Maintaining User accounts in a tree with no root
Posted on 2009-04-23
I have a new client which asked for help because their old IT guy wasn't supporting their needs. The old company "AT" had two partners which decided to split. Before the split AT had a tree (AT.com) which was the forest root. After the split the IT guy (same for both companies) created "TT.com" as a child tree (of the AT.com forest root) on the new server for the partner that eventually hired me. The TT server is now a tree on it's own with absolutely no connection (physical, VPN, or otherwise) with AT. The companies are totally split and the partners want nothing to do with each other. The TT domain has users and computers as well as multiple shares, permissions, etc, the only thing missing is the forest root.
Since there's no forest root anymore, I can't authorize DHCP or extend the Schema both of which I need to do. So the question is, how do I proceed? I know that I'm going to have to blow out AD on the server, but how can I avoid loosing all the user accounts, permissions, computer accounts, local user profiles, etc.
I was thinking of using ADMT to migrate to a new domain (which is root) on a temporary server. Then move the FSMO roles to the one server that they have and down the temporary server. However, I'm not sure I can create the necessary transitive trusts without the forest root being online.
Either way, I need to make sure that the local profiles on all the client computers are retained. If I have to manually recreate the user accounts and rejoin all the computers, I can do that. Permissions can be done manually too.
Any recommendations on where to start? I'm reading the ADMT guide now.