Solved

Need to migrate an acquired Active Directory Domain into ours

Posted on 2013-06-04
4
682 Views
Last Modified: 2015-02-05
After an Acquisition we now need to migrate the new Active directory domain into ours. We already have a data connectoin between the two offices but they are working completely independently with their own exchange email, active directory system, file sharing system, etc. The new office is running Domain function level 2003 and we are running domain function level 2008r2. I have already built a physical Windows 2008r2 server that I plan to drive up to the new office and install it as a DC that doubles as a file server. I know I will have to set all the workstations to log into our domain. I need all advice, scripts and ariticles that may assit me with this project. I know acquistions are fairly common these days and am hoping there are pre written scripts and procedures that may help me with this process. Exchange will have to be migrated over from their Exchange 2003 to our Exchange 2007, but that may be a question for the exchange section of EE. All advice on active directory migration is appreciated.
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39220169
It's a tough one to answer in one attempt, I suspect you'll want to ask more questions as you go along but here are some thoughts to get you thinking.

There are some questions you'll need to answer as well to get the best responses from the EE community.
1)  Is there a trust relationship setup between the two domains?
2) Will the new company reside in the same forest on a temporary basis or is this being decommissioned?
3) How many client machines/servers do you need to migrate to your domain?
4) How many users do you need to migrate?
5) What are your timescales for implementing the project?
6) Are you doing a phased migration or a big bang approach?

I've been involved in one acquisition and there was no domain trust setup as the domain was managed by a 3rd party and the network security implications made this too difficult.

In our scenario, we had to create a new user account for each employee/service account/etc.

We used robocopy to migrate the data and subinacl to change the permissions from the old domain to the new domain (you can do this in notepad!), however, the File Server Migration Tool may be worth checking for your scenario.

All application servers were installed on fresh servers and new hardware so we had a clean slate.

Obviously, you need to do a due diligence first. I would start off by looking at:
Security Groups - DLG/GG/UG
Run scans on the file servers to check the permissions (hopefully it's not too much of a mess!)
OU's & GPO's
Certificate Authority - check if this is in place and what impact to systems this change will have.
Client OS levels - make sure you don't fall into any problems with aged OS's on a 2008R2 Forest/Domain Functional Level
Remote Access

Basically, you need to look at every Windows Role & Feature that is in place and plan what will happen when you change the domain (not all Roles & Features will be affected).

If you have the luxury of a few spare servers (or a fairly decent single server), setup a test lab and practice before you do the live migration.
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39220287
I think we are talking about 20 users. I am hoping to bring over one or two for a few days and gradually add the rest. You are right, I will probably be on here every couple days with a new question or issue once I get started. I am not sure what you mean by "scans on the files servers" I know I need to be careful about permissions but did not know there were scans to make the job easier. There is only one file server and it is Windows 2000 which is no longer allowed to even exist on our domain, so I was just going to copy all the folders over to the DC/File Server I am driving up there and map the newly created users accordingly.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222095
Sorry, poor wording on my part.

I meant to run something like ICACLS on folders to get the permissions so you can map them to the new user id's.

DumpACL was helpful for me although it does take ages to run (especially remotely).

If you run it on the file server, it may be best to kick off the scan after work hours as I'm not sure how much extra CPU/disk load it will create.
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 40593009
So what steps or approach that you end up with ?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question