+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Windows Thread, Moving to new domain - advice please. in Technical; Morning! In parallel with my other thread today regarding export - import of Exchange data. I want to make sure ...
  1. #1
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13

    Moving to new domain - advice please.

    Morning!

    In parallel with my other thread today regarding export - import of Exchange data.

    I want to make sure that I have all i's dotted and t's crossed before we hit the go button next Monday.

    We're migrating everyone and everything to a new domain as follows:

    EXISTING SITUATION

    SBS2003 - apart from it's DC and Exchange duties it runs WSUS and that's it

    1 x Member Server 2008 box running SIMS & Sophos & some file storage. Also acts as a secondary DC

    1 x NAS box running Storage Server 2003 - file server. This holds all the users home folders and other data, nothing is stored on local PCs.

    1 x Server 2003 print server

    ~100 client PCs - mainly W7 with a few legacy XP machines

    85 users with mailboxes

    MOVING TO THIS SCENARIO

    1 x Brand New Server 2008 R2 Ent DC

    1 x Brand New Server 2008 R2 Ent running Exchange 2010 Ent

    PLUS

    The 2008 and 2 x 2003 servers in the current scenario.

    All user accounts have been created on the new DC and mailboxes created on the Exchange Server with same names and logins as originally used.

    So my plan is to export the Exchange data with Exmerge onto the NAS box, demote the Secondary DC and remove all servers and PCs from the current domain into a workgroup.

    Add all machines into new domain.

    Import old Exchange data into new 2010 server.

    It all *seems* relatively straightforward, however, one of my concerns is data ownership. How can I ensure that the users will be able to access their data? Ownership will have been conferred under the old domain and the SIDs will be different for the newly created users, presumably I will need to transfer ownership of the files to the "new" users but how can I best achieve this?

    Do I need to take local admin ownership of the server data once the servers are unjoined from the old domain, or do I need to take local admin ownership of the client PC C-drives, or both? How would I achieve this?

    Apart from the Exchange export and import, data ownership is my biggest concern; I don't want to set everything back up only to find that users can't access their data.

    Advice would be most welcome at this chewing-fingernails stage please

  2. #2
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Also, will I need to change ownership or permissions of the .pst files created by exmerge?

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Quote Originally Posted by Number6 View Post
    Also, will I need to change ownership or permissions of the .pst files created by exmerge?
    I think when i was involved in doing this we didn't - but not 100% sure.

    Your data concern's shouldn't be a problem. If you set the file paths in ad for the users home dir's AD should then grant the correct permissions.

    Only bit that could be tricky is if you have any shared areas.

  4. #4
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    We do have shared areas on the NAS box and on the SIMS server.

  5. #5

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Quote Originally Posted by Number6 View Post
    We do have shared areas on the NAS box and on the SIMS server.
    depending on how you have the file permissions setup - here we have each subject only has access to each subjects folder - so that could be a pain resetting file permissions etc.

    Sims server is pretty easy to move - just need to change the permissions on the share (I would suggest a group say sims staff and add each member of staff that uses sims to that group)

  6. #6
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Yes, that sounds logical re: SIMS

    Unfortunately our shared folders are shared by just about everyone.

  7. #7

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,262
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Hmm.

    Have a quick skim of the Active Directory Domain Migration Tool documentation:
    http://www.microsoft.com/downloads/e...displaylang=en

    and maybe the Fileserver Migration tool as well:
    Windows Server 2008 R2: Microsoft File Server Migration

    and for the Exchange move I'd use move-mailbox rather than exmerge avoiding the problematic .pst phase.
    How to Move a Mailbox Across Forests: Exchange 2007 Help

  8. #8

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,262
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Oh and do you have an absolutely bullet proof roll back plan and authorisation to raise a support calls with microsoft and or other vendors just in case things go sideways?

    The roll back plan can be tested quite easily: if you can build a replica of your live servers in a virtual machine, then it works. Added bonus you've now got an environment from which you can fully test the migration.

  9. #9
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    The roll-back plan is to plug the SBS box back in and reset everything

    Other than that we can't physically move the mailboxes because we don't intend to have old and new servers co-existing at all. We need to export the mail data to a neutral zone and then import it later.

  10. #10
    Jon
    Jon is offline
    Jon's Avatar
    Join Date
    May 2006
    Location
    Norfolk
    Posts
    327
    Thank Post
    32
    Thanked 52 Times in 42 Posts
    Rep Power
    22
    Why are you creating a new domain, is it because you need to have a different domain name?

    you could save yourself a lot of work by adding your new servers to the existing domain and retiring the old ones.

  11. #11
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Quote Originally Posted by Jon View Post
    Why are you creating a new domain, is it because you need to have a different domain name?

    you could save yourself a lot of work by adding your new servers to the existing domain and retiring the old ones.
    I know.

    But we've had a lot of strange problems with the SBS box. It was installed before my time here and has never been right. We don't want to risk importing any AD problems so we're starting from scratch.

  12. #12

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,262
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    I'm not at all sure why you can't have the SBS and the new exchange box running at the same time to allow for a move-mailbox, but you're happy with the exmerge route so I'll shut up about it.

    For the shared areas problem we used this tool
    Download details: SubInACL (SubInACL.exe)

    caveat: this was during a w2k3 -> w2k3 migration. I haven't tested in a w2k8 environment, though a very quick google suggest there should not be any issues as your NAS is 2k3.

  13. #13

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Quote Originally Posted by psydii View Post
    I'm not at all sure why you can't have the SBS and the new exchange box running at the same time to allow for a move-mailbox, but you're happy with the exmerge route so I'll shut up about it.

    For the shared areas problem we used this tool
    Download details: SubInACL (SubInACL.exe)

    caveat: this was during a w2k3 -> w2k3 migration. I haven't tested in a w2k8 environment, though a very quick google suggest there should not be any issues as your NAS is 2k3.
    because it is two separate domains that you don't want talking to each other - exchange can't swap domains easily

  14. #14

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,262
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Quote Originally Posted by glennda View Post
    because it is two separate domains that you don't want talking to each other - exchange can't swap domains easily
    Since the NAS and all the clients are moving across without being rebuilt, I don't really see why they can't, other than the quite reasonable "that's how the plan is and at this stage changing this part so completely would be high risk with little/no benefit" and "psydii is making a tit of himself with his move-mailbox talk, in 2010 it's New-MoveRequest".

    I'm going to take your "exchange can't swap domains easily" comment out of the context of the preceding sentence for a moment: While true that you can't move and Exchange installation between forests, you also can't do an in place upgrade from 2003-2010. New-MoveRequest is the recommended tool (move-mailbox was for 2007 only). It can quite easily move mail boxes between domains/forests where there exists only a layer 3 route, suitable open ports and an system administrator who knows suitable Admin passwords to both domains.

    I only return to this point to correct my mis-information posted above.

  15. #15
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Quote Originally Posted by glennda View Post
    because it is two separate domains that you don't want talking to each other - exchange can't swap domains easily
    Exactly so.

    Even if we could, we simply do not want the SBS box to be connected once the new servers go live. Paranoid I know, but we've had too many strange AD related problems with it and i don't want even the slightest risk of any issues being imported into the new AD structure.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Advice regarding moving school UPWARDS from OFFICE 2003.
    By kennysarmy in forum Office Software
    Replies: 19
    Last Post: 19th November 2010, 12:54 PM
  2. moving job out of education advice
    By sandeep2504 in forum General Chat
    Replies: 1
    Last Post: 12th October 2010, 03:19 PM
  3. Moving users to new domain
    By ravenadsl in forum Windows Server 2008 R2
    Replies: 8
    Last Post: 21st May 2010, 11:51 AM
  4. Moving domain name from ISP to another
    By superatticman in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 18th March 2010, 07:25 PM
  5. Moving from single label to dotted domain name..
    By johnny in forum How do you do....it?
    Replies: 8
    Last Post: 23rd February 2007, 01:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •