Best Practice and Pitfalls to avoid in consolidating and migrating multiple AD domains into single forest domain AD ?

EnterpriseArchitect 4,721 Reputation points
2022-05-18T07:15:01.447+00:00

People,

ParentCompany.com has recently bought Child1.co.uk, Child2.net, Child3.org, etc...

I need to perform Multiple AD Domain object migrations from multiple separate non-trusted AD domains to ParentCompany.com AD Domain. 

Group Policy Object  
Computers  
Users  
Groups

What are the steps/procedure to migrate and the pitfalls when migrating those objects into a single AD Domain?

The Software I will be using is: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/support-for-admt-and-pes

I assume there will be twice rebooted for each of the servers to exit the old AD Domain, and then Join the new AD domain.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,084 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,386 questions
Accepted answer
  1. Gary Reynolds 9,391 Reputation points
    2022-05-18T11:50:52.353+00:00

    The ADMT docs provides some of the details on the migration approach but there are loads of other content including videos on ADMT. For large migrations I've always used Quest tools. I would recommend not using sidhistory, as most projects fail to remove it once the migration is complete and can lead to problems years after the migration, I.e. token bloat. Use dual permission workstations and servers before moving domains.

    Gary.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,336 Reputation points
    2022-05-19T07:25:47.907+00:00

    Hi there,

    I would recommend you to set up a trust between the forests and use the Active Directory Migration Tool (ADMT) to migrate users (including service accounts), groups, and computers (including member servers). To copy the organizational unit structure you can use PowerShell or LDIFDE.

    We can use ADMT and FSMT for the migration to the parent domain. I recommend you to test migrate a few users with ADMT and see the result.

    Some useful article links that might help you in getting some insights are listed below.
    Consolidating 7 different AD forests to single forest with multiple AD trees https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/consolidating-7-different-ad-forests-to-single-forest-with/m-p/281737

    Deployment and operation of Active Directory domains that are configured by using single-label DNS names https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/deployment-operation-ad-domains

    Moving all objects in AD across domains in separate forests https://social.technet.microsoft.com/Forums/en-US/b3d163d0-7a1c-4e44-b2f1-43a311559b46/moving-all-objects-in-ad-across-domains-in-separate-forests?forum=winserverDS

    -------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments