Need to migrate an acquired Active Directory Domain into ours

After an Acquisition we now need to migrate the new Active directory domain into ours. We already have a data connectoin between the two offices but they are working completely independently with their own exchange email, active directory system, file sharing system, etc. The new office is running Domain function level 2003 and we are running domain function level 2008r2. I have already built a physical Windows 2008r2 server that I plan to drive up to the new office and install it as a DC that doubles as a file server. I know I will have to set all the workstations to log into our domain. I need all advice, scripts and ariticles that may assit me with this project. I know acquistions are fairly common these days and am hoping there are pre written scripts and procedures that may help me with this process. Exchange will have to be migrated over from their Exchange 2003 to our Exchange 2007, but that may be a question for the exchange section of EE. All advice on active directory migration is appreciated.
Who is Participating?
Rob StoneConnect With a Mentor Commented:
It's a tough one to answer in one attempt, I suspect you'll want to ask more questions as you go along but here are some thoughts to get you thinking.

There are some questions you'll need to answer as well to get the best responses from the EE community.
1)  Is there a trust relationship setup between the two domains?
2) Will the new company reside in the same forest on a temporary basis or is this being decommissioned?
3) How many client machines/servers do you need to migrate to your domain?
4) How many users do you need to migrate?
5) What are your timescales for implementing the project?
6) Are you doing a phased migration or a big bang approach?

I've been involved in one acquisition and there was no domain trust setup as the domain was managed by a 3rd party and the network security implications made this too difficult.

In our scenario, we had to create a new user account for each employee/service account/etc.

We used robocopy to migrate the data and subinacl to change the permissions from the old domain to the new domain (you can do this in notepad!), however, the File Server Migration Tool may be worth checking for your scenario.

All application servers were installed on fresh servers and new hardware so we had a clean slate.

Obviously, you need to do a due diligence first. I would start off by looking at:
Security Groups - DLG/GG/UG
Run scans on the file servers to check the permissions (hopefully it's not too much of a mess!)
OU's & GPO's
Certificate Authority - check if this is in place and what impact to systems this change will have.
Client OS levels - make sure you don't fall into any problems with aged OS's on a 2008R2 Forest/Domain Functional Level
Remote Access

Basically, you need to look at every Windows Role & Feature that is in place and plan what will happen when you change the domain (not all Roles & Features will be affected).

If you have the luxury of a few spare servers (or a fairly decent single server), setup a test lab and practice before you do the live migration.
Thor2923Author Commented:
I think we are talking about 20 users. I am hoping to bring over one or two for a few days and gradually add the rest. You are right, I will probably be on here every couple days with a new question or issue once I get started. I am not sure what you mean by "scans on the files servers" I know I need to be careful about permissions but did not know there were scans to make the job easier. There is only one file server and it is Windows 2000 which is no longer allowed to even exist on our domain, so I was just going to copy all the folders over to the DC/File Server I am driving up there and map the newly created users accordingly.
Rob StoneCommented:
Sorry, poor wording on my part.

I meant to run something like ICACLS on folders to get the permissions so you can map them to the new user id's.

DumpACL was helpful for me although it does take ages to run (especially remotely).

If you run it on the file server, it may be best to kick off the scan after work hours as I'm not sure how much extra CPU/disk load it will create.
Senior IT System EngineerIT ProfessionalCommented:
So what steps or approach that you end up with ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.