Process to Migrate to a new domain 1

[mdsurfrider]

After a lot of debate, I have decided to change my client's domain from XYZ.net to XYZ.local. My thoughts are that this will reduce DNS lookup issues and facilitate an easy to install Exchnage architecture.

Could you please comment on my proposed methodology:

Bkgnd: There are 3 Win2K servers and 1 Win2K3 server. Two DCs - both W2K.

1. Create new .local domain on W2K3 server.
2. Establish trust and migrate all accounts and services into .local domain.
3. Demote the backup in .net domain and promote as DC in new .local domain.
4. Demote the other .net DC and change membership (no DC).
5. Change domain membership on all clients (argh!) and the other remaining server.

Any gothchas I may be missing?

Thanks,
Mike

 

[markdmac]

I think your plan will work. I'll take the pain out of changing the workstations for you too.

You can use the following script with the NetDom resource kit utility to move the machines. You will just need to create a text file with machine names in it. One computer name to a line. Name the file WSLIST.TXT. Save the script below with any file name you want, just give it a VBS extension. Put netdom, the script and wslist file all in the same directory and double click the script.

You can easily test it with a single machine by just having one pc name in the wslist file.

You need to edit the script with the proper domain and admin user names and passwords. Hopefully you have the same local admin passwords on all boxes. If not let me know. I have a script that can change them first for you so you know what they are set to.

'==========================================================================
'
' NAME: NetDomJoinWorkstations
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL:

http://www.thespidersparlor.com

' DATE : 6/24/2003
'
' COMMENT: Joins computers to a new domain. Edit domain name, user ID and passwords below
' Modification 7/28/2003 to include Remove command. Suggest synchronizing old and new server passwords
'
'==========================================================================

On Error Resume Next

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject&quot
set WSHShell = wscript.createObject("wscript.shell&quot
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt&quot
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close

For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
Call WSHShell.Run(&quot;cmd.exe /c NETDOM REMOVE &quot; & strWorkstation &&quot;/Domain:<domain> /UserD:<user> /PasswordD:<password> UserO:<user> /PasswordO:<password> /REBoot:30000&quot
Wscript.sleep 15000
Call WSHShell.Run(&quot;cmd.exe /c NETDOM JOIN &quot; & strWorkstation &&quot;/Domain:<domain> /UserD:<user> /PasswordD:<password> UserO:<user> /PasswordO:<password> /REBoot:0&quot

Next

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[mdsurfrider]

Mark,

Thanks a bunch...This will save me a lot of time and my client a lot of $$. They're a brand new client and I can't say as to whether or not the local admins are all the same. My guess would be no, since they have never had a decent consultant.

Could you give me the script to change all the local admin passwords?

Thanks,
Mike

Michael Law - MCSE, CCNA, SCSA, MCIW
Qualatech Computer Consulting, LLC

http://www.qualatech.com

 

[xmsre]

Actually, if you have the w2K resource kit, it's easy to use cusrmgr to change the membership of the local administrators group, or change the password to the administrator account.

 

[markdmac]

Like the previous script, this will use that same wslist file. Edit the script where I have bolded with what you want the local admin password to be. You will need the resource kit utility CUSRMGR.EXE. Edit the path to where you have CUSRMGR too of course. This should save you a ton of time and save you from pulling hair out. Run this while logged on as Domain Admin so you have authority over the workstations.




'***********************************************************************************
'Rename Local Admin Account ***
'By Mark MacLachlan ***
'Purpose: renames admin account and resets password using resource kit utility CUSRMGR ***
'Creation date: 10/8/2002 ***
'Dependencies: requires local file named wslist.txt with workstation names ***
'************************************************************************************
On Error Resume Next

'open the file system object
Set oFSO = CreateObject(&quot;Scripting.FileSystemObject&quot
set objShell = wscript.createObject(&quot;wscript.shell&quot
'open the data file
Set oTextStream = oFSO.OpenTextFile(&quot;wslist.txt&quot
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close

For Each strWorkstation In RemotePC
'Do something useful with strWorkstation
'reset the password of local admin
Call objShell.Run(&quot;cmd.exe /C C:\Progra~1\Resour~1\cusrmgr -u Administrator -m \\&quot; & strWorkstation & &quot; -P &quot;&quot;PutAdminPasswordHere&quot;&quot;&quot;, 0, true)

Next

Set oFSO = Nothing
Msgbox &quot;All done&quot;
WScript.Quit(0)

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[markdmac]

Hi xmsre,

You are correct and that is what I am using. What is not so evident is how to use CUSRMGR in the enterprise. THis script simplifes the process by letting you have a reusable script. All that is needed is the list of workstations.

Microsoft KB article 272530 shows how to use a bat file to do this, but then you have to edit the computer names into the mix and that is a real pain. Plus you would need to edit that bat or recreate it each time you wanted to run it.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark