Hola,

This issue came up on a IT mailing list I'm on and there was a stellar response from one of our windows gurus. Lucky for you I saved it for when I need to do this to my own domain(s).

Here was the original question.

"I need to replace an NT domain controller with a newer model machine. I
plan on changing domain names but all the computers and users who
connect to it will be the same. Does anyone know of an easy way to transfer the computer and user IDs to the new domain controller? Or do I have to
recreate them all?"


...the initial responder had the following to say...


"Unfortunately, all the domain computer IDs and user IDs contain the
domain ID as well, so you would not be able to transfer them easily
(i.e. without some serious hacking or tool)to a new domain. From my
brief research into the problem, I have found a tool that would enable
you to do the user transfers (including passwords) for a fairly good
price, considering how many man hours it would take to redo everything
manually. The tool is called Ideal Migration, and you can read more
about it at the following URL: http://www.pointdev.com/IM_descr_us.htm"

...this was followed on by the win-guru!

"You can do this without buying 3rd party software, but there are some caveats you need to consider.

First of all, in order to simplify the transfer, I'd recommend installing Windows NT 4 Server on your new machine, being careful to bring it up as a BDC in your existing domain. This way, you will get it to sync its SID with the PDC and replicate the SAM database. Then, install drivers, updates, server apps you need on the new BDC.

Next, promote the new machine to PDC, which will automatically demote your old BDC. Don't remove the BDC from the network or the PDC SAM yet. What's left is to rename your NT 4 domain to the new name you like, and then remove the BDC.

For this, I recommend Sean Daily's (of--what is now--Windows/.NET mag fame) February 1999 article, "How to Rename Your NT Domain", also on-line at

http://www.winntmag.com/Articles/Ind...ArticleID=4784

Sean has detailed the steps very carefully. When you skim the article, you will notice the primary concern are trust relationships, server apps, and services who are closely tied to the existing domain name; while I am not familiar with your setup, one MIT supported such app is the NetShield anti-virus software (and associated service) for NT 4 servers. You probably have this, and should carefully follow Sean's instructions in correctly migrating it. He also mentions others like Exchange, SQL Server, IIS, SMS, etc.

Finally, you _will_ need to rejoin the workstations to the new domain. Typically this involves repeating the process on every machine, but planning ahead (before changing the domain name), you could create a _local_ logon script for each of the workstations that would join them to the new domain to execute at login (albeit with cached credentials at that time since your old domain will be gone, hence _local_ script). For details, see the John Savill's Windows2000FAQ article at

http://www.windows2000faq.com/Articl...rticleID=13524

Note he describes how you can pre-configure the machine accounts such that normal users can join the domain without admin rights. They will, of course, need to reboot, which could also be scripted. With a little tweaking, you can use Mark Russinovich and Bryce Cogswell's Sysinternals utility PsShutdown. See

http://www.sysinternals.com/ntw2k/fr.../pstools.shtml
http://www.sysinternals.com/ntw2k/fr...shutdown.shtml

For other legacy (Windows 9x, Me) workstations, you might have to rejoin manually.

This should be able to get you going where you want. Since Sean's instructions involve shutting down a lot of domain services, I recommend doing this over a weekend or at least overnight to minimize impact on users; and order pizza should something go wrong
"

Good luck and happy computing!

-tp

[edit: fix broken lynx]