old domain to the new. I'm trying to use netdom to migrate one user, just as a test. Does anybody knows how to do this?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.