Active Directory break away?

So, two sites with DNS and AD servers going away.
Main site remaining with own DNS and AD.
WAN communication is over s2s hw BOVPN firewall/routers.
Single forest, email server at main site.

The two sites going away, sold off, what would be the best way to remit control to new owners?

I say, copy emails to separate db and hand it over to new owners when ready.
Demote (dcpromo) servers ; ensuring AD health first.
no reason they should want to create a trust relationship between domains(forest).
Two separate companies not related.  

Anyone have other ideas/bullet points?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
The easiest approch would be the following...
- Export all mailboxes to PST for the new company
- Demote the DC's in the Sites
- Remove all of the client from the domain

You will not be able to give them rights over these servers unless you have a forest trust between the companies. This forest trust will need to remain.

If the ultimate outcome is that they are now sold off and no longer a part of the domain then doing what i have explained above would be the most suitable.

If this was an aquisition or merging then you could have used the ADMT with a forest trust merging the 2 domains. However this is not the case.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I recommend the following:

1.  Create a new domain and migrate users to the new domain (you could also migrate passwords but to keep it simple, keep the same password and configure it to change on first logon)
2.  Copy all files/data to a new server for them.  Use Robocopy to keep the security
3.  Configure Exchange to not accept email as of the closing date
4.  Export all mailboxes to PST and give it to the new owner
5.  Demote existing PDCs
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
In addition to above, you need trust relationship to copy users using ADMT but when completed, delete the trust.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

dee30Author Commented:
Oh yeah, didn't think about the user account/profiles. If I wanted to be 'kind' and ensure profiles aren't lost I guess the only is to establish a AD trust temp between domains and allow them ADMT to migrate, then remove trust and cleanup the old accounts when done, huh?

I use the term kind loosely... :)

Thank you.
dee30Author Commented:
Other questions, the ADMT is installed and used on source AD server right or does ADMT have to also be on the target(receiving) AD in order to complete the migration(ed) user accounts?  I think so if memory serves me right....
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Will SzymkowskiSenior Solution ArchitectCommented:
ADMT is installed on a memeber server in the Source Domain. You then move objects to a Trusting Domain that you have established. Personally, depending on how many objects you are actually moving you might be better off to remove machines from the domain and re-add them to the other new domain.

Just an FYI domain controllers that will be going to the new domain have to be DEMOTED. You cannot move a domain controller to another domian using the ADMT.

dee30Author Commented:
Will, thanks for the last note there... yes aware AD can't be moved with ADMT tool.  Profiles are best kept and in order to make the transition as easy as possible and work env fat client mission ciritical apps to remain as constant in their setup as possible; little tweaking.
dee30Author Commented:
Thank you for feedback and options.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.