shanepresley
asked on
Migrating from two Active Directory domains to one
We have two seperate Windows 2003 domains. Each has a single domain controller. Let's call the domains dom1 and dom2, and the servers srv1 and srv2.
srv1 is the domain controller for dom1. All our users log onto dom1. All the accounts and permissions are there.
srv2 is the domain controller for dom2. No users log onto this domain anymore, it's mostly retired. However, we do still have a lot of files here. So the server acts mostly like a file server. Permissions are setup based on dom1\username. So no local permissions or accounts are stored on dom2.
I'd like to decomission dom2, and make srv simply a file server for dom1.
What do I need to do to make that switch? Should I just join srv2 to dom1? Or do I need to shut off Active Directory on srv2 first, to retire dom2, then join it to dom1?
srv1 is the domain controller for dom1. All our users log onto dom1. All the accounts and permissions are there.
srv2 is the domain controller for dom2. No users log onto this domain anymore, it's mostly retired. However, we do still have a lot of files here. So the server acts mostly like a file server. Permissions are setup based on dom1\username. So no local permissions or accounts are stored on dom2.
I'd like to decomission dom2, and make srv simply a file server for dom1.
What do I need to do to make that switch? Should I just join srv2 to dom1? Or do I need to shut off Active Directory on srv2 first, to retire dom2, then join it to dom1?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CJRODRIG
Demote it with DCPROMO, then join it to DOM1... A good file system backup will be good before doing it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone. I'm running a full backup now. I'll try DCPROMO tomorrow and update this question with the results.
ASKER
dcpromo worked, and SRV2 is now just a member server of DOM1. Thanks!
One followup question, our laptops (after a reboot) still list two domains DOM1 and DOM2. Of course you can't log into DOM2, and that's fine. But what's making it show up in the list, and how do we remove it?
One followup question, our laptops (after a reboot) still list two domains DOM1 and DOM2. Of course you can't log into DOM2, and that's fine. But what's making it show up in the list, and how do we remove it?
Open Active Directory Domains and Trusts and remove the trust relationship for DOM2. When the machines reboot, they will authenticate against DOM1 again, and with the trust information gone, they should update their lists.
ASKER
That sounds like the right area to look, but there is only one domain listed under Active Directory Domains and Trusts (DOM1). No DOM2 listed and no trusts.
I've rebooted the laptops and authenticated to DOM1 several times but DOM2 still shows up on the list.
I've rebooted the laptops and authenticated to DOM1 several times but DOM2 still shows up on the list.
In the AD Domains and Trusts, did you right click your domain then click properties. Then select the Trust TAB?
Sorry, I guess I should have walked you through the exact steps. It looks like Pber has you on the right path. You have to select the domain first, and then select it's properties. You won't see DOM2 on the left side, but when you go into the properties for DOM1 and select the Trust tab, you should see the entries there for DOM2. Once you remove that, machines that connect to DOM1 will no longer get the option for connecting to DOM2.
ASKER
Thanks everyone, that did the trick. I hadn't looked on the domain properties | trusts