Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to remove un-necesary lower level AD Child Domain as part of new server install/migration.

Posted on 2008-06-12
5
Medium Priority
?
263 Views
Last Modified: 2010-03-05
We have a W2003 AD Domain "city.local" and a child domain of "library.city.local"
The Domain controller for "Library.city.local" is a W2000 AD system - that is being replaced with a W2003R2 system.
The parent Domain is W2003.
It has been decided that the child domain is not required.
We want to find the best method to eliminate the child domain - to minimize the effect on several PC systems
and a Terminal Server that uses a GPO lockdown. A new terminal server will also be introduced.
Wish to transfer as many objects (Computer accounts, users, policies) as possible trying to minimize effort.
There are several PC's that use a hardware lockdown system and GPO lockdowns.
We can do it the hard way - move PC's to workgroup, export AD accounts,etc but looking for time saving steps.
0
Comment
Question by:BobPrinceExpert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Expert Comment

by:martin_babarik
ID: 21772981
Hi, I'd say this article is the info you are looking for:
http://support.microsoft.com/kb/326480/en
Let me know if there is something you want to be explained further.
Regards

Martin
0
 
LVL 7

Accepted Solution

by:
ManicD earned 2000 total points
ID: 21777574
you may also want to lookup information about "movetree" to move AD objects between domains.

This seems like a several step process, first upgrade to 2003, second move the objects across, demote Domain controllers for the child domain, then promote them to the parent domain(if required)
0
 
LVL 1

Author Comment

by:BobPrinceExpert
ID: 21793389
We will look in to "movetree" as that sounds like it fit's in to what we plan to do.
Basically since we are installing new servers - we will set them up in the parent domain.
THen sounds like we can use "movetree" to move over objects that we still need.
In some cases - we have some generic users - so probably recreate them - but move over GPO's,etc.
Thanks for the tip.
Bob
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question