Merging one domain into another, pitfalls?

Our company currently has 2 domains.  MainDomain.local has 5 branches connected to it, and about 100 computers and 80 or so users.  Each branch also has a server that handles DHCP, DNS and acts as a file server for that branch.  The main branch also has an Exchange server that everyone connects to.  CampDomain.local has 8 users and about 10 computers.  They used to be on ISDN, which is why they were put on their own network.  Their server handles DNS, DHCP and file server duties.  They connected to the main site via VPN for Exchange, where they also had an account (each user at CampDomain essential had 2 logins).

I've finally been able to put them on a T1, so I want to get rid of the CampDomain and get everyone on MainDomain.  Is there a recommended way to do this?  Here's my current plan:

Back up the file server stuff.
Use dcpromo and remove all the roles on the CampDomain server.
Change the domain to MainDomain.
Change all the permissions on the file shares to the accounts on MainDomain.
Set up DNS and DHCP.
Change the domain on the client computers to MainDomain.
See what that breaks and possibly set up each user fresh on their computer.

I'm guessing there is an easier way to migrate these together that I don't know about.  I'm sure I'm missing some things that are going to go wrong as well.  Thanks!
LVL 1
AdamYMCAAsked:
Who is Participating?
 
PeteJThomasConnect With a Mentor Commented:
Ever heard of the ADMT? (http://www.microsoft.com/downloads/details.aspx?familyid=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en) It's a migration tool from Microsoft, which when used properly, should allow you to migrate all the objects from your CampDomain to your MainDomain.

Do you already have a trust set up between these 2 domains?

This is the way I would do it - Create a trust between the 2 domains. Use ADMT to migrate all objects from CampDomain to MainDomain, including the piece on SIDHistory, which will allow the users that get migrated to continue to access resources on their old domain without any changes. This helps a lot to ensure continuity during the migration.

Once your users and clients etc are nicely over to the new domain, and all have their new profiles on their PCs etc, you can start to bring your member servers across to the new domain as well, 1 by 1, testing each thoroughly as you go.

Finally, when everything is across and using the new domain completely, you can demote the CampDomain DC (thus deleting the domain if it's the only DC for that domain), make it a member of the new domain, and then repromote to DC status...

Well, that's it in a nutshell, at least...

I could prattle on for ages on the use of ADMT, but it's easier to provide you with some reading material to get a better idea of how it works.

Have a look through these:

http://support.microsoft.com/kb/326480
http://www.petri.co.il/active_directory_migration_tool_usage_w2k_windows_2003.htm

Don't worry that the versions of OS are slightly different, just use the articles to get a better idea of how it all works... Then come back and we can continue to discuss and answer questions etc.

HTH

Pete
0
 
Brian PierceConnect With a Mentor PhotographerCommented:
You cant actually "merge" two domains together, or for that matter split them apart, there is no facility to "prune and graft" in active directory.

You essentially have two options. You can join the two domains with a trust which will allow users in one domain to access resources in the other - see http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

or you can export all of active directory data from one domain, import it into the other and then decommission the old domain - the tool to move the AD information is the ADMT tool to which PeteJThomas has already drawn your attention to.
0
 
AdamYMCAAuthor Commented:
Bleh, it deleted my comments.  I'm going to work on setting up a trust and see if that will be enough.  Thanks for you help!  When I run into issues I'll post a new question.
0
 
PeteJThomasCommented:
To be fair, there's no reason a trust wouldn't work for you. You'll essentially then be able to give users from each domain permissions to access resources on the other domain.

If that's all you need to do, and have no specific need to decommision the CampDomain, then it's your best option. Plus it's a hell of a lot easier... and the implications of a trust failure are far less than that of a migration failure... :)

Pete
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.