IT Employment

General discussion


Active Directory Migration.

By Rabbit_Runner ·
Here is the information. I would like some discussion on the different options, have you tried any of them, what were the problems encountered, and are there any other options.....


1. single forest, single domain
2. Two Domain Servers (DC?s)
3. DNS zone is on a UNIX BIND (8.2.5) Windows has ?read-only? to this primary zone.
4. DNS zone handles internal and external
5. Clients have static IP address (public routable IP)
6. Clients are NT4 (60%) and 2000 Pro (40%)
7. Networkis behind a double firewall which is quite secure
8. Domain is in Mixed mode with 4 BDC?s
9. We created the 4 active directory sub-zones and have ?write? access on the UNIX server. They are
10. DNS currently is SITE.DOMAIN.COM


1. I have been told that there will be a DNS change.
2. SITE.DOMAIN.COM will be the public DNS
3. LOCAL. DOMAIN.COM will become the internal DNS
4. Our Current Windows 2000 Domain Name = SITE.DOMAIN.COM

Additonal Information to follow

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Active Directory Migration

by Rabbit_Runner In reply to Active Directory Migratio ...

Question What is the best way to accomplish this change as the current Domain name will be
the Public DNS name?

1. Create a child domain for the local windows network?
(would mean more hardware plus migrating objects to the new domain)
2. Follow KB article 292541 and make a new DNS domain?
(Do-able but would require each 2K Pro workstation to be re-added to the domain)
(Also we would loose all of our current Active Directory objects, settings, etc)
3. Create brand new domain LOCAL. DOMAIN.COM
a. Trust recommended two way between source and target.
b. ADMTv2 will handle the TCPClientSupport reg settings on target and source and the DOMAIN$$$ group on the source.
c. Logged on target, migrate users acccounts (including associated groups). Include the SIDHistory.
d. Logged on target, migrate group accounts (the ones that the above didn't get).
e. Logged on source (from target), migrate computer accounts. ADMT will send out an agent that will install on all client machines that are joined to the domain. The client machines will automatically be moved to the new domain and it will preserve the local profiles and move them with the new account name.
f. Logged on target, run the security translator from ADMT.

4. Or is it possible to keep the domain name the same (SITE.DOMAIN.COM) but operate under a different DNS zone (LOCAL. DOMAIN.COM)
5. OR is there some other option that has not been mentioned?

Related Discussions

Related Forums