Migrating from one Domain Controller to another Server 2012
-
Friday, December 07, 2012 3:38 PM
I am currently running a Windows Server 2008 R2 Domain Controller. I would like to switch over to a new DC using Windows Server 2012 on the same network and decommission the old DC. This seems pretty straight forward, but I would also like to change the name of the domain and keep all the user profiles.
The current domain controller is tied into ESXi, FreeNAS, and various other server applications.
The goal is to have it so that user1.domain1.local has the same profile when switched to the second domain user1.domain2.local. I would need to manually configure ESXi and some other dependent servers. I would also like to migrate over group policy.
The reason I dont want to migrate the current domain and all of active directory is mostly because of botched installs of Exchange, Lync server, and some other half finished projects that have altered active directory. So I would like to pick and choose what is migrated over.
Is that I am trying to accomplish possible?
All Replies
-
Friday, December 07, 2012 6:03 PM
If you really want a fresh start you will need to migrate to an entirely new Active Directory Forest and not just a new Domain. Generally speaking, you will need to do the following:
1. Build a new Server 2012 machine, and DC Promo it creating a new Active Directory forest (domain2.local).
2. Establish a trust relationship between your existing forest (domain1.local) and the new forest (domain2.local).
3. Design your new forest appropriately (use Group Policy Management console to backup your existing GPOs, and you can then restore them in the new forest).
4. Migrate resources (servers, etc.) into the domain2.local domain.
5. Use the AD Migration Tool or another tool to migrate user accounts and profiles.
6. Remove the trust and decommission your old domain after all resources and users have been migrated.- Edited by Neil Frick Friday, December 07, 2012 6:08 PM
-
Friday, December 07, 2012 7:09 PM
Hi,
If you want to change the name of the domain and keep all the user profiles then the option is cross forest migration. Create new domain (domain2) in a new forest and then use ADMT migration tool to perform migration. However, to operate successfully, it requires the trust relation between the source and target.
Active Directory migration high level steps:
http://portal.sivarajan.com/2010/02/active-directory-migration-high-level.htmlADMT Guide: Migrating and Restructuring Active Directory Domains
http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspxActive Directory Migration Tool (ADMT) Guide: Migrating and Restructuring Active Directory Domains
http://www.microsoft.com/en-us/download/details.aspx?id=19188Best regards,
Abhijit Waikar.
MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
Blog: http://abhijitw.wordpress.com
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.- Proposed As Answer by VenkatSP Saturday, December 08, 2012 2:04 AM
-
Saturday, December 08, 2012 1:55 AM If you want to change domain then you need to install new domain and do migration with ADMT as Abhijit suggested.If you want to migrate user/computers from one domain to new domain using ADMT tool you need to create trust relationship between two domain.
You need to understand working ofof ADMT efore you actually taken on migration production env.Also, its much better if you can simulate in a lab environment for successful result.http://portal.sivarajan.com/2010/06/admt-32-migration-guide.html
MIGRATING STUFF WITH ADMTV3
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspxADMT Series
http://blog.thesysadmins.co.uk/category/admt
ADMT doesn’t have an Exchange/mailbox migration option.If you are not planning to use a third party migration tool like Quest or NetIQ, your only option is to export the mailbox (exmerge) and import them.For better assistance related to exchange refer exchange forum:http://social.technet.microsoft.com/Forums/en-us/category/exchangeserverAlso you need to test any application(inhouse/external) is compatiable with Win2012 server before you proceed.
Install Active Directory Domain Services(Win2012)
http://technet.microsoft.com/en-us/library/hh472162.aspx
http://technet.microsoft.com/en-us/library/jj574166.aspxHope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Proposed As Answer by VenkatSP Saturday, December 08, 2012 2:04 AM
-
Saturday, December 08, 2012 2:07 AMI agree with Abhijith and Sandesh and I would suggest you to follow the links they gave. Those links are very informative and useful. Please let us know if you need any more help in this scenario.
-
Saturday, December 08, 2012 3:31 AM
Then a pristine migration with a migration tool is the best option.
Keep in mind that ADMT can migrate only AD objects. It can’t migrate any mailboxes.
Santhosh Sivarajan | Houston, TX
Windows 2012 Book - Migrating from 2008 to Windows Server 2012
http://www.sivarajan.com/
This posting is provided AS IS with no warranties,and confers no rights. -
Sunday, December 09, 2012 2:34 AM
I appreciate everyone's help on this one and this has really steered me in the proper direction. I am in the process of creating a trust and backing up the current GPO. There are two different types of trust (transitive and non-transitive). I created a non-transitive trust between domain1.local and domain2.local with a realm trust type.
I read that DNS is also important. I added the DNS service to the Server 2012 DC. When trying to create a DNS entry for server1.domain2.local on server2 I am getting server1.domain1.domain2.local. I know this is a side issue, but maybe it might be a reason why the trusts dont seem to do anything.
Maybe I am missing a step. Do I need to promote domain2.local?
Thank you for the guidance on using ADMT. I will keep hacking at it and let you know what happens.
-
Sunday, December 09, 2012 3:26 PM
>>> When trying to create a DNS entry for server1.domain2.local on server2 I am getting server1.domain1.domain2.local
You can't create a record like that. It will append the Zone suffix. You need to transfer the zones from Domain1. You can use Secondary, Conditional, Stub etc types zone.
http://technet.microsoft.com/en-us/library/cc771898.aspx
Santhosh Sivarajan | Houston, TX
Windows 2012 Book - Migrating from 2008 to Windows Server 2012
http://www.sivarajan.com/
This posting is provided AS IS with no warranties,and confers no rights.- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, December 18, 2012 1:33 AM
-
Sunday, December 09, 2012 3:51 PM
I am currently running a Windows Server 2008 R2 Domain Controller. I would like to switch over to a new DC using Windows Server 2012 on the same network and decommission the old DC. This seems pretty straight forward, but I would also like to change the name of the domain and keep all the user profiles.
The current domain controller is tied into ESXi, FreeNAS, and various other server applications.
Please note that domain rename operation is not supported in Microsoft Exchange Server 2007 or Exchange Server 2010. DNS domain rename is supported in Exchange Server 2003. However, renaming of the NetBIOS domain name is not supported in any version of Exchange Server. Other non-Microsoft applications might also not support domain rename.
Reference: http://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx
So, before starting by renaming, you have to check that this is fully supported by your applications.
Another way is to re-create the domain in a new forest from scratch, migrate your AD objects to it and your applications and servers. AD objects can be migrated using ADMT: http://www.microsoft.com/fr-fr/download/details.aspx?id=19188
Note that this is not an easy task and you have to try it (Domain renaming or migration) in a test environment before proceeding.
The goal is to have it so that user1.domain1.local has the same profile when switched to the second domain user1.domain2.local. I would need to manually configure ESXi and some other dependent servers. I would also like to migrate over group policy.
If you are planning to do a migration then you can simply use ADMT Profile translation.
If you are planning to do a domain rename then the profiles will rename the same as SIDs will not be updated.
The reason I dont want to migrate the current domain and all of active directory is mostly because of botched installs of Exchange, Lync server, and some other half finished projects that have altered active directory. So I would like to pick and choose what is migrated over.
If you have ongoing projects, you will need to see the dependencies before proceeding by any renaming or migration.
For Exchange cross-forest migration, you can refer to that:
I read that DNS is also important. I added the DNS service to the Server 2012 DC. When trying to create a DNS entry for server1.domain2.local on server2 I am getting server1.domain1.domain2.local. I know this is a side issue, but maybe it might be a reason why the trusts dont seem to do anything.
Maybe I am missing a step. Do I need to promote domain2.local?
Sorry but how you were able to create a trust if you have not yet created the new domain?
Since it seems that you are trying to use ADMT to migrate to a new AD domain in a new forest then you can simply:
- Create a forest trust between the two forests (It should be fine since there is no security constraints)
- Use conditional forwarders or Secondary DNS zones on DNS servers of each domain so that it can do the DNS resolution for the other domain
- Add an ADMT server and start planning your migration
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, December 18, 2012 1:33 AM
-
Monday, December 10, 2012 3:44 AM
I appreciate everyone's help on this one and this has really steered me in the proper direction. I am in the process of creating a trust and backing up the current GPO. There are two different types of trust (transitive and non-transitive). I created a non-transitive trust between domain1.local and domain2.local with a realm trust type.
I read that DNS is also important. I added the DNS service to the Server 2012 DC. When trying to create a DNS entry for server1.domain2.local on server2 I am getting server1.domain1.domain2.local. I know this is a side issue, but maybe it might be a reason why the trusts dont seem to do anything.
Maybe I am missing a step. Do I need to promote domain2.local?
Thank you for the guidance on using ADMT. I will keep hacking at it and let you know what happens.
Hi,
There are 3 ways you can establish DNS recognition of each other(forest).To create the trust you have to prepare DNS to resolve the other domain name properly.Use conditional forwarder or secondary or stub zone. http://www.windowsnetworking.com/art...tub_Zones.html
DNS and NetBIOS Name Resolution to Create External, Realm and Forest Trusts
http://technet.microsoft.com/en-us/library/ee307976(v=ws.10).aspxHow to configure a firewall for domains and trusts
http://support.microsoft.com/kb/179442How to create a cross-forest trust in Active Directory
http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-DirectoryChecklist: Creating a forest trust
http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspxHope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Edited by Sandesh DubeyMicrosoft Community Contributor Monday, December 10, 2012 3:44 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, December 18, 2012 1:33 AM
-
Wednesday, December 12, 2012 5:01 AMModerator
Hi,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
Arthur Li
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Arthur Li
TechNet Community Support
.png)
