Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Migrating from SBS 2008 to 2012 while recreating but not migrating AD

Posted on 2016-11-15
7
Medium Priority
?
58 Views
Last Modified: 2016-11-15
We are migrating from SBS 2008  to 2012 .We would like to keep everything but AD . Our AD tree has more debris than actual . We only have 35 users but hundreds of objects representing former employees and other objects which were added by former consultants and admins .
The idea seems to be to create a new AD and recreate the policies from scratch .Then in the end migrate the desktops to new Domain where there is no debris .
This is happening on the same physical network .
How do I this?
Can I do the following steps
Add the new server as a new Companyv2 domain controller with no computers added to it
Migrate all the other roles dns dhcp printers, data ,remote gateway services ..as is thensimply migrate desktops from old AD to new AD ?

Or am I asking for trouble because all these are linked ?
Alternatively is there a better way to migrate the existing AD and modify( clean it up on the new server )
I trying to avoid GIGO .
Thanks in advance
0
Comment
Question by:Andre P
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41887941
> Or am I asking for trouble because all these are linked

a kind of. basically because new AD will have a new SSID for EACH domain resource even it will share the SAME name and permissions, but existing resources and their permissions can't be recognised by the new AD. hence all resources need to be reconfigured one bye one. so it's no a simple re-do for the domain controllers only, actually the whole resources as well.
0
 

Author Comment

by:Andre P
ID: 41887959
So if I have an AD which is 80 percent garbage accumulated over years of turnover and failed system admins ,security policies that do not work well  . I am stuck with it for the sake of the 20% i want to keep ? There must be a tool that can migrate only the parts of AD (with SSID)
 I want to keep .
0
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 41887987
you need to clean up your AD before moving on. i believe you would be interested in below TechNet article from Microsoft, which covers both concepts and tools.

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

alternatively some third-party tools are also useful though they are not free such as AD Tidy.

http://www.cjwdev.co.uk/Software/ADTidy/Info.html
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Andre P
ID: 41888010
This puts an entire new level of complexity on the project as I will be looking for which needles in a haystack I want to keep .
This will add a tremendous time extension on this project .
It would have been easier to just recreate the users and groups manually on the new server than doing it the other way .
I was maybe hoping that I could then match then modify the ssids of the users i am keeping to the ones on the old server ,
Can I copy the existing AD onto the new server then clean it up there? I dont want to start deleting objects on the production server .
I was hoping to setup the new AD on the New Server ..  Migrate the roles I need  Test with a desktop for functionality . and be done .
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888143
i don't understand why running tools to clean up AD could increase project complexity tremendously.
0
 

Author Comment

by:Andre P
ID: 41888374
I tried the tool but how does it now remove unnecessary groups ?
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888442
> unnecessary groups?

do you mean user groups with no any user? or OUs with no any object?
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question