RAD migration blueprint


  1. Rename local domain users to match Rutgers NetID users.
  2. Rename groups on local domain to match RAD domain standards.
  3. ReACL all local domain resources to add RAD equivalent users/groups (so both local domain and RAD domain are included).
  4. Change all local group policies to act on computer objects with loopback instead of on users.
  5. Remove logon scripts, roaming profiles, Terminal service profiles, and other user attributes where possible using the RAD User Workaround options.
  6. Document what user attributes are still needed on user objects and investigate whether you can set them in RAD domain.
  7. Import RAD users and groups into SQL environments and apply same roles.
  8. Replicate OU structure in your delegated OU. Ask OIT for any special directory permissions.
  9. Export your GPO-based IPSec rules and either redeploy them as local IPSec rules or ask OIT to implement them as GPO-based for you.
  10. Export/import your group policy objects to RAD domain and link as appropriate.
  11. Reconfigure new computer deployment processes to target the RAD domain.
  12. Ensure you’ve got the cross-forest GPO setting in place in your local domain.
  13. Update all IIS default domain settings if using your local domain for authentication.
  14. Change ownership of profiles from local domain user to RAD user.
  15. Change default logon domain on all computers to RAD domain.
  16. Disable local domain users.
  17. Adjust ‘change domain suffix on domain join’ setting as needed.
  18. Migrate workstations on whatever time scale that works. Disable local domain computer account when moved to keep track.
  19. Migrate servers on whatever time scale that works. Start with least complex servers.
  20. Until all computers are migrated, leave a single domain controller behind with a logon script to automatically migrate missed computers like laptops.
  21. Decommission your old domain.