Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Migrating from SBS 2008 to 2012 while recreating but not migrating AD

Posted on 2016-11-15
7
Medium Priority
?
61 Views
Last Modified: 2016-11-15
We are migrating from SBS 2008  to 2012 .We would like to keep everything but AD . Our AD tree has more debris than actual . We only have 35 users but hundreds of objects representing former employees and other objects which were added by former consultants and admins .
The idea seems to be to create a new AD and recreate the policies from scratch .Then in the end migrate the desktops to new Domain where there is no debris .
This is happening on the same physical network .
How do I this?
Can I do the following steps
Add the new server as a new Companyv2 domain controller with no computers added to it
Migrate all the other roles dns dhcp printers, data ,remote gateway services ..as is thensimply migrate desktops from old AD to new AD ?

Or am I asking for trouble because all these are linked ?
Alternatively is there a better way to migrate the existing AD and modify( clean it up on the new server )
I trying to avoid GIGO .
Thanks in advance
0
Comment
Question by:Andre P
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41887941
> Or am I asking for trouble because all these are linked

a kind of. basically because new AD will have a new SSID for EACH domain resource even it will share the SAME name and permissions, but existing resources and their permissions can't be recognised by the new AD. hence all resources need to be reconfigured one bye one. so it's no a simple re-do for the domain controllers only, actually the whole resources as well.
0
 

Author Comment

by:Andre P
ID: 41887959
So if I have an AD which is 80 percent garbage accumulated over years of turnover and failed system admins ,security policies that do not work well  . I am stuck with it for the sake of the 20% i want to keep ? There must be a tool that can migrate only the parts of AD (with SSID)
 I want to keep .
0
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 41887987
you need to clean up your AD before moving on. i believe you would be interested in below TechNet article from Microsoft, which covers both concepts and tools.

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

alternatively some third-party tools are also useful though they are not free such as AD Tidy.

http://www.cjwdev.co.uk/Software/ADTidy/Info.html
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:Andre P
ID: 41888010
This puts an entire new level of complexity on the project as I will be looking for which needles in a haystack I want to keep .
This will add a tremendous time extension on this project .
It would have been easier to just recreate the users and groups manually on the new server than doing it the other way .
I was maybe hoping that I could then match then modify the ssids of the users i am keeping to the ones on the old server ,
Can I copy the existing AD onto the new server then clean it up there? I dont want to start deleting objects on the production server .
I was hoping to setup the new AD on the New Server ..  Migrate the roles I need  Test with a desktop for functionality . and be done .
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888143
i don't understand why running tools to clean up AD could increase project complexity tremendously.
0
 

Author Comment

by:Andre P
ID: 41888374
I tried the tool but how does it now remove unnecessary groups ?
0
 
LVL 37

Expert Comment

by:bbao
ID: 41888442
> unnecessary groups?

do you mean user groups with no any user? or OUs with no any object?
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question