How to migrate domain computers and users accounts

Posted on 2011-03-14
Last Modified: 2012-05-11
I plan to replace a Win2003 Std SBS R2 SP2 server-computer (old box).
The server is the sole domain controller in a network with 3 other Win 2003 member servers and 50+ XP Pro workstations.
The replacement server computer (new box) is spanking new.
I have dismissed the idea of simply restoring a backup image of the old box to the new box.
The old box is a few years and contains a fair amount of quirky stuffs. No sense in replicating the instability into a new box. The new box has now been clean installed with a fresh OS. No configuration has been done yet, except that the new box has the same domain\name as the old. Question;
1) Are there ways to safely replicate computer and user accounts from the old to the new box?
Exchange mail store need not be included. The new box can start of fresh with empty user mail-boxes.

I have briefly looked at MS ADMT tool. But found that it will migrate more than just computer and user accounts. Besides, I have no experience with using it.
I have also thought of trying a Win 2003 backup of the old box system settings and restore to the new box. But with different disk/folder structure of the new box, this could also spell trouble.

As you can see, I need the advice of Experts who may have done the above before.

Question by:garychu
LVL 95

Expert Comment

by:Lee W, MVP
ID: 35133700
It's rare that an Active Directory is actually corrupt and shouldn't be upgraded/migrated.  I would suggest a swing migration (I've never liked using ADMT) because you're too big to start clean without causing yourself weeks, if not months of headaches migrating users.

I would suggest determining what is wrong with AD, fixing it, migrating to the new server.

Expert Comment

ID: 35133773
I agree somewhat with Leew. At the 50 user/pc mark though, it may be a great time to analyze if AD and the overall structure could use a refresh. Did you inherit this organization from someone that knew what they were doing or is it hodge podged? There are a number of different methods you could use to migrate things over (permissions/security etc., but it will depend on what route you want to go)

You mention there are 3 other servers, what's running on these?
I personally would suggest using X Copy and migrating things over that way. You didn't state, but I can only assume that you are moving to a new server with 2003, but could be mistaken.

I really wouldn't recommend building a new '03 box simply because you will surely find yourself doing a similar move again in a year or two. (But that's completely up to you)

Anyways, I didn't want to pose too many questions, but I think there is a lot of info that we will need to better help you with this.

Expert Comment

ID: 35134142
I agree with @leew, swing migration or SBS migration is the way to go.  At least run the IT Environment Health Wizard or SBS Best Practices Analyzer to make sure AD is clean, and do a migration.  Any replication based method will be easier b/c you won't have to rejoin all of the desktops to a new domain.
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

ID: 35134544
Thanks, experts for the speedy response.
1) I did not think that there is anything wrong with the AD in the existing server.
It's just that the existing server is not very stable. Could be the results of previous failed patches, updates, malwares etc. Time consuming to track down and fix periodical errors - also beyond my capabilities.

2) Two of the 3 other member servers run Win2003 Std SP2. Both are dedicated application servers. The remaining one runs Win2000 SP4 and is used as a terminal server for remote workers.

3) The new server box has been installed with Win2003 Std SBS R2 SP2. It is a clean, fresh installation.

It is quite a busy network. The key point is I do not relish the idea of rejoining some 50+ desktops (and 70+ users) to a new DC. Any means of migrating over computers/users accounts (and their related permissions etc) would be a big help.
Advantage I thought of using a new box offline is I could check for a successful migration, rolling back if necessary. Without disrupting the network. Just replace the old box with the new box when ready with minimal configuration. Am I being naive?

My knowledge of SBS swing migration is limited to a conceptual level only.
I have heard some horror stories. Some of which required Jeff Middleton's personal intervention to resolve!
Can you please help point me to some resources which cover actual implementation steps in detail?

Accepted Solution

bwiser1 earned 500 total points
ID: 35138408

Below is a link that shows more of a typical swing type scenario. They have packages that include suppport and offer a SBS 2003 to SBS2003 swing for what I feel is a pretty reasonable fee. You might look it over and see if you feel it would be beneficial. Conceptually swings aren't all that difficult, but there will likely be a couple items you may have trouble with performing your first one and I think that'd be well worth your money.

You can learn more about it at:

Please let me know if I can be of further help or also answer any other questions you might have.

Author Closing Comment

ID: 35161555
Looks to be the way to go.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question