We help IT Professionals succeed at work.

Doing a Domain Swap

Heres the scenario: We currently have a Windows 2000 Server running on the PRODUCTION DOMAIN with 150+ users. We just setup and installed our 2 new Windows 2003 64Bit Servers (one for replication) in a TEST environment with its own separate DOMAIN. Also all the 150+ users are transfered and current on the new servers.

Question 1: We would like to take the 2000 Server out and just swap it with the new 2003 64Bit Servers. How would we be able to swap out the PRODUCTION DOMAIN with the TEST DOMAIN with as little downtime as possible?

Question 2: We have 150+ users currently, How do we go about transitioning over each workstation's DOMAIN from PRODUCTION to TEST?

Question 3: Is there any way we could make these changes remotely rather than going to each individual workstation?

Watch Question

Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

This is not going to work - domains generate unique SIDs when they are created.  If you take a test domain DC and just put it in the production domain, it'll never sync and complain about duplicate names on the network.  

If you pulled a copy of the original domain and that's what the test domain is based on it, it might work, but you could end up with some serious problem as things like passwords for both users and workstations could be horribly out of sync and I'd be worried just what kind of havoc you would create.

The idea behind a test domain is to go through the process at least once of upgrading, see what's likely to happen, address any known issues, try again.  Then when you think you have a smooth upgrade, BACKUP your existing systems and do it to the live production domain.
I would say you need to back up your win2k DC, then join one of the win2k3 servers to that domain (just reload the win2k3 box - safer than removing AD), then promote it to a DC on the win2k domain, then remove the win2k machine, then upgrade the domain to 2k3.  Then join the second server as a secondary DC, since you shouldn't ever have only one DC.

There isn't any easy way to move the objects (computers, accounts, maybe printers, etc.) to the new domain via some backup file or anything.  The only way to move the objects would be to link up the two domains and move the objects through AD, but you'd still have to go around to every workstation and move it over to the new domain.

Obviously moving to a different domain is also going to re-create profiles on all of the workstations, so you're either going to have to deal with complaining users, or you're going to have to do a lot of profile copying too.

Really the only way is to keep the domain and  upgrade it.  Its really pretty easy too - I can't think of any dis-advantages.

As stated by leew it is not that easy. How about a little more info about the servers? What services/roles are they running? Currently it looks like setting up a Trust will get you going for now. But if your goal is to decommission the old 2000 server then you have some more work ahead of you. Provide as much info as possible so we can help you develop a migration plan.


Just to clarify:

We currently have a Domain AD.1234.ORG running in a Windows 2000 mix mode environment.  This is currently our live network with 150 or so users and servers at various different locations.  

Since we need to change the Domain to be AD.ABCD.ORG instead of AD.1234.ORG, we have decided to acquire two new 64-bit servers running Windows 2003 Server with Exchange 2007 and placed it in an isolated test environment for configuration and testing.

The new 64 bit servers are running the new Active Directory, Domain Controller, WSUS, Microsoft Exchange 2007 and Double-take.  The main server is going to be our Production server and the other our Replication server. This is where the Double-take software comes into play. We decided to make this a clean install, instead of migrating all of the user profiles, so we input them manually hence a test environment.

Thank you for your feedback
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

You can try to use the Active Directory Migration Tool... but even with that, you're going to have a LOT of work on your hands. You'd have probably been better off adding the DC to the existing domain and renaming it.
Yep, if you don't want to un-join each machine from the domain, reboot, join the new domain, move the profile - then add the win2k3 machines to the domain, upgrade, then rename the domain.  There isn't any way to move the machines to the new domain with out un-joining and re-joining.  You might be able to move the user accounts, and maybe group policies (if you have any) with a trust, but the machine accounts are still going to be a problem if you do anything other than rename.

This is exactly what the rename programs are for.

That said... I sure with MS had build a better way to move user profiles from one domain to another on a local PC.  Running their move tool really stinks... it works ok when you're going from one machine to another, but its stupid when you're staying on the same machine.
Top Expert 2009

You can use MS tool netdom to unjoin and join your PC from the old domain to the new domain. Netdom is available in your windows 2003 or 2000 support\Tools. To access this command remotely, you need another tool called psexec so:
psexec netdom computer /domain:abc.....
You can replace computer by a text file name with multiple computer names each name in a line.
Check the following instruction of how to use netdom to unjoin (remove) and join your computer from domain:


Explore More ContentExplore courses, solutions, and other research materials related to this topic.