To Migrate or not Migrate A tale of two networks

rand1964 used Ask the Experts™
I need some advice on how to proceed.

We current have a flat network that is at Windows 2008 Domain Level and sadly we are running an Exchange 2003 server.

We are building a new network in a new datacenter that will be all virtual, using VMware and Windows Server 2012 Datacenter and Exchange 2013 (there's more, but that's our core Active Directory stuff)

I need opinion on how to approach getting the users onto the new network and the best way to transition over.  I also want to ensure that my Active Directory is clean and free of any old artifacts and any potentially bad objects because we were hacked.

 I have these approaches considered:

1.  New network, new Domain controllers built from scratch up.  Name the domain controllers the same as the current network and export AD data and import it into the new Domain....will the existing workstations see the new domain controller as the same old one?

2.  Keep the existing Domain and Active directory structure, bring up new Domain Controllers on the new network as extra domain controllers and eventually transfer the Roles to the new virtual ones.

3.  Set up the new Domain Controllers with completely different names and Domain names and use some kind of "Trust" to move AD objects that we want over.

This is really driving me nuts...I don't have any experience in something like this.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
If your domain controllers were hacked then I'd build from scratch. That is the only safe route. Even if you keep the same names, it'll be a new domain though, so workstations will NOT connect to the new domain automatically. You will have to disjoin and then join the new domain. Plan accordingly.


So there's no way to slowly transition to the new network?  We thought we might be able to get the domain controllers setup and the email servers, have the existing workstations actually using the new Active directory, DNS, DHCP while we slowly move / migrate each remaining server over to the new virtual network?

Sounds like there is no way to do that?  Is the only way to setup the the new network from scratch and just "flip the switch" one weekend and everybody moves to the new network?
Top Expert 2012
What number of users are we talking about here
You may create New forest and create a Trust between existing and new forest then migrate the users and computer after having a action plan based upon the users

This is a difficult process to complete so if you are not fully confident please hire a consultant

You will be using ADMT for migration refer below link for more information


Can I clean Active Directory data by exporting it to a spreadsheet and deleting anything I don't want and be assured that it is clean and import it into a new Domain Controller...mostly talking Users and Computers????

Will this work?
Top Expert 2012
Once you are hacked you can not be assured that its clean unless you know how and what was hacked

Now, lets come to Import/export...Impor/Export will create the users but that too is to be done by LDIFDE

Refer below link

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial