Changing Domain

Posted on 2011-05-12
Medium Priority
Last Modified: 2012-06-27
I currently manage 2 domains in the same building. One is our main domain (lets call it A) and the second is our accounting domain (you guessed it we will call it B). I want to do away with the B domain and join everyone to the A domain. I will use the B domain controller as a secondary controller for the A domain in case we have issues with the primary. I assume the best way to do this is run dcpromo twice once to take the server out of domain B and again to add it as a secondary domain controller to domain A If there are other ways to do this that might be easier please let me know also if there are things I need to be aware of in this changeover let me know in advance. Thanks
Question by:lhuston
  • 2
  • 2
  • 2
  • +2
LVL 31

Expert Comment

by:Justin Owens
ID: 35749064
Are they in the same forest, or do you also have two forests?  You will want to migrate users, but the path for that may differ depending on single or multiple forest.


Accepted Solution

SE-Pneumatic earned 1000 total points
ID: 35749067
If it is already a DC in one domain then it will need to run dcpromo to demote it, then unjoin the B domain, join the A domain, and dcpromo again to setup the secondary DC. It actually doesn't take as much time as it sounds like but trying to take shortcuts when dealing with a DC usually isn't a good idea. Not sure about the Server OS you have running on each of these but depending, there may be additional work needed in between to prepare the domain for the new server.

Hope this helps, good luck.

Author Comment

ID: 35749123
they are both server 2003
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 35749174
two forests

Expert Comment

ID: 35749198
Don't forget to migrate any roles, etc.
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 1000 total points
ID: 35749375
I would like to point you to a couple of resources:

Restructuring Active Directory Domains Between Forests

ADMT Guide: Migrating and Restructuring Active Directory Domains

The first link is an overview of concepts and best practices: what you need to know and what you will need to do.

The second link is a guide to the ADMT (Active Directory Migration Tool).  This is the tool you will use to migrate your users from DomainB into DomainA.

Your basic process will be:

Establish a trust between Domains A and B
Migrate Users, Computer, Etc. from Domain B to Domain A
Demote and remove Domain B from existence
Create secondary DC in Domain A

The above guides will help more with the details involved in each step.

LVL 13

Expert Comment

ID: 35749509
Hi, for the most seamless transition:
1. point 1 dns entry on domain a DC's to point to domain b DC running DNS (this will allow users in domain a to find resources in domain b, while you are migrating everyone)
2. point 1 dns entry on domain b DC's to point to domain a DC running DNS
3. Setup transitive trust between domains
4. use the ADMT tool to migrate users, groups, SIDS to the new domain, so the users will exist in old-domain and in new-domain(there is also a password export utility if you want to move users passwords from AD)
5. assuming you have exchange you need to run the following EMC command to make a copy of existing mailboxes in your new domain's mail server Since it is moving the mailbox between domains it does not "move" the mailbox, it just makes a copy on the new exchange server(see attached code)
$SourceCredential = Get-Credential  
$TargetCredential = Get-Credential 
$UsersCSV = Import-CSV -path "manage.csv"
foreach ($Line in $UsersCSV) {move-mailbox -targetdatabase "mail\first storage group\mailbox database" -identity $Line.Username -globalcatalog dc2.newdomain.com -RetryInterval 00:00:10 -sourceforestglobalcatalog sms-dc2n.olddomain.com -sourceforestcredential $sourcecredential -confirm:$false  -targetforestcredential $targetcredential}

Open in new window

6. Migrate a test user (with mailbox) from old domain to new domain.
7. Join test workstation from old domain to new domain, and log in as test user. Ensure email flow and access rights.
8. If everything tests out OK just join computers to new domain, log users in to newly joined computer, restart, and copy all data in their old profile to their new profile (most likely names c:\users\%username%.olddomainname

Good luck


Expert Comment

ID: 35753022

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question