Solved

Need to migrate an acquired Active Directory Domain into ours

Posted on 2013-06-04
4
678 Views
Last Modified: 2015-02-05
After an Acquisition we now need to migrate the new Active directory domain into ours. We already have a data connectoin between the two offices but they are working completely independently with their own exchange email, active directory system, file sharing system, etc. The new office is running Domain function level 2003 and we are running domain function level 2008r2. I have already built a physical Windows 2008r2 server that I plan to drive up to the new office and install it as a DC that doubles as a file server. I know I will have to set all the workstations to log into our domain. I need all advice, scripts and ariticles that may assit me with this project. I know acquistions are fairly common these days and am hoping there are pre written scripts and procedures that may help me with this process. Exchange will have to be migrated over from their Exchange 2003 to our Exchange 2007, but that may be a question for the exchange section of EE. All advice on active directory migration is appreciated.
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39220169
It's a tough one to answer in one attempt, I suspect you'll want to ask more questions as you go along but here are some thoughts to get you thinking.

There are some questions you'll need to answer as well to get the best responses from the EE community.
1)  Is there a trust relationship setup between the two domains?
2) Will the new company reside in the same forest on a temporary basis or is this being decommissioned?
3) How many client machines/servers do you need to migrate to your domain?
4) How many users do you need to migrate?
5) What are your timescales for implementing the project?
6) Are you doing a phased migration or a big bang approach?

I've been involved in one acquisition and there was no domain trust setup as the domain was managed by a 3rd party and the network security implications made this too difficult.

In our scenario, we had to create a new user account for each employee/service account/etc.

We used robocopy to migrate the data and subinacl to change the permissions from the old domain to the new domain (you can do this in notepad!), however, the File Server Migration Tool may be worth checking for your scenario.

All application servers were installed on fresh servers and new hardware so we had a clean slate.

Obviously, you need to do a due diligence first. I would start off by looking at:
Security Groups - DLG/GG/UG
Run scans on the file servers to check the permissions (hopefully it's not too much of a mess!)
OU's & GPO's
Certificate Authority - check if this is in place and what impact to systems this change will have.
Client OS levels - make sure you don't fall into any problems with aged OS's on a 2008R2 Forest/Domain Functional Level
Remote Access

Basically, you need to look at every Windows Role & Feature that is in place and plan what will happen when you change the domain (not all Roles & Features will be affected).

If you have the luxury of a few spare servers (or a fairly decent single server), setup a test lab and practice before you do the live migration.
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39220287
I think we are talking about 20 users. I am hoping to bring over one or two for a few days and gradually add the rest. You are right, I will probably be on here every couple days with a new question or issue once I get started. I am not sure what you mean by "scans on the files servers" I know I need to be careful about permissions but did not know there were scans to make the job easier. There is only one file server and it is Windows 2000 which is no longer allowed to even exist on our domain, so I was just going to copy all the folders over to the DC/File Server I am driving up there and map the newly created users accordingly.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222095
Sorry, poor wording on my part.

I meant to run something like ICACLS on folders to get the permissions so you can map them to the new user id's.

DumpACL was helpful for me although it does take ages to run (especially remotely).

If you run it on the file server, it may be best to kick off the scan after work hours as I'm not sure how much extra CPU/disk load it will create.
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 40593009
So what steps or approach that you end up with ?
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question