Migrating/Collapse Child Domain into Parent

Posted on 2008-11-14
Last Modified: 2012-05-05
I am charged to collapse a child domain into a parent domain and have the following requirements:
child domain controller will become DC of parent domain
user/group accounts be moved into the parent AD structure
machine accounts will be able to seamlessly logon to parent domain with existing user names and no funniness on local profiles.
I have used the ADMT tool before and uhh well i was wondering if there was a more simple approach to this that someone has done already (my experience was a cross forest migration and it was somewhat ugly)

Question by:pacman_d
    LVL 18

    Expert Comment

    ADMT is going to be your best option here if there are a lot of users.

    Personally, I'm a fan of clean installs, so the last child fold-up I did (actually have another one coming up soon), I migrated the users by hand, reassigned their permissions, re-added them to groups, etc..

    I was able to preserve all their data, including mailboxes, but it wasn't exactly seamless.  For about a week afterwards I would get calls about little things they used to be able to get to, but couldn't now.  Things they used so infrequently they forgot to tell me about them, and I forgot to reset them.  Good thing there was only 10 users left by the time it came down to folding up that domain.

    Either way you go about it, it won't be easy/fun/seamless.

    Best of luck,

    Author Comment

    anyone else?

    Author Comment

    my big questions I guess still are:
    using ADMT to migrate the computer accounts.
    path to demoting the child domain DC re-promoting to DC in the parent domain and not losing any share/file permissions on the file server data on the machine

    Author Comment

    Anyone on the demotion of a DC that also is the file server for the child-domain in question?

    Author Comment

    so I ran a test from the destination (parent) domain side and started to do my test group first.... but the Migrate group SIDs box is greyed out. I have only done this cross forest, not with child/parent domains... anyone?

    Accepted Solution

    sorry... also wanted to mention that these greyed out boxes appear to have "checkmarks" in them. Checked the parent/child trust it is there and SID filtering is disabled.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now