Solved

Migrating from one domain to another in the same forest

Posted on 2014-01-30
3
845 Views
Last Modified: 2014-06-11
We currently have a single forest and a single domain this has been upgraded from NT to 2003 to 2008 Active Directory over the last 10 - 15 years.

I have been tasked with redesigning our Active Directory and Group Policies with an aim to make it more efficient and manageable.  However most of the contents has not be documented as to what it does and those that new have either forgotten or have left (just the start of my headache).  

As you can imagine it is like playing a big game of Jenga any little change to an account or group policy could potentially bring it all down.

What I wanted to do was create a brand new domain in the same forest and then rebuild all the machines and servers over time joining them to the new domain.  I would also be recreating groups and user accounts in the new domain.  While doing this I would want both domains to be able to see each other so will need a trust in place.

Can anyone see  any major issue in doing this, I have spoken to a number of individuals and they and suggested never ever doing this but I can not understand why?
0
Comment
Question by:WNottsC
3 Comments
 
LVL 4

Expert Comment

by:michaelalphi
ID: 39820511
Yes, you will have to create a new domain in your existing forest.
And usage of AD migration tool (ADMT V3) could be a suitable choice to facilitate migration and restructuring task in an active directory infrastructure.
Meanwhile, you can also check this helpful link for migration between the different domain.
0
 

Author Comment

by:WNottsC
ID: 39823417
thank you for this I had already researched the topic and found a number of tools.  My question is really around being told by a number of people in no uncertain terms it is the worst thing we could be thinking of doing.  

What are the advantages to doing this and what could the disastrous consequences be if we did?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39828150
1st of all, reason provided by you for having separate domain is not valid to have separate domain.
Companies are trying to minimize AD domain footprints as much as possible when they have multiple domains within single company.
In below scenarios you may find separate AD domains:
Company mergers \ acquisitions
new implementations
Legal reasons \ political interests
From manageability and simplicity, single domain single forest is one of the best model which I think you already have.
Also if you have MS Exchange, then its getting more complicated.

Its much easier for you to setup new domain in a forest (within 5 Minutes), but migration is not easy game.
Its not only limited to users and computers, but it will affect your application servers, infra servers and so on. When things came to applications, the scenario becomes complicated
You need to modify applications configurations, also need to maintain co-existence scenarios and so on.
Also this involves computer migration which is also not painless activity.
There are lot of prerequisites you need to take care before starting migration project.
For gaining IT experience towards migration, this is good project.

But From management point of view this is never painless activity

I think you could streamline your existing active directory by hiring some directory specialist \ consultant, its not a big deal.
there is TechNet documentation available about AD best practises.

For migration initiative also you would require directory specialist, but you would also require application specialists, network specialists

In short I don't see any good reason for creating new domain and migration

Mahesh
0

Join & Write a Comment

Suggested Solutions

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now