How to Move DC to New Forest/Domain

[Diane]

A client is divesting from their parent company. They
have an onsite DC that is part of the parent
forest/domain. We need to move the DC to a new
forest/domain. Are there tools available to facilitate
this type of move? I have searched the KB and others but
have not found specific tool references that seem helpful.
Also would appreciate insight re: AD. The current AD
represents the entire parent structure of which the
client objects are a small part. Can we extract pieces
of the AD? We are considering creating a new AD just to
start clean, however, we may reconsider if the data we
would lose is too great or if we would totally destroy
permissions etc. Your help, insight and suggestions are
most welcome.

Diane

 

[Tim Hines [MSFT]]

Are you trying to move a DC or are you trying to remove the domain from the
forest? To move a DC to a new domain you will need to demote it and then
promote it as a DC in the new domain. You cannot move a domain from one
forest to another, you would need to rebuild it. I'm not sure what you mean
by extract pieces of AD. If you mean that you want to migrate user accounts
and computer accounts to a new domain then you could use the Active
Directory Migration Tool (ADMT). For more info about ADMT see
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/admt.asp

There are additional migration tools and resources at
http://www.microsoft.com/technet/tr.../windows2000serv/deploy/cookbook/cookchp4.asp

If you have additional questions or more specific info to provide please
post it.
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Diane]

Tim,

We are trying to remove the win2k DC from its current
forest (the parent company) to a forest established for
the new unaffiliated entity. It sounds like we need to
rebuild it under the new forest. If there is scenario
that enables us to demote the DC in the old forest (don't
know if this is possible), does that give us any other
migration options? We are installing other new systems
where we'll be establishing the new forest and installing
AD.

Regarding AD, yes, more correctly, we would want to
migrate user accounts, groups and computer accounts since
the current AD reflects the parents entire structure. I
will go through the ADMT and tool pointers you provided.
Does ADMT allow interforest AD migration? We still may
decide to build the new AD from scratch, but need to
udnerstand the options.

Your help is much appreciated.
Diane

 

[Diane]

Tim,

I re-posted on the 16th but it is not here?? We are
trying to remove a DC from the parent forest/domain and
set it up as a DC in the new forest and new domain. If
we can demote the DC in the parent forest (don't know if
this is possible yet from the parent side) are there
other options available or are we still dealing with a
rebuild situation versus a dcpromo to a DC in a new
forest/domain?

I have not yet had a chance to review ADMT in detail from
the links you provided. We would want to move users,
computers, groups from the parent AD. Does ADMT support
inter-forest AD migration? We are still considering
creating a "clean" AD for the new forest/domain structure
but we are concerned about permissions, etc. Would
appreciate your comments, thoughts on the approaches and
potential gotchas.

We have much to learn in this area. Your help and
guidance is much appreciated.

Diane