Best Practice to Demote Server and Start a new one with 50 users

Home Forums Microsoft Networking and Management Services Active Directory Best Practice to Demote Server and Start a new one with 50 users

This topic contains 3 replies, has 2 voices, and was last updated by Avatar Ossian 4 months, 2 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • Avatar

    Hello everyone, thanks for taking the time to read this post.
    I have this new customer that has a Windows Server 2012 onsite.The Active directory domain they have is not only for them, in this DC there are 4 other companies separated by sites. So all 4 companies join the same domain.
    There are about 50 workstations joined to this domain..
    This is what I have thought but I’m very open to suggestions
    1.- Export all users, policies, etc from the domain controller.
    2.- Demote it
    3.- Spin a new Domain controller (Active directory)
    4.- Import the data from the previous domain
    5.- Use User profile Wizard from ForensIT to migrate users profiles

    Is this a good idea??
    Let me know..


    What is wrong with the current DC (i.e. why do you feel you need to change it?) Are you just trying to separate the companies?

    Moving 50 users (and their computers) to another domain is “non-trivial” – even exporting the profiles and reapplying permissions can be fraught.


    The current DC belongs to the previous IT MSP. So that’s why we need to break apart.
    I know this is something NON-Trivial, thats why I’m seeking some advise for best practice (safest)


    Perhaps if you had explained that in your original post, instead of just wanting to do it without a reason….

    IMHO (and based ONLY on the limited information we have):
    Set up (and test) the new environment
    Simultaneously, document the current environment, especially permissions
    (treat this as a chance to make changes, as it is unlikely something configured by an MSP for multiple tenants will really suit your needs for a single tenant)
    Get users to clean up their profiles as much as possible – really they should not contain anything they can’t do without
    Create new user accounts, computer accounts, groups, shares etc in the new domain, also group policies – do not just import as they may need changing
    Over a long weekend or other downtime:
    Export profiles in old domain
    Disjoin computers
    Join to new domain
    Import profiles if possible
    Copy share contents, remembering to set up permissions
    Set up printers etc
    Once the move is complete and tested, then (and only then) demote the old DC

    Note I havent considered back-office applications (SharePoint, Exchange, SQL Server etc) which will need to be planned for too

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.