Solved

Need to migrate an acquired Active Directory Domain into ours

Posted on 2013-06-04
4
657 Views
Last Modified: 2015-02-05
After an Acquisition we now need to migrate the new Active directory domain into ours. We already have a data connectoin between the two offices but they are working completely independently with their own exchange email, active directory system, file sharing system, etc. The new office is running Domain function level 2003 and we are running domain function level 2008r2. I have already built a physical Windows 2008r2 server that I plan to drive up to the new office and install it as a DC that doubles as a file server. I know I will have to set all the workstations to log into our domain. I need all advice, scripts and ariticles that may assit me with this project. I know acquistions are fairly common these days and am hoping there are pre written scripts and procedures that may help me with this process. Exchange will have to be migrated over from their Exchange 2003 to our Exchange 2007, but that may be a question for the exchange section of EE. All advice on active directory migration is appreciated.
0
Comment
Question by:Thor2923
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39220169
It's a tough one to answer in one attempt, I suspect you'll want to ask more questions as you go along but here are some thoughts to get you thinking.

There are some questions you'll need to answer as well to get the best responses from the EE community.
1)  Is there a trust relationship setup between the two domains?
2) Will the new company reside in the same forest on a temporary basis or is this being decommissioned?
3) How many client machines/servers do you need to migrate to your domain?
4) How many users do you need to migrate?
5) What are your timescales for implementing the project?
6) Are you doing a phased migration or a big bang approach?

I've been involved in one acquisition and there was no domain trust setup as the domain was managed by a 3rd party and the network security implications made this too difficult.

In our scenario, we had to create a new user account for each employee/service account/etc.

We used robocopy to migrate the data and subinacl to change the permissions from the old domain to the new domain (you can do this in notepad!), however, the File Server Migration Tool may be worth checking for your scenario.

All application servers were installed on fresh servers and new hardware so we had a clean slate.

Obviously, you need to do a due diligence first. I would start off by looking at:
Security Groups - DLG/GG/UG
Run scans on the file servers to check the permissions (hopefully it's not too much of a mess!)
OU's & GPO's
Certificate Authority - check if this is in place and what impact to systems this change will have.
Client OS levels - make sure you don't fall into any problems with aged OS's on a 2008R2 Forest/Domain Functional Level
Remote Access

Basically, you need to look at every Windows Role & Feature that is in place and plan what will happen when you change the domain (not all Roles & Features will be affected).

If you have the luxury of a few spare servers (or a fairly decent single server), setup a test lab and practice before you do the live migration.
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39220287
I think we are talking about 20 users. I am hoping to bring over one or two for a few days and gradually add the rest. You are right, I will probably be on here every couple days with a new question or issue once I get started. I am not sure what you mean by "scans on the files servers" I know I need to be careful about permissions but did not know there were scans to make the job easier. There is only one file server and it is Windows 2000 which is no longer allowed to even exist on our domain, so I was just going to copy all the folders over to the DC/File Server I am driving up there and map the newly created users accordingly.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222095
Sorry, poor wording on my part.

I meant to run something like ICACLS on folders to get the permissions so you can map them to the new user id's.

DumpACL was helpful for me although it does take ages to run (especially remotely).

If you run it on the file server, it may be best to kick off the scan after work hours as I'm not sure how much extra CPU/disk load it will create.
0
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 40593009
So what steps or approach that you end up with ?
0

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now