[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

collapse all child domain to parent domain

Guys,  Can you help out  Below is my scenario

I have single parent domain (forest) and 5 child domains  I would like to keep just Parent domain and get rid of child domain..

What I like to do,
1. remove all child domain while migrate OU, user and etc to Parent domain.
2. all access rights and password need to be migrate along
3. If possible, I would like to do a copy AD to parent, so, this can be done offline without interfere with users.  So, it is safest way.  (from what I search, this cannt be done)
4. How do you guys handle the file server where security permission assigned to the each of group folder.  Once everything move to parent domain, I have a feeling that this need to be redone manually
5. User profile (I have local profile setting), will user computer creaet new profile when they lock on parent domain after migration complete.

what I have done:
1. ADMT v3 tool to migrate
    - this seems ok to the certain extend.  However, when I run a test, migrated user seem to be clean, no group member or access rights get migrated.  Password was transfer along but user need to change password after logon.  have anyone try on Quest AD migrator by any chance?

2. I am thinking about LDIFDE utility, but it will only copy OU and user.  Password will be null and every accounts will be disable.  Still thinking better way to do it. But good things is that I can just restruct parent domain without having to worry about users.

Anyone can help or any idea are greatly appreciated.
0
powerdom
Asked:
powerdom
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Hey,

I would use MoveTree to shift the users, groups and OUs around within the Forest. Like ADMT this utilises the SIDHistory to maintain access to resources using the old security.

http://support.microsoft.com/kb/238394

You'll lose group membership with this, depending on how many you're doing we could write scripts to work around that.

ADMT is still a good choice for the Computers as you'll have to change the domain membership. That means you should be able to translate the profile, which should maintain the users view of things.

Chris
0
 
chrishudson123Commented:
I will recomment ADMT it self..check ADMT doc,it has everything in detail.
0
 
powerdomAuthor Commented:
1. Movetree is applied to windows 2000 server (according to the link)
2. for ADMT, can you suggest to me a bit more.
    - are there any order of migration, like OU first, then user, then security and so on.

I have readed the document for V3MigGuide.doc from microsoft but still unclear.  Are there anyway, can make a copy of AD (export and import) like.  So, I can avoid any mistake because. once I migrate all user (over 4000) in total, there are no rollback.  

kindly suggest.
0
 
Chris DentPowerShell DeveloperCommented:

I have successfully used MoveTree in a forest running Windows 2003 Server functional level, otherwise I wouldn't have suggested it.

Chris
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now