Solved

User Migration from 2003 AD to 2008 AD with different domain names and no trusts

Posted on 2011-03-04
10
618 Views
Last Modified: 2012-05-11
Hello Experts,

Have a best practices / how to question for you all. Here's the situation. I administer two domains of two sister companies in two different physical locations. Prior to today there was no need to have the domains "talk" to each other. So everything has been kept completely separate. Two different domains, two different domain names, etc. The companies are now merging, and at the end of April will be co-locating. Company A is moving into same building as Company B. This is a great move for both companies as we can better allocate resources and consolidate servers etc. But that is not the point. Company A has about 25 users, so a small domain. Company B is about 40 users so another small domain. The plan is to completely move all user accounts from Company A onto Company B's domain server, including all shared folders etc. My main concern is: what is the best way to preserve as much of Company A's user profiles, windows settings etc. Currently Company A has a GPO to redirect My Documents onto a network location for all users. Company A is also on a 2003 Enterprise domain, where Company B is on 2008 R2 Domain. Both Company A and Company B are 100% on Windows 7 Pro 64 Bit. I was planning doing this manually with each user utilizing Windows Easy Transfer tool, but having only Fri, Sat and Sunday to achieve this and to physically move Company A's office I'm worried about not having enough time. There are two IT people myself and my Helpdesk techy. Lets please have a discussion on best practices and how to achieve this goal the simplest and least risky way.
0
Comment
Question by:iPromoExpert
  • 4
  • 4
  • 2
10 Comments
 
LVL 3

Author Comment

by:iPromoExpert
ID: 35038951
possible additional relevant info: each user that will have to be migrated will keep the computer that they have at Company A. So technically each profile will still exist on their machine, but a new one will be created for the new domain.
0
 
LVL 32

Expert Comment

by:Rodney Barnhardt
ID: 35043309
May I asked why you are wanting to do this? We had a similar idea in order to move everyone to a pristine, clean AD, rather than just upgrade our old one. We had a MS expert come in from Microsoft for a Q&A. Basically, unless you move all user file shares, Exchange, ect., at one time, this is essentially impossible without causeing the users downtime. We have over 500 users, so we decided this was not possible. Also, you cannot do this and maintain any history without trust. If you want not trust, then you bascially disjoin their computer from the old domain and join it to the new one, and create them a new account to use on the old domain. There is a regeit that will point them back to their old profile on their machine if you are interested in doing it this way. I have done this on small scale (20-30 users) if someone really wanted it.
0
 
LVL 3

Author Comment

by:iPromoExpert
ID: 35044894
I have been waiting to do this because I do mot have a reliable WAN between the two locations and VPN + domain trusts would complicate the set up. Now that the companies are going to be on same physical network it makes a lot more sense. Up to this point company a and b operated as complete separate entities. There is no exchange to worry about as we are in the cloud with that. So the registry tweak would probably be a good solution. I will look this up when I get to a pc. Thanks for participating. Any other suggestions experts?
0
 
LVL 32

Expert Comment

by:Rodney Barnhardt
ID: 35044938
I can send it to you later. I am moblie and do not have access to my laptop at the moment.
0
 
LVL 3

Author Comment

by:iPromoExpert
ID: 35044951
Likewise :) sure if you have it available post it up here.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:markdmac
ID: 35046623
I think your time frame is unrealistic and would recommend a two step approach to ensure you get it all done.

First, move both environments into the same building.  Doing that with so many PCs will take you the whole weekend.  Leave the domains as they are until the following weekend.

Second, during the week you can use robocopy to copy over all user data from domain A to domain B.  Save your robocopy commands in a batch file so you can easily execute them again to pick up any new files.  Execute this batch file multiple times throughout the week.  

The robocopy switches I would recommend you use with an example:  ROBOCOPY \\domainAServer\Share  \\domainBServer\Share /S /E /XO /R:0 /W:0
The /XO switch says to ignore files that are the same or older, so subsequent runs of the command will only copy new or updated files.


When the time comes to move the domain A users to domain B, you can use ADMT to move over the user and computer objects as long as neither domain is running SBS.  If they do have SBS then use the profile migration tool from ForensIT.com.
0
 
LVL 32

Accepted Solution

by:
Rodney Barnhardt earned 400 total points
ID: 35056147
Here is the regedit we used when we did this for about 30 users. The only problem is you have to touch every machine. You will need to find out which SID is for the old domain and which is for the new. The best thing to do is to do this search before you disjoin and re-join the computer to the new domain.

Once you have disjoined and re-joined the domain, log into the system with the user's account in the new domian. This will create a profile on the system, the log off. Now, follow these steps:

1. Log on to the system by using an administrative user account other than the user account that is being migrated (preferable local admin).
2. Back up all data in the current user's profile folder if the profile folder still exists, and then delete the profile folder. By default, the profile resides in the following location: %SystemDrive%\Users\UserName (although we only did this on execs)
3. Click Start, type regedit in the Start Search box, and then press
ENTER.

4. Collapse this imageExpand this imageIf you are prompted for an administrator password or for confirmation, type your password, or click Continue.
Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

5. Next, copy the path for the old profile, locate the SID for the new profile, and paste that path, replacing the path on the new profile.

6. Delete the registry key for the old SID.

Now, log off and log in with the new domain account. The user should get their original desktop, files, etc.


0
 
LVL 15

Assisted Solution

by:markdmac
markdmac earned 100 total points
ID: 35056556
The ForensIT ProfileMig tool will do that a lot cleaner for you rbernhardt, I used to employ the same tactic as you but we would find problems later on down the road with permissions in the registry.  If you do it the way you suggest, you also need to assign full permissions in the registry to the users hive and you need to assign NTFS permissions to the user profile directory.
0
 
LVL 32

Expert Comment

by:Rodney Barnhardt
ID: 35056617
We only did this for one project at a previous company. The former IT staff had set up all 6 offices as seperate domain and forest. While they were on Exchange 5.5 that was fine, since it was stupid and didn't care. When we migrated to Exchange 2003, that became a problem. Since, by then, the company was on a VPN mesh and faster links, one forest and domain made more since. The offices ranged from 10 to 40 people.
0
 
LVL 3

Author Comment

by:iPromoExpert
ID: 35098100
Thanks for all the help, we will use a hybrid solution of regex and ForensIT ProfileMig tool
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now