convert OU to domain
We sometimes have instances where sub-companies (OUs in the present AD structure) in our domain might need to leave the company umbrella. Setting aside the question of whether they should have been setup as child domains in the first place, is there a way to convert these OUs to child domains? Each site has its own set of DCs and Exchange server and its own user, groups, OU, etc. substructures that we would like to retain. We would also need to setup two-way transitive trusts between the DCs, of course. As far as Exchange goes, the mailboxes for the site/OU members are mostly on the site Exchange server or can be moved easily enough. Still, are there any other Exchange considerations that we need to think of? Has anyone done something like this before? Any checklists, how-tos, recommendations, other resources out there?
Are you creating new Forest (and Domain) as a separate Forest from the original?
Also, What version of Exchange is running?
You cannot prune and graft Active directory and there are no inbuilt methods to convert OUs into domains.
ASKER
Thanks for the responses. Clarifications:
1) New child domains originally, with an eye towards possibly expelling those child domains as needed due to org changes.
2) Exchange equals mostly 2003 with some limited 2007.
As KCTS, there seems to be no built-in tool for converting OUs into domains. Also, thanks for the suggestion on the movetree utility, but It seems to me that it is quite limited.
So, after some reading, does it not make sense to demote one of the site DCs at test.com, run dcpromo to turn it into a child domain running along child.test.com, then run ADMT to transfer all computer, groups, users? I am not sure what the pros and cons would be on that. What about GPOs, profiles, etc? Just wondering out loud...I will do some additional reading on it.
1) New child domains originally, with an eye towards possibly expelling those child domains as needed due to org changes.
2) Exchange equals mostly 2003 with some limited 2007.
As KCTS, there seems to be no built-in tool for converting OUs into domains. Also, thanks for the suggestion on the movetree utility, but It seems to me that it is quite limited.
So, after some reading, does it not make sense to demote one of the site DCs at test.com, run dcpromo to turn it into a child domain running along child.test.com, then run ADMT to transfer all computer, groups, users? I am not sure what the pros and cons would be on that. What about GPOs, profiles, etc? Just wondering out loud...I will do some additional reading on it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I agree that ADMT seems to be the way to go. I will download go through the guide, but from the links you have sent and my other reading, it seems like that will accomplish the move with the least amount of disruption. Also, I agree that taking DNS, etc. off of the DCs will be a must. All in all, great brainstorming sessions and I think we have a good path and solution moving forward. Thanks all.
How to Use the MoveTree Utility to Move Objects Between Domains in a Single Forest