Solved

Migrating from SBS 2008 to 2012 while recreating but not migrating AD

Posted on 2016-11-15
7
50 Views
Last Modified: 2016-11-15
We are migrating from SBS 2008  to 2012 .We would like to keep everything but AD . Our AD tree has more debris than actual . We only have 35 users but hundreds of objects representing former employees and other objects which were added by former consultants and admins .
The idea seems to be to create a new AD and recreate the policies from scratch .Then in the end migrate the desktops to new Domain where there is no debris .
This is happening on the same physical network .
How do I this?
Can I do the following steps
Add the new server as a new Companyv2 domain controller with no computers added to it
Migrate all the other roles dns dhcp printers, data ,remote gateway services ..as is thensimply migrate desktops from old AD to new AD ?

Or am I asking for trouble because all these are linked ?
Alternatively is there a better way to migrate the existing AD and modify( clean it up on the new server )
I trying to avoid GIGO .
Thanks in advance
0
Comment
Question by:Andre P
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41887941
> Or am I asking for trouble because all these are linked

a kind of. basically because new AD will have a new SSID for EACH domain resource even it will share the SAME name and permissions, but existing resources and their permissions can't be recognised by the new AD. hence all resources need to be reconfigured one bye one. so it's no a simple re-do for the domain controllers only, actually the whole resources as well.
0
 

Author Comment

by:Andre P
ID: 41887959
So if I have an AD which is 80 percent garbage accumulated over years of turnover and failed system admins ,security policies that do not work well  . I am stuck with it for the sake of the 20% i want to keep ? There must be a tool that can migrate only the parts of AD (with SSID)
 I want to keep .
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 41887987
you need to clean up your AD before moving on. i believe you would be interested in below TechNet article from Microsoft, which covers both concepts and tools.

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

alternatively some third-party tools are also useful though they are not free such as AD Tidy.

http://www.cjwdev.co.uk/Software/ADTidy/Info.html
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Andre P
ID: 41888010
This puts an entire new level of complexity on the project as I will be looking for which needles in a haystack I want to keep .
This will add a tremendous time extension on this project .
It would have been easier to just recreate the users and groups manually on the new server than doing it the other way .
I was maybe hoping that I could then match then modify the ssids of the users i am keeping to the ones on the old server ,
Can I copy the existing AD onto the new server then clean it up there? I dont want to start deleting objects on the production server .
I was hoping to setup the new AD on the New Server ..  Migrate the roles I need  Test with a desktop for functionality . and be done .
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888143
i don't understand why running tools to clean up AD could increase project complexity tremendously.
0
 

Author Comment

by:Andre P
ID: 41888374
I tried the tool but how does it now remove unnecessary groups ?
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888442
> unnecessary groups?

do you mean user groups with no any user? or OUs with no any object?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question