![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 30%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hi Pao,
You are welcome. Thank you so much for your feedback.
Do we also need to migrate the domain controller to the new domain? The following illustration shows the process for restructuring Active Directory domains between forests and the process for migrating resource objects between Active Directory domains in different forests.
To migrate domain controllers between domains, remove Active Directory Domain Services (AD DS) from the domain controller, migrate it as a member server to the target domain, and then reinstall AD DS. (https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc974428(v=ws.10))
After you migrate all the accounts and resources from the source domain to the target domain, perform the following tasks to complete the restructuring process:
· Transfer the administration of user accounts and group accounts from the source domain to the target domain.
· Ensure that at least two domain controllers continue to operate in the source domain until the resource migration process is complete.
· Back up the two domain controllers in the source domain.
After you complete these steps, you can translate security on the member servers in the target domain and decommission the source domain. The following illustration shows the process for completing the migration of Active Directory domains between forests.
Translate security on servers to add the security identifiers (SIDs) of the user accounts and group accounts in the target domain to the access control lists (ACLs) of the resources. After objects are migrated to the target domain, the objects contain the ACL entries from both the source and the target domains. Use the Security Translation Wizard in the Active Directory Migration Tool (ADMT) to add the target domain SIDs from the migrated objects.
For more information, we could refer to:
Translating Security in Add Mode
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc974439(v=ws.10)?redirectedfrom=MSDN
As for our case, it is a little special. Please make sure to back up the domain controller in the old domain. We did not do the test, so it is hard to tell the best steps. We could check whether the below case could he of some help to you.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.