?
Solved

Best way to migrate an active directory 2000 child domain and recreate it with AD 2003 with same domain name

Posted on 2007-11-20
8
Medium Priority
?
310 Views
Last Modified: 2010-03-17
I need to migrate our child domain out of an AD 2000 forest and make it the root of the new forest.  

Currently have a root forest with three child domains within it. I want to migrate our child domain out (230 user accounts) and build an AD 2003 network and keep the same domain name that our child domain currently has. I'm testing tools like NetIQ's Domain Migration Admin... Anyone else used this software? Its really difficult to find documentation on migrating a AD domain out of one forest and recreating it into its own.  

Any direction is greatly appreciated
0
Comment
Question by:andersenks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 20324935
> "build an AD 2003 network and keep the same domain name that our child domain currently has"

This is going to be nigh impossible if your goal is a graceful migration, as all of the migration tools (ADMT, the Quest/NetIQ/etc. tools) require a trust relationship between source and target domains, and you cannot configure a trust if the source and target domains have the same NetBIOS name.

Two choices:

[1]  Configure a third "swing" domain as a go-between, so that you would migrate from the old a.com to b.com, and then from b.com to the new a.com

[2]  Rename the 2003 domain after the migration has been completed, so migrate a.com to b.com, and then once the migration is 100% complete, rename b.com to a.com.
0
 

Author Comment

by:andersenks
ID: 20324944
Thanks Laura.... any preference over ADMT and third party tools like NetIG?
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20324955
I like the Quest product set as a rule, but they're priced per seat and the cost can knock you off of your chair.  ADMT, for the price (free), is surprisingly high-functioning.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20325222
mmm i am a fan of ADMT - the only thing i found was a prick was the password migration....so i reset them all and just let users scream :) the rest was fantastic to use actually
0
 

Author Comment

by:andersenks
ID: 20353193
Suppose I choose this route...

[2]  Rename the 2003 domain after the migration has been completed, so migrate a.com to b.com, and then once the migration is 100% complete, rename b.com to a.com.

Would I have to add all the servers and work station to the new domain before renaming it or can I rename it first then add the devices to the newly renamed domain? I'm guessing that I will need to add all workstation and PC's first then rename the domain.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20353410
Your guess is correct.  In order to migrate the workstations gracefully, both source and target domain need to be online and available at the same time, and you would need to decommission the source domain before you will be able to rename the target domain as you describe.
0
 

Author Comment

by:andersenks
ID: 20363176
One more question.... What if I were to just demote the DC's on this Child domain and recreate the network from scratch. What I'm asking is, what are the benifets of doing a migration over just building it anew. It seems even with an AD migration you still have to go to each machine and re-add it to the newly created domain. With AD migration will users have the same desktop profile they used on the old domain? Will printers and shares still be there or will they need to be created?

I guess that was more than one question...

Cheers
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20363216
with the migration, they still get their profiles (if Roaming) thats about it....

I prefer a clean install where i can, but it depends how many users you have and how much time you have....the migration path can be a royal PITA...Most stuff ends up being recreated if you dont have roaming profiles
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question