Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need a checklist/planning for moving existing users from OLD to NEW Active Directory.

Posted on 2011-04-19
9
Medium Priority
?
607 Views
Last Modified: 2012-08-13
Hello folks,

I've never done this before, so was hoping to get some advice.  We have an existing AD server on say OLD.edu DNS domain space and need to retire that old 2003 server.  We are building a new 2008 windows server with a new DNS domain space called NEW.edu to replace the old one.  And of course all of our existing servers (web, storage, data, etc.) use/point to the main AD/DNS/DHCP for authentication and such.  Can anyone give some or complete advice/checklist/planning (things to do 1st, 2nd, 3rd, etc.) to accomplish this w/o causing too much downtime (if any at all) during this switch-over?

Thanks.
0
Comment
Question by:montgomeryshire
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35425427
If you just wanted to add the DC to the existing domain it would be much easier.   What you want to do is a full migration to a new domain.

Start with looking at Microsof'ts ADMT white papers and guides.

http://blogs.technet.com/b/askds/archive/2010/06/19/admt-3-2-released.aspx

Thanks

Mike
0
 
LVL 24

Expert Comment

by:Awinish
ID: 35425442
0
 

Author Comment

by:montgomeryshire
ID: 35425533
I'm always skeptical of migration tools.  We can't afford to have things to wrong or have weird unforeseen errors that might pop up causing delay.  

We are planning to just build the NEW server and add perhaps add everyone by hand or use a tool to just migrate ONLY users and computers maybe.

@Mike We recently changed our business name so we'll want to use a new DNS name.  If we join it to the existing domain, wouldn't it have the old DNS name?  (ie.  we want our current servers FILESERVER.OLD.EDU to have the new names like FILESERVER.NEW.EDU)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 24

Expert Comment

by:Awinish
ID: 35425599
Well, you can have the option of adding UPN name & ask user to login using UPN name but that's the just work around, there is no way to get the rid of domain name. Domain rename is a risky, personally would not recommend. For migration you can use ADMT, Quest or NetIQ.

Quest provide all in one like sql,exchange,AD, sms etc where as ADMT is free.So, you need to take a call.
0
 

Author Comment

by:montgomeryshire
ID: 35425871
@Awinish Would I be doing inter or intra-forest migration?  Also, we need to rename the domain, that is the purpose of the project and restructuring.

Thanks.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 35425905
If you are creating a new domain  in same forest where schema master & domain naming master is common will be intraforest, but if you create a separate forest with new domain name & migrate the object it will be inter-forest.

I would not recommend for domain rename,if you are running with Exchange 2007 & above, CA services you can't rename a domain.

MIGRATION is much better option than rename.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35425926
I agree with the migration,   either way is going to take a lot of planning and testing.

Thanks

Mike
0
 

Author Comment

by:montgomeryshire
ID: 35426044
@Awinish thanks for the explanation.  So it looks like we will be doing an intra-forest migration creating a new domain (ABC.def.com) in the same forest (.def.com) as the old domain (XXX.def.com).  Not really sure if I call it a domain rename since we're not renaming the old server, simply retiring/replacing it with the new.
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 35426601
Renaming of domain mean changing the name of the domain keeping everything where they are, in your case you are actually performing a migration coz you will create new domain, move object, applications etc..

Go to my blog will help you to understand the migration & checklist better.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question