Jack of all that is Microsoft, Master of None

June 26, 2006

SPS Infrastructure Fix & AD Domain Renames

Not too long ago, I was working on a SharePoint Portal Server project with Jason Medero, and what originally was supposed to be a basic Portal build-out turned into a whole lot more… let me provide you with some background information…

We have a client that provides SharePoint hosting services for a specific industry. The Portal sites they host are for some major, well-known companies that utilize our client’s specific Portal builds for HR & Compliance-related information. Originally, some firm came in and built out the following infrastructure:

Server 1

Server 2

  • Windows Server 2003
  • Active Directory domain controller for domain “ABC”
  • SQL Server 2000 SP3 Installed
  • SharePoint Portal Server 2003 Installed
  • K2.net Server Installed
  • Windows Server 2003
  • Active Directory domain controller for domain “XYZ”
  • SQL Server 2000 SP3 Installed
  • SharePoint Portal Server 2003 Installed
  • K2.net Server Installed

So basically they had all of their eggs in two baskets… and what a mess… talk about throwing best practices out the window!  To make matters even worse, they were not sure how stable their AD infrastructure was, but they didn’t want to recreate all of the user & group objects, especially since that would mean going out to each of the clients they were hosting SPS for and telling them all of their user’s passwords had changed.

So I proposed that they immediately purchase a new server, and we break out their environment in the following way:

Server 1

Server 2

Server 3

  • Windows Server 2003
  • Active Directory Domain Controller for domain “XYZ”
  • Windows Server 2003
  • SQL Server 2003
  • K2.net Server
  • Windows Server 2003
  • SharePoint Portal Server

But there was a caveat – we needed to maintain the old domain name of “ABC”… while we could make the second domain “XYZ” go away, we needed the new domain controller to have all of the user & group objects from both of the old domains but retain the name of the first old domain.

So what did I do… A LOT of testing in my development environment using the Active Directory Domain Rename Tools.  Once I was satisfied with my testing, here’s what I did:

  1. Backup everything and ensure that the backups were functional!
  2. Use the Active Directory Migration Tool v2.0 (ADMT) and migrate all of the users & groups from domain XYZ to domain ABC.
  3. Decommission the XYZ domain (via dcpromo).

So I then had all of the users & groups in the one domain – the domain with the name I needed.  Since I couldn’t bring up a new DC with the same domain name, I used the Rename Tools.  In a nutshell, here are the steps:

  1. Perform a rename domain on the old server.  The domain name will be changed to OLDABC.com
  2. After the domain is renamed, bring up the new domain controller, hosting the new ABC.com domain.
  3. Create a trust between both domains.
  4. Install the ADMT.
  5. Perform the migrations from OLDABC to ABC
  6. DCPromo the old domain controller.
  7. Cleanup.

So basically, yes – you can take a domain, rename it, then immediately bring up a new domain controller with the old domain’s name.  If anyone is interested in more of the step-by-step details, let me know… I have them all documented.

Advertisements

9 Comments »

  1. Hey plz give me step by step details on DC migration,

    I have on DC “XYZ”, where i need to transfer all the users, groups etc with their password to New hardware ” ABC”

    I am eager to here from you,

    Comment by K. Suresh Kumar — August 23, 2006 @ 3:28 pm

  2. Hello – Will soon be going through something similar from AD Domain to Forest. I’m interested in step by step details on the migration. Did you have to do anything to SharePoint particularly, WSS team sites and the mysites?

    Comment by Kim Livingston — September 5, 2006 @ 4:40 pm

  3. Hi Kim,

    I would highly recommend that you take a look at Keith Richie’s blog, in particular his SPUserUtil (http://blogs.msdn.com/krichie/). This utility helped us immensely in migrating the accounts. I don’t have any step-by-step details on the usage of the utility, as there was some trial and error, but I do know that it did work for us.

    Thanks,
    Chris

    Comment by cregan — September 12, 2006 @ 3:34 am

  4. K. Suresh,

    If your new domain controller is just another server that is going to be brought up in the same domain, then this is a very simple process. Install the OS, then dcpromo the server, and make it a domain controller in the existing domain that has the users/groups/etc. that you want. Then, transfer the FSMO roles over to this new server, and make sure that the server is also marked as a Global Catalog. Once this is done, you can dcpromo the original domain controller and you have everything on your new box.

    Hope that helps in a nutshell,
    Chris

    Comment by cregan — September 12, 2006 @ 3:36 am

  5. This sounds very interested, I was browsing the internet searching for migration articles and I came across this information, I am very interested in the step by step details.
    Thank you,

    Comment by Edwin Paoli — January 21, 2007 @ 10:26 am

  6. Can you send me the steps in detail?

    Comment by Joachim Farla — August 7, 2007 @ 4:00 am

  7. Hi,

    I am a budding Server administrator in Windows Server 2003 environment, SharePoint Portal Server 2003 and MOSS 2007.

    I will be very thankfull to you if you send me the step-by-step details of your work done on Domain renaming.

    Thanks,

    Rahim Pathan

    Comment by Rahim Pathan — November 8, 2007 @ 8:52 am

  8. Hi,

    I would also be interested in the step-by-step details. Would it be possible with a new post with this or can you email them to me ?

    Comment by Rikard Strand — November 13, 2007 @ 1:53 am

  9. Hi,

    Please the share the steps. Even i need to rename the existing domain.

    Comment by Amzad Bhasha — December 19, 2007 @ 8:33 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: