Migration without ADMT

Posted on 2012-08-16
Last Modified: 2012-09-04
Hi, there

I want to run this by everyone to see what I'm missing and what "gotchas" are lurking.

Scenario: We purchased a company with a variety of site locations and we're migrating a domain in one city (DomainCityNew) into our production domain (DomainProd), while keeping some of the original domain (DomainCityOld) intact.  They will be getting all new PC's.

Goal: I need to have the servers up and running, file server access, printing functions working and the users/groups moved to our domain.  Their existing domain controller can be demoted to a member server.

Caveat: I cannot use a trust between the two domains, and so I'm doing this manually instead of using ADMT.

From a high level perspective, I have:

Check replication
Transfer FSMO roles to DomainControllerA, which will remain at the DomainCityOld site.
(Network cutover)
Re-IP the servers that we are keeping
Join servers to DomainProd domain
Import AD accounts into DomainProd
Assign/Create group memberships in DomainProd

Question by:tljm
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    Hm, any tool to migrate domains requires at least one-way forest trust but the most simple and fast solution is when you are using two-way forest trust.

    Instead of ADMT you can buy Quest Migration Manager for Active Directory

    this is paid solution but much more convenient than ADMT

    In other case, you need to recreate users/groups manually in target domain and re-join all computers. I do not know any tool to do non-trusted domain migration


    Author Comment

    Thank you Krzysztof.

    I'm not looking for a tool - I'm just looking to make sure I've identified all the tasks necessary to pull this off.
    LVL 39

    Accepted Solution

    OK, then it looks OK. If you wish I may help you to create LDIFDE scripts to:
    - Export OU structure from other domains and import them into target domain
    - Export groups and users from other domains to target domain
    - Set them up logon scripts, home drives and new UPN suffix

    according to FSMO roles, you don't have to migrate them from other domains as your has all of them existing in target domain.

    And the last step is configuring new Subnets in Sites and Services.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    At least once a month I see a Question in one of the Windows Server related Zones asking about Best Practices for GPO Security.  I have been in IT for 20 years, and a Sys Ad for over 15.  I know this will sound cliché, but this is mostly a preferenc…
    I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now