Migrating from broken domain to new domain

Discussion in 'Active Directory' started by Dawho, Feb 24, 2008.

  1. Dawho

    Dawho Guest

    Long story short, the wrong people had administrative access to this
    domain. The domain is completely non-standard and as a company we have
    for service reasons decided to replace the entire domain.

    Luckily at the same time we got our customer to purchase all brand new
    servers. I am reaching out for some input as this chore I was assigned
    will be no walk in the park. I have a friend who scripts relatively
    well writing something that will lookup the current AD Computers and
    go out to each station and change the domain and DNS information. Not
    sure if this will be sucessful but hopefully as it will save a lot of
    time. I am not a scriptor and only good with infrastructure and

    There are 5 DC's total, 2 SAN attached and clustered. 3 are stand
    alone with DAS. All (except the cluster) are geographically seperated
    and connect by a MAN.

    I plan to use ADMTv3 to migrate the users


    1. The have a 4TB concatenated volume currently presented to the old
    domain that I intend to present and concatenate with the new domain.
    Any way to apply rights in a more timely fashion than using xcalcs? I
    want to keep the old SIDs there incase this is not sucessful and I
    must go back to the old domain.

    2. 5 DC's and 5 DNS servers. All stations and servers in this domain
    are statically assigned. I would like to have every station point to 2
    DNS server (the main cluster) and somehow those two servers can
    delagate the requests as to balance the load. However also if the MAN
    goes down then how can DNS still work?

    Any suggestions and ideas to make this task easier would be much

    Thanks in Advanced

    .--(no spam)--
    Dawho, Feb 24, 2008
    1. Advertisements

  2. Dawho

    Ryan Hanisco Guest

    Hi Dawho,

    I think you are on the right track with ADMT. Keep in mind that this will
    move the workstations from one domain to the other and it would probably give
    you serious headaches if you try to script these yourself. Remember you are
    moving the machine, but also doing translation on the security for the user
    profiles too...

    To answer your questions by number,

    1. xcacls is the way to go here. You might try a third-party tool like
    robocopy if that isn't meeting your needs, but you're going to be at this for
    a while as it will take some time.

    2. Remember that DCs should point to themselves for DNS resolution. As to
    the workstations, you should be doing this in DHCP. If you present a list
    DNS servers, the workstations will try the first one; if it is busy or
    unavailable, it will start down the list. This gives you redundancy. load
    balancing isn't directly possible as client rely on the ordering of the DHCP
    list for DNS server location. You can achieve a rough balance by carefully
    planning the servers in each one of your DHCP scopes.

    Hope this helps.
    Ryan Hanisco
    MCSE, MCTS: SQL 2005, Project+
    Chicago, IL

    Remember: Marking helpful answers helps everyone find the info they need
    Ryan Hanisco, Feb 24, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.