Re: adding a new domain and removeing the old one?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

in w2k ad it is not possible to rename the domain name.

there are 2 possibilities though!
(1) demote the DC, promote the DC using a new domain name. everything
(users, groups, computers, permissions, access to resources) is lost

(2) create a new parallel forest/domain with the new name and migrate
everything (users, groups, computers, permissions, access to resources) from
the old domain to the new domain. For this to work both the DNS domain name
and the NetBIOS domain name must be different between old and new!

as you can see the best option is (2)!

Migration high level steps are:
* Make sure the AD has been configured (sites, subnets, replication, OUs,
GPOs, delegations, DNS, WINS, DHCP, etc.)
* Setup name resolution (WINS or DNS) between source and target
domain/forest
* Setup trusts (if an external trust is configured and sidhistory is used,
disable sid filtering)
* Install and configure migration tooling
* Migrate groups, user accounts with passwords and group memberships (with
sidhistory)
* Migrate clients from the source domain to the target domain, translate
security on the client, and translate profiles (at this moment users start
logging on with their new AD account on the migrated clients that have been
migrated previously to the w2k3 domain)
* Migrate mailboxes if needed
* Migrate servers to the new domain or migrate data to new servers
* Translate security (Re-ACL) of the data/resources from source security
principals to target security principals (replace the security descriptors
from the old domain with the security descriptors from the new domain )
* Cleanup temporary configurations
* Cleanup sidhistory (recommended!). sIDHistory is used to access resources
while those resources still have security descriptors from the old domain.
As soon as all data (file, folders, mailboxes, etc.) have been re-ACL-ed
sIDHistory can be cleaned. Sidhistory should only be used temporary for
migration purposes!
* Remove trusts
* Decommission old domain(s)


For more info on migrating to an AD domain also see:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/default.mspx

ADMTv3 has been out for a while, so be sure to use that version.
(http://www.microsoft.com/downloads/details.aspx?familyid=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en)

to migrate DHCP:
MS-KBQ325473_How to move a DHCP database from a computer that is running
Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer
that is running Windows Server 2003
MS-KBQ885687_You receive an error message when you try to move a DHCP
database by using Netsh.exe on Windows Server 2003

to migrate GPOs use GPMC scripts


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"banno" <banno@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E9AA438-9729-4774-B410-C1AD97191C41@xxxxxxxxxxxxxxxx
our company changed names so i want to change the name of our domain. i
have
windows 200o ad i bought 2 new servers that i want to build as dc and with
the companies new name then join then trust the domains and get rid of the
old 200 ad
can someone point me to some kb articles on how i should attack this

i also have remote users that never come in the office i would i change
there laptops to the new domain?


.

Relevant Pages

  • Re: root forest AD DC crashed
    ... it is another forest root domain. ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ...
    (microsoft.public.win2000.active_directory)
  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... user accounts with passwords and group memberships (with ... Translate security of the data/resources from source security ...
    (microsoft.public.windows.server.migration)
  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ...
    (microsoft.public.windows.server.migration)
  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ... while those resources still have security descriptors from the old domain. ...
    (microsoft.public.windows.server.migration)
  • RE: 2000 to 2003 migration to NEW domain
    ... To migrate SIDHistory manually: ... Create a new local group named "%sourcedomain%$$$" in the source domain. ... see Windows Server 2003 Help and Support. ... 326480 How to Use Active Directory Migration Tool Version 2 to Migrate from ...
    (microsoft.public.windows.server.migration)