We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


collapse all child domain to parent domain

powerdom asked
Medium Priority
Last Modified: 2012-06-27
Guys,  Can you help out  Below is my scenario

I have single parent domain (forest) and 5 child domains  I would like to keep just Parent domain and get rid of child domain..

What I like to do,
1. remove all child domain while migrate OU, user and etc to Parent domain.
2. all access rights and password need to be migrate along
3. If possible, I would like to do a copy AD to parent, so, this can be done offline without interfere with users.  So, it is safest way.  (from what I search, this cannt be done)
4. How do you guys handle the file server where security permission assigned to the each of group folder.  Once everything move to parent domain, I have a feeling that this need to be redone manually
5. User profile (I have local profile setting), will user computer creaet new profile when they lock on parent domain after migration complete.

what I have done:
1. ADMT v3 tool to migrate
    - this seems ok to the certain extend.  However, when I run a test, migrated user seem to be clean, no group member or access rights get migrated.  Password was transfer along but user need to change password after logon.  have anyone try on Quest AD migrator by any chance?

2. I am thinking about LDIFDE utility, but it will only copy OU and user.  Password will be null and every accounts will be disable.  Still thinking better way to do it. But good things is that I can just restruct parent domain without having to worry about users.

Anyone can help or any idea are greatly appreciated.
Watch Question

Chris DentPowerShell Developer
Top Expert 2010



I would use MoveTree to shift the users, groups and OUs around within the Forest. Like ADMT this utilises the SIDHistory to maintain access to resources using the old security.


You'll lose group membership with this, depending on how many you're doing we could write scripts to work around that.

ADMT is still a good choice for the Computers as you'll have to change the domain membership. That means you should be able to translate the profile, which should maintain the users view of things.

Chris HudsonCloud Security Architect

I will recomment ADMT it self..check ADMT doc,it has everything in detail.


1. Movetree is applied to windows 2000 server (according to the link)
2. for ADMT, can you suggest to me a bit more.
    - are there any order of migration, like OU first, then user, then security and so on.

I have readed the document for V3MigGuide.doc from microsoft but still unclear.  Are there anyway, can make a copy of AD (export and import) like.  So, I can avoid any mistake because. once I migrate all user (over 4000) in total, there are no rollback.  

kindly suggest.
PowerShell Developer
Top Expert 2010

I have successfully used MoveTree in a forest running Windows 2003 Server functional level, otherwise I wouldn't have suggested it.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.