Changing Domain

Posted on 2011-05-12
Last Modified: 2012-06-27
I currently manage 2 domains in the same building. One is our main domain (lets call it A) and the second is our accounting domain (you guessed it we will call it B). I want to do away with the B domain and join everyone to the A domain. I will use the B domain controller as a secondary controller for the A domain in case we have issues with the primary. I assume the best way to do this is run dcpromo twice once to take the server out of domain B and again to add it as a secondary domain controller to domain A If there are other ways to do this that might be easier please let me know also if there are things I need to be aware of in this changeover let me know in advance. Thanks
Question by:lhuston
    LVL 31

    Expert Comment

    Are they in the same forest, or do you also have two forests?  You will want to migrate users, but the path for that may differ depending on single or multiple forest.

    LVL 2

    Accepted Solution

    If it is already a DC in one domain then it will need to run dcpromo to demote it, then unjoin the B domain, join the A domain, and dcpromo again to setup the secondary DC. It actually doesn't take as much time as it sounds like but trying to take shortcuts when dealing with a DC usually isn't a good idea. Not sure about the Server OS you have running on each of these but depending, there may be additional work needed in between to prepare the domain for the new server.

    Hope this helps, good luck.

    Author Comment

    they are both server 2003

    Author Comment

    two forests
    LVL 2

    Expert Comment

    Don't forget to migrate any roles, etc.
    LVL 31

    Assisted Solution

    I would like to point you to a couple of resources:

    Restructuring Active Directory Domains Between Forests

    ADMT Guide: Migrating and Restructuring Active Directory Domains

    The first link is an overview of concepts and best practices: what you need to know and what you will need to do.

    The second link is a guide to the ADMT (Active Directory Migration Tool).  This is the tool you will use to migrate your users from DomainB into DomainA.

    Your basic process will be:

    Establish a trust between Domains A and B
    Migrate Users, Computer, Etc. from Domain B to Domain A
    Demote and remove Domain B from existence
    Create secondary DC in Domain A

    The above guides will help more with the details involved in each step.

    LVL 13

    Expert Comment

    Hi, for the most seamless transition:
    1. point 1 dns entry on domain a DC's to point to domain b DC running DNS (this will allow users in domain a to find resources in domain b, while you are migrating everyone)
    2. point 1 dns entry on domain b DC's to point to domain a DC running DNS
    3. Setup transitive trust between domains
    4. use the ADMT tool to migrate users, groups, SIDS to the new domain, so the users will exist in old-domain and in new-domain(there is also a password export utility if you want to move users passwords from AD)
    5. assuming you have exchange you need to run the following EMC command to make a copy of existing mailboxes in your new domain's mail server Since it is moving the mailbox between domains it does not "move" the mailbox, it just makes a copy on the new exchange server(see attached code)
    $SourceCredential = Get-Credential  
    $TargetCredential = Get-Credential 
    $UsersCSV = Import-CSV -path "manage.csv"
    foreach ($Line in $UsersCSV) {move-mailbox -targetdatabase "mail\first storage group\mailbox database" -identity $Line.Username -globalcatalog -RetryInterval 00:00:10 -sourceforestglobalcatalog -sourceforestcredential $sourcecredential -confirm:$false  -targetforestcredential $targetcredential}

    Open in new window

    6. Migrate a test user (with mailbox) from old domain to new domain.
    7. Join test workstation from old domain to new domain, and log in as test user. Ensure email flow and access rights.
    8. If everything tests out OK just join computers to new domain, log users in to newly joined computer, restart, and copy all data in their old profile to their new profile (most likely names c:\users\%username%.olddomainname

    Good luck

    LVL 9

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now