User Migration from 2003 AD to 2008 AD with different domain names and no trusts

Hello Experts,

Have a best practices / how to question for you all. Here's the situation. I administer two domains of two sister companies in two different physical locations. Prior to today there was no need to have the domains "talk" to each other. So everything has been kept completely separate. Two different domains, two different domain names, etc. The companies are now merging, and at the end of April will be co-locating. Company A is moving into same building as Company B. This is a great move for both companies as we can better allocate resources and consolidate servers etc. But that is not the point. Company A has about 25 users, so a small domain. Company B is about 40 users so another small domain. The plan is to completely move all user accounts from Company A onto Company B's domain server, including all shared folders etc. My main concern is: what is the best way to preserve as much of Company A's user profiles, windows settings etc. Currently Company A has a GPO to redirect My Documents onto a network location for all users. Company A is also on a 2003 Enterprise domain, where Company B is on 2008 R2 Domain. Both Company A and Company B are 100% on Windows 7 Pro 64 Bit. I was planning doing this manually with each user utilizing Windows Easy Transfer tool, but having only Fri, Sat and Sunday to achieve this and to physically move Company A's office I'm worried about not having enough time. There are two IT people myself and my Helpdesk techy. Lets please have a discussion on best practices and how to achieve this goal the simplest and least risky way.
Who is Participating?
Rodney BarnhardtConnect With a Mentor Server AdministratorCommented:
Here is the regedit we used when we did this for about 30 users. The only problem is you have to touch every machine. You will need to find out which SID is for the old domain and which is for the new. The best thing to do is to do this search before you disjoin and re-join the computer to the new domain.

Once you have disjoined and re-joined the domain, log into the system with the user's account in the new domian. This will create a profile on the system, the log off. Now, follow these steps:

1. Log on to the system by using an administrative user account other than the user account that is being migrated (preferable local admin).
2. Back up all data in the current user's profile folder if the profile folder still exists, and then delete the profile folder. By default, the profile resides in the following location: %SystemDrive%\Users\UserName (although we only did this on execs)
3. Click Start, type regedit in the Start Search box, and then press

4. Collapse this imageExpand this imageIf you are prompted for an administrator password or for confirmation, type your password, or click Continue.
Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

5. Next, copy the path for the old profile, locate the SID for the new profile, and paste that path, replacing the path on the new profile.

6. Delete the registry key for the old SID.

Now, log off and log in with the new domain account. The user should get their original desktop, files, etc.

iPromoExpertAuthor Commented:
possible additional relevant info: each user that will have to be migrated will keep the computer that they have at Company A. So technically each profile will still exist on their machine, but a new one will be created for the new domain.
Rodney BarnhardtServer AdministratorCommented:
May I asked why you are wanting to do this? We had a similar idea in order to move everyone to a pristine, clean AD, rather than just upgrade our old one. We had a MS expert come in from Microsoft for a Q&A. Basically, unless you move all user file shares, Exchange, ect., at one time, this is essentially impossible without causeing the users downtime. We have over 500 users, so we decided this was not possible. Also, you cannot do this and maintain any history without trust. If you want not trust, then you bascially disjoin their computer from the old domain and join it to the new one, and create them a new account to use on the old domain. There is a regeit that will point them back to their old profile on their machine if you are interested in doing it this way. I have done this on small scale (20-30 users) if someone really wanted it.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

iPromoExpertAuthor Commented:
I have been waiting to do this because I do mot have a reliable WAN between the two locations and VPN + domain trusts would complicate the set up. Now that the companies are going to be on same physical network it makes a lot more sense. Up to this point company a and b operated as complete separate entities. There is no exchange to worry about as we are in the cloud with that. So the registry tweak would probably be a good solution. I will look this up when I get to a pc. Thanks for participating. Any other suggestions experts?
Rodney BarnhardtServer AdministratorCommented:
I can send it to you later. I am moblie and do not have access to my laptop at the moment.
iPromoExpertAuthor Commented:
Likewise :) sure if you have it available post it up here.
I think your time frame is unrealistic and would recommend a two step approach to ensure you get it all done.

First, move both environments into the same building.  Doing that with so many PCs will take you the whole weekend.  Leave the domains as they are until the following weekend.

Second, during the week you can use robocopy to copy over all user data from domain A to domain B.  Save your robocopy commands in a batch file so you can easily execute them again to pick up any new files.  Execute this batch file multiple times throughout the week.  

The robocopy switches I would recommend you use with an example:  ROBOCOPY \\domainAServer\Share  \\domainBServer\Share /S /E /XO /R:0 /W:0
The /XO switch says to ignore files that are the same or older, so subsequent runs of the command will only copy new or updated files.

When the time comes to move the domain A users to domain B, you can use ADMT to move over the user and computer objects as long as neither domain is running SBS.  If they do have SBS then use the profile migration tool from
markdmacConnect With a Mentor Commented:
The ForensIT ProfileMig tool will do that a lot cleaner for you rbernhardt, I used to employ the same tactic as you but we would find problems later on down the road with permissions in the registry.  If you do it the way you suggest, you also need to assign full permissions in the registry to the users hive and you need to assign NTFS permissions to the user profile directory.
Rodney BarnhardtServer AdministratorCommented:
We only did this for one project at a previous company. The former IT staff had set up all 6 offices as seperate domain and forest. While they were on Exchange 5.5 that was fine, since it was stupid and didn't care. When we migrated to Exchange 2003, that became a problem. Since, by then, the company was on a VPN mesh and faster links, one forest and domain made more since. The offices ranged from 10 to 40 people.
iPromoExpertAuthor Commented:
Thanks for all the help, we will use a hybrid solution of regex and ForensIT ProfileMig tool
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.