Re: Would like to "collapse" a trusted domain

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Danny Sanders" <DSanders@xxxxxxxxxxxxxxx>
Date: Fri, 2 May 2008 14:42:52 -0600

. Demote all stand alone servers from the "their" domain, and promote
them
to the "our" domain. All major applications (e.g. SQL, etc) will need
to
be
re-associated by servername.ourdomain.

Just remove them from the current domain and add them to the new domain.

. This portion is the longest part of a domain collapse: Creating user
accounts on "our" domain for all end users over at "their" domain.
Disconnecting their email account from "their" domain user accounts,
then
reconnecting their current email account to their newly created account
on
"our" domain. We will have to demote all of the computers from the
"their"
domain, and then promote them to "our" domain. Once this is done, each
user
over at "their" domain will need to begin to use their user accounts
from
"our" domain to login on their computers. As they are successful with
their
login attempts on "our" domain, we can disable and not delete their
accounts
on "their" domain. We will then need to copy all of their local files
from
"their" domain user profile over to the newly created "our" domain
profile
on
each of their local machines.

Use ADMT and you will not have to create the users in your domain. ADMT will
migrate the users to your domain.
See:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d99ef770-3bbb-4b9e-a8bc-01e9f7ef7342&DisplayLang=en

. Once all of the steps above are complete, tested, and we are
satisfied
that all users are logging into "our" domain, and that all of the
"their"
applications and servers are working properly as a member of "our"
domain,
only then can we demote the 3 domain controllers on "their" domain.

Correct.

The ADMT user guide will help you plan this.

hth
DDS

"Francisco" <Francisco@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:09917ECC-6148-4E9F-A6EB-DC977F65B9C3@xxxxxxxxxxxxxxxx

Thanks for the reply Danny ... what about the steps that i want to present
to
the execs ... am I missing anything there that I should note?

"Danny Sanders" wrote:

Look into ADMT it was made to do what you need.

hth
DDS

"Francisco" <Francisco@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7EE25CB3-7F21-40C0-BD38-D4A5D968D99E@xxxxxxxxxxxxxxxx

Hello,
Due to acquisitions we would like to bring over the user accounts from
the
merged companies' domain, over to our domain ... we already have a
domain
trust and are able to attach to their DCs, etc ... I have 2 questions:

1st question.) Is there any easy way to get their user accounts, and
create
them on our domain ... there's about 500 user accounts that I don't
want
to
create one by one.

2nd question.) Please review the below ... and if there's something I'm
missing, please state on the reply ...

These are the steps I plan to present to the execs:
. Demote all stand alone servers from the "their" domain, and promote
them
to the "our" domain. All major applications (e.g. SQL, etc) will need
to
be
re-associated by servername.ourdomain.
. This portion is the longest part of a domain collapse: Creating user
accounts on "our" domain for all end users over at "their" domain.
Disconnecting their email account from "their" domain user accounts,
then
reconnecting their current email account to their newly created account
on
"our" domain. We will have to demote all of the computers from the
"their"
domain, and then promote them to "our" domain. Once this is done, each
user
over at "their" domain will need to begin to use their user accounts
from
"our" domain to login on their computers. As they are successful with
their
login attempts on "our" domain, we can disable and not delete their
accounts
on "their" domain. We will then need to copy all of their local files
from
"their" domain user profile over to the newly created "our" domain
profile
on
each of their local machines.
. Once all of the steps above are complete, tested, and we are
satisfied
that all users are logging into "our" domain, and that all of the
"their"
applications and servers are working properly as a member of "our"
domain,
only then can we demote the 3 domain controllers on "their" domain.

Thanks,
Frank

References:
- Would like to "collapse" a trusted domain
  - From: Francisco
- Re: Would like to "collapse" a trusted domain
  - From: Danny Sanders
- Re: Would like to "collapse" a trusted domain
  - From: Francisco

Prev by Date: Re: Would like to "collapse" a trusted domain
Next by Date: Using ADMT to migrate
Previous by thread: Re: Would like to "collapse" a trusted domain
Next by thread: RE: Would like to "collapse" a trusted domain
Index(es):
- Date
- Thread

Relevant Pages

Re: adding new Domain Controller and removing old DC.
... I losely used the word promottions because DCPromo is used whether ... roles but not demote this DC before i disconnected it. ... GPO may not lock out accounts but it gives instructions to lock out ... Microsoft Certified Trainer ...
(microsoft.public.windows.server.networking)
Re: Demoting
... I would like to demote a an old PDC (We brought in a new Server) without disturbing a SQL accounting app. ... > DC from the domain not user accounts, ... You should not clone a live DC ...
(microsoft.public.win2000.active_directory)
Re: demote a domain controller
... have access to the local user accounts to reset the administrator ... a domain admin account to access the box after you demote it. ... reset the local admin, then you can demote and remove your temporary DC. ...
(microsoft.public.win2000.active_directory)
Error / event 16650
... I recently had to try and recover the first DC on my network. ... I am unable to create any user accounts on this machine, ... The text suggest to demote and repromote the dc. ...
(microsoft.public.win2000.active_directory)