• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

Maintaining User accounts in a tree with no root

I have a new client which asked for help because their old IT guy wasn't supporting their needs.  The old company "AT" had two partners which decided to split.  Before the split AT had a tree (AT.com) which was the forest root.  After the split the IT guy (same for both companies) created "TT.com" as a child tree (of the AT.com forest root)  on the new server for the partner that eventually hired me.  The TT server is now a tree on it's own with absolutely no connection (physical, VPN, or otherwise) with AT.  The companies are totally split and the partners want nothing to do with each other.  The TT domain has users and computers as well as multiple shares, permissions, etc, the only thing missing is the forest root.

Since there's no forest root anymore, I can't authorize DHCP or extend the Schema both of which I need to do.  So the question is, how do I proceed?  I know that I'm going to have to blow out AD on the server, but how can I avoid loosing all the user accounts, permissions, computer accounts, local user profiles, etc.

I was thinking of using ADMT to migrate to a new domain (which is root) on a temporary server.  Then move the FSMO roles to the one server that they have and down the temporary server.  However,  I'm not sure I can create the necessary transitive trusts without the forest root being online.

Either way, I need to make sure that the local profiles on all the client computers are retained.  If I have to manually recreate the user accounts and rejoin all the computers, I can do that.  Permissions can be done manually too.

Any recommendations on where to start?  I'm reading the ADMT guide now.
0
121mhz
Asked:
121mhz
  • 3
  • 2
1 Solution
 
Darius GhassemCommented:
You can just start from scratch then just move the profiles over by using the USTM tool which might be the easiest way to move. Without control over the root you are most likely going to have issues.


http://www.microsoft.com/downloads/details.aspx?familyid=799AB28C-691B-4B36-B7AD-6C604BE4C595&displaylang=en
0
 
121mhzAuthor Commented:
USMT is my other option, but that would mean that I would have to blow out the user accounts which I'm trying to avoid, but quickly realizing might not be possible.
0
 
Darius GhassemCommented:
ADMT I thinks needs root settings unless you are moving child domains into a root domain.
0
 
121mhzAuthor Commented:
So there's no better solution then to start from scratch.  Does this sound right:

1) Use USMT to save state on all machines,
2) Remove all machines from the domain
3) Blow Out AD on the server
4) Reinstall AD on the server
5) Recreate all user accounts and permissions
6) Rejoin the domain on all computers
7) Login as user
8) Restore state using USMT

Did I miss anything?
0
 
Darius GhassemCommented:
Nope everything seems in order. Now you can try ADMT but I'm almost 100% sure you are going to need the root domain.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now