I need some of your expert advice on what I believe to be a relative simple project, although my boss thinks the world may come to an end. Let me give you a little background to get you started. Here's the sitch, our Fortune 100 company is splitting into two Fortune 200 companies. The new spinoff wants to take their data with them and untangle it from the original company domain. Yes, it's a huge project with over 4,000 servers to migrate. So right now, there is a Trust setup between domains to allow us to complete the migration(s). In a couple of years though, they will cut the cable and the new domain will have zero access to anything in the old domain and vice versa and they will be geographically separated.
I have the DLO Console (DLO Admin Server) running on server DLO1.OldDomain.com and I need to migrate that server to NewDomain.com using MS's AD Migration Tool. The storage location (Network Data User Folders) are on a NAS device, NAS1.OldDomain.com.
It appears that DLO is just doing a DNS lookup on the server name which is no problem as that won't change, although the FQDN certainly will. For the time being, the storage location also won't change. Users will have (temporary) access to their network storage location, no matter which domain they belong to. Re-doing all the ACLs on the NAS is not for the faint of heart, but will eventually have to be done.
So my question is: what is the best strategy for carrying out this migration? What are the pitfalls? Do things need to be done in a specific order? Here's my plan so far:
1, Migrate the DLO Admin Server. If DLO is doing a lookup on the short DNS name it will find it in NewDomain.com.
2. Ensure that a user can logon (from either domain) and connect to his Network Data folder on OldDomain.com
3. Users won't be migrated as they don't want to drag all the SID history along with them. So we have a script that will run through OldDomain and create corresponding objects in NewDomain. Another script will read through the NAS and provide User.NewDomain.com with the same permissions as User.OldDomain.com
Seems pretty straightforward to me. I welcome all comments and suggestions. At this point I'm just trying to get my boss to let me move forward with migrating the DLO Admin Server. How would you do things?
The project is quite big and may not turn out it to be as straight forward as you are thinking.
My biggest concern would be the AD properties of the user configured to the DLO, per my experience when you change the value or alter an AD properties the DLO user may not recognize the NUDF when its move or copied to the new domain. I would first test it througly for few users and then decide to migrate.