collapse all child domain to parent domain

Posted on 2009-02-13
Last Modified: 2012-06-27
Guys,  Can you help out  Below is my scenario

I have single parent domain (forest) and 5 child domains  I would like to keep just Parent domain and get rid of child domain..

What I like to do,
1. remove all child domain while migrate OU, user and etc to Parent domain.
2. all access rights and password need to be migrate along
3. If possible, I would like to do a copy AD to parent, so, this can be done offline without interfere with users.  So, it is safest way.  (from what I search, this cannt be done)
4. How do you guys handle the file server where security permission assigned to the each of group folder.  Once everything move to parent domain, I have a feeling that this need to be redone manually
5. User profile (I have local profile setting), will user computer creaet new profile when they lock on parent domain after migration complete.

what I have done:
1. ADMT v3 tool to migrate
    - this seems ok to the certain extend.  However, when I run a test, migrated user seem to be clean, no group member or access rights get migrated.  Password was transfer along but user need to change password after logon.  have anyone try on Quest AD migrator by any chance?

2. I am thinking about LDIFDE utility, but it will only copy OU and user.  Password will be null and every accounts will be disable.  Still thinking better way to do it. But good things is that I can just restruct parent domain without having to worry about users.

Anyone can help or any idea are greatly appreciated.
Question by:powerdom
    LVL 70

    Expert Comment

    by:Chris Dent


    I would use MoveTree to shift the users, groups and OUs around within the Forest. Like ADMT this utilises the SIDHistory to maintain access to resources using the old security.

    You'll lose group membership with this, depending on how many you're doing we could write scripts to work around that.

    ADMT is still a good choice for the Computers as you'll have to change the domain membership. That means you should be able to translate the profile, which should maintain the users view of things.

    LVL 3

    Expert Comment

    I will recomment ADMT it self..check ADMT doc,it has everything in detail.

    Author Comment

    1. Movetree is applied to windows 2000 server (according to the link)
    2. for ADMT, can you suggest to me a bit more.
        - are there any order of migration, like OU first, then user, then security and so on.

    I have readed the document for V3MigGuide.doc from microsoft but still unclear.  Are there anyway, can make a copy of AD (export and import) like.  So, I can avoid any mistake because. once I migrate all user (over 4000) in total, there are no rollback.  

    kindly suggest.
    LVL 70

    Accepted Solution


    I have successfully used MoveTree in a forest running Windows 2003 Server functional level, otherwise I wouldn't have suggested it.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now