Merging one domain into another, pitfalls?

Posted on 2009-12-16
Last Modified: 2012-05-08
Our company currently has 2 domains.  MainDomain.local has 5 branches connected to it, and about 100 computers and 80 or so users.  Each branch also has a server that handles DHCP, DNS and acts as a file server for that branch.  The main branch also has an Exchange server that everyone connects to.  CampDomain.local has 8 users and about 10 computers.  They used to be on ISDN, which is why they were put on their own network.  Their server handles DNS, DHCP and file server duties.  They connected to the main site via VPN for Exchange, where they also had an account (each user at CampDomain essential had 2 logins).

I've finally been able to put them on a T1, so I want to get rid of the CampDomain and get everyone on MainDomain.  Is there a recommended way to do this?  Here's my current plan:

Back up the file server stuff.
Use dcpromo and remove all the roles on the CampDomain server.
Change the domain to MainDomain.
Change all the permissions on the file shares to the accounts on MainDomain.
Set up DNS and DHCP.
Change the domain on the client computers to MainDomain.
See what that breaks and possibly set up each user fresh on their computer.

I'm guessing there is an easier way to migrate these together that I don't know about.  I'm sure I'm missing some things that are going to go wrong as well.  Thanks!
Question by:AdamYMCA
    LVL 19

    Accepted Solution

    Ever heard of the ADMT? ( It's a migration tool from Microsoft, which when used properly, should allow you to migrate all the objects from your CampDomain to your MainDomain.

    Do you already have a trust set up between these 2 domains?

    This is the way I would do it - Create a trust between the 2 domains. Use ADMT to migrate all objects from CampDomain to MainDomain, including the piece on SIDHistory, which will allow the users that get migrated to continue to access resources on their old domain without any changes. This helps a lot to ensure continuity during the migration.

    Once your users and clients etc are nicely over to the new domain, and all have their new profiles on their PCs etc, you can start to bring your member servers across to the new domain as well, 1 by 1, testing each thoroughly as you go.

    Finally, when everything is across and using the new domain completely, you can demote the CampDomain DC (thus deleting the domain if it's the only DC for that domain), make it a member of the new domain, and then repromote to DC status...

    Well, that's it in a nutshell, at least...

    I could prattle on for ages on the use of ADMT, but it's easier to provide you with some reading material to get a better idea of how it works.

    Have a look through these:

    Don't worry that the versions of OS are slightly different, just use the articles to get a better idea of how it all works... Then come back and we can continue to discuss and answer questions etc.


    LVL 70

    Assisted Solution

    You cant actually "merge" two domains together, or for that matter split them apart, there is no facility to "prune and graft" in active directory.

    You essentially have two options. You can join the two domains with a trust which will allow users in one domain to access resources in the other - see

    or you can export all of active directory data from one domain, import it into the other and then decommission the old domain - the tool to move the AD information is the ADMT tool to which PeteJThomas has already drawn your attention to.
    LVL 1

    Author Comment

    Bleh, it deleted my comments.  I'm going to work on setting up a trust and see if that will be enough.  Thanks for you help!  When I run into issues I'll post a new question.
    LVL 19

    Expert Comment

    To be fair, there's no reason a trust wouldn't work for you. You'll essentially then be able to give users from each domain permissions to access resources on the other domain.

    If that's all you need to do, and have no specific need to decommision the CampDomain, then it's your best option. Plus it's a hell of a lot easier... and the implications of a trust failure are far less than that of a migration failure... :)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Network it in WD Red

    There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now