totibrossParticipantNov 15, 2019 at 8:44 pm #624833
Hello everyone, thanks for taking the time to read this post.
I have this new customer that has a Windows Server 2012 onsite.The Active directory domain they have is not only for them, in this DC there are 4 other companies separated by sites. So all 4 companies join the same domain.
There are about 50 workstations joined to this domain..
This is what I have thought but I’m very open to suggestions
1.- Export all users, policies, etc from the domain controller.
2.- Demote it
3.- Spin a new Domain controller (Active directory)
4.- Import the data from the previous domain
5.- Use User profile Wizard from ForensIT to migrate users profiles
Is this a good idea??
Let me know..
OssianModeratorNov 16, 2019 at 2:40 am #624835
What is wrong with the current DC (i.e. why do you feel you need to change it?) Are you just trying to separate the companies?
Moving 50 users (and their computers) to another domain is “non-trivial” – even exporting the profiles and reapplying permissions can be fraught.
totibrossParticipantNov 17, 2019 at 6:45 pm #624840
The current DC belongs to the previous IT MSP. So that’s why we need to break apart.
I know this is something NON-Trivial, thats why I’m seeking some advise for best practice (safest)
OssianModeratorNov 18, 2019 at 2:40 am #624842
Perhaps if you had explained that in your original post, instead of just wanting to do it without a reason….
IMHO (and based ONLY on the limited information we have):
Set up (and test) the new environment
Simultaneously, document the current environment, especially permissions
(treat this as a chance to make changes, as it is unlikely something configured by an MSP for multiple tenants will really suit your needs for a single tenant)
Get users to clean up their profiles as much as possible – really they should not contain anything they can’t do without
Create new user accounts, computer accounts, groups, shares etc in the new domain, also group policies – do not just import as they may need changing
Over a long weekend or other downtime:
Export profiles in old domain
Join to new domain
Import profiles if possible
Copy share contents, remembering to set up permissions
Set up printers etc
Once the move is complete and tested, then (and only then) demote the old DC
Note I havent considered back-office applications (SharePoint, Exchange, SQL Server etc) which will need to be planned for too
You must be logged in to reply to this topic.