Domain consolidation and decommission child domain in ActiveDirectory Windows Server 2003

  • Thread starter Thread starter Nino_1
  • Start date Start date
N

Nino_1

Hi,

We have a task to move object within a child domain and decommission
the domain when the task has been accomplished.

Currently there are 100+ computer objects within the child domain with
the user objects residing within the root domain where they will
stay.

Our objective is to move the computer objects to a child domain
residing on our west coast location from the east coast domain to be
decommissioned, we will also move the existing domain controllers
within the east coast child domain to the west coast leaving one root
domain controller at the site for directory services integration with
RADIUS server authentication.


After all this is done, we plan on renaming our domains (both child
domains) to another naming convention.

Does anyone have any experience with this type of domain
restructuring? All servers are running Windows Server 2003 with SP1
applied with Forest and Domain function levels running in full native
2003 mode.

Any comments or suggestions would help.

Thanks in advance

Nino
 
In
Nino_1 said:
Hi,

We have a task to move object within a child domain and decommission
the domain when the task has been accomplished.

Currently there are 100+ computer objects within the child domain with
the user objects residing within the root domain where they will
stay.

Our objective is to move the computer objects to a child domain
residing on our west coast location from the east coast domain to be
decommissioned, we will also move the existing domain controllers
within the east coast child domain to the west coast leaving one root
domain controller at the site for directory services integration with
RADIUS server authentication.


After all this is done, we plan on renaming our domains (both child
domains) to another naming convention.

Does anyone have any experience with this type of domain
restructuring? All servers are running Windows Server 2003 with SP1
applied with Forest and Domain function levels running in full native
2003 mode.

Any comments or suggestions would help.

Thanks in advance

Nino
Click to expand...

You can use ADMT to migrate users, groups and computer accounts from a
source domain to a target domain. You can opt to preserve SID History of
user objects in order for them to still access objects (printers, files,
Exchagne 2000/2003 mailbox, etc). If using Exchange, use ExMerge to migrate
mailboxes from the old to the new users you created.

You can use the domain rename tool to rename the domain. Could you opt to
create a separate child domain for the migrated users?

One thing I would highly recommend before doing ANY of the above, is upgrade
all DCs to SP2, as well as about 200 megs of updates and hotfixes, starting
with the one that holds the Domain Name Master role.

Is Exchange involved?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
Hi, I don't want to co-opt this thread, but I see that Nino has not
responded in some time.

I have a similar task to perform, but in this case there are no users
accounts in the child domain to move, only computer accounts.
So far, so good. This will be easy with ADMT. The intent is to do away with
e child domain completely and make the remote site, a site of the parent
domain instead of a subdomain.

The catch is that there is only one domain controller at the remote site.
This is also the DNS and DHCP server for the site.
This domain controller is for the child domain (two way trust to parent)

After the computers are moved out of the child domain into the parent, is
there a way to move the domain controller into the parent domain?
The intent is to avoid any down time for users.

All domain controllers are running 2003 R2, SP2
The domain is at 2003 functional level.

Is it possible to merge a parent and child domain?
Or is there a better way to accomplish this?

Thanks!
DP
 
In
Dana Mandell said:
Hi, I don't want to co-opt this thread, but I see that Nino has not
responded in some time.

I have a similar task to perform, but in this case there are no users
accounts in the child domain to move, only computer accounts.
So far, so good. This will be easy with ADMT. The intent is to do
away with e child domain completely and make the remote site, a site
of the parent domain instead of a subdomain.

The catch is that there is only one domain controller at the remote
site. This is also the DNS and DHCP server for the site.
This domain controller is for the child domain (two way trust to
parent)

After the computers are moved out of the child domain into the
parent, is there a way to move the domain controller into the parent
domain?
The intent is to avoid any down time for users.

All domain controllers are running 2003 R2, SP2
The domain is at 2003 functional level.

Is it possible to merge a parent and child domain?
Or is there a better way to accomplish this?

Thanks!
DP
Click to expand...

Hi Dana,

No, the DC must be demoted out of it's own domain and re-promoted into the
forest root domain. Can't get around this one. Besides, if all users are in
the corp domain, and this DC in the remote site belongs to a child domain,
they users will not be using it anyway. I can see if it is a GC, but that is
a minor issue while demoting and repromoting the machine. If no apps or it
is not being used for anything, you can go ahead and do it in an evening
right after production hours and be done in less than an hour, if no
problems are encountered. DHCP won't be affected. However DNS will, but that
totally depends on how the child domain zone is configured and which
replication scope it is in. If in DomainDnsZones or the Domain partition,
then you will lose the zone, but then again if this domain is no longer
being used, go ahead and just demote it and repromote it.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
Back
Top