RE: Would like to "collapse" a trusted domain

Dear Customer,

Thank you for posting in newsgroup. And thanks to Danny for the
contribution.

According to the description, the issue seems to be related to Active
Directory migration. If I have any misunderstanding, please feel free to
let me know.

Firstly, I would like to confirm some information with you.

Need confirmed information:
==============================

What is the operation system of both source and target domain in the
company environment?

Base on the research, here is some information which may be helpful for you.

Answer and Suggestions:
========================

Question 1.

Is there any easy way to get their user accounts, and create them on our
domain ... there's about 500 user accounts that I don't want to create one
by one.

A: Yes. You may use ADMT to migrate these uses accounts from source domain
to target domain. Afterwards, you don't need to manually re-create these
accounts again. ADMT can perform object migrations and security
translation, so that users can maintain access to network resources after
the restructure process.

For more detailed information about ADMT, please refer to the following
Microsoft Knowledge Base according to the actual environment.

How to use Active Directory Migration Tool version 2 to migrate from
Windows 2000 to Windows Server 2003
http://support.microsoft.com/kb/326480

How to set up ADMT for Windows NT 4.0 to Windows 2000 migration
http://support.microsoft.com/kb/260871

How to configure the Active Directory Migration Tool to migrate user
passwords from a Windows NT 4.0 domain to a Windows Server 2003 domain
http://support.microsoft.com/kb/832221

ADMT v3 Migration Guide
http://www.microsoft.com/downloads/details.aspx?familyid=D99EF770-3BBB-4B9E-
A8BC-01E9F7EF7342&displaylang=en

Question 2.

Please review the below ... and if there's something I'm missing, please
state on the reply ...

These are the steps I plan to present to the execs:

Demote all stand alone servers from the "their" domain, and promote them to
the "our" domain. All major applications (e.g. SQL, etc) will need to be
re-associated by servername.ourdomain.

This portion is the longest part of a domain collapse: Creating user
accounts on "our" domain for all end users over at "their" domain.
Disconnecting their email account from "their" domain user accounts, then
reconnecting their current email account to their newly created account on
"our" domain. We will have to demote all of the computers from the "their"
domain, and then promote them to "our" domain. Once this is done, each user
over at "their" domain will need to begin to use their user accounts from
"our" domain to login on their computers. As they are successful with
their login attempts on "our" domain, we can disable and not delete their
accounts on "their" domain. We will then need to copy all of their local
files from "their" domain user profile over to the newly created "our"
domain profile on each of their local machines.

Once all of the steps above are complete, tested, and we are satisfied that
all users are logging into "our" domain, and that all of the "their"
applications and servers are working properly as a member of "our" domain,
only then can we demote the 3 domain controllers on "their" domain.

A: what Danny said is right. It is better for you to remove these member
servers from the source domain and then add them to the new target domain.

For about the migration of SQL server and Exchange server, we recommend you
initial a new post in that newsgroup in order to get the most qualified
pool of support deliver team members, and other partners who read the
newsgroups regularly can either share their knowledge or learn from your
interaction with us.

Exchange Newsgroup
Microsoft.public.exchange.

For access from the web interface, you will find this newsgroup here:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?guid
=eaa38207-a4e2-4de3-a876-dc62a344521c

SQL server Newsgroup
Microsoft.public.sqlserver.

For access from the web interface, you will find this newsgroup here:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?guid
=a352216b-d824-4699-9152-68c38540b1f5

Hope all the information will be helpful.

Thanks for your time.

David Shen
Microsoft Online Partner Support

.

Relevant Pages

  • RE: SBS 2003 migration blues
    ... Business Server 2003 (If you are in the middle of RC to RTM upgrade, ... Uninstall Microsoft SQL Server Desktop Engine. ... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: SBS 2003 migration blues ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 Fax Server - Outgoing Routing
    ... faxes for different accounts on SBS server. ... for each fax to enable separate access depend on different accounts. ... SBS 2003 will only add One Fax queue to manage all ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: ADMT
    ... I have done steps one "migrating seven user accounts" ... The new server can send/receive currently mails pointed ... No 'migration' is required for this, so I'm thinking your intent was ... All the clients were booted during this unprofessional ...
    (microsoft.public.windows.server.sbs)
  • RE: Replace old 2000 domain controler thats running Exchange 2003 with new 2003 box
    ... This newsgroup is mainly for migration issues on the operating system side. ... Run DCPROMO on the Win2K3 server to promote it to a DC. ... >has Windows Server 2003. ...
    (microsoft.public.windows.server.migration)
  • Re: Migrating NT 4.0 SBS Domain to Win2003 Std Ed. server and Active Domain
    ... > Win2000 file server and we need to upgrade to Win2003 Std. ... > I have looked at the Active Directory Migration Tool V2. ... > run the migration tool to move the accounts to the new domain. ... > experiment with trying to upgrade the SBS server to win2003 Std. ...
    (microsoft.public.win2000.active_directory)