RAD migration blueprint
- Rename local domain users to match Rutgers NetID users.
- Rename groups on local domain to match RAD domain standards.
- ReACL all local domain resources to add RAD equivalent users/groups (so both local domain and RAD domain are included).
- Change all local group policies to act on computer objects with loopback instead of on users.
- Remove logon scripts, roaming profiles, Terminal service profiles, and other user attributes where possible using the RAD User Workaround options.
- Document what user attributes are still needed on user objects and investigate whether you can set them in RAD domain.
- Import RAD users and groups into SQL environments and apply same roles.
- Replicate OU structure in your delegated OU. Ask OIT for any special directory permissions.
- Export your GPO-based IPSec rules and either redeploy them as local IPSec rules or ask OIT to implement them as GPO-based for you.
- Export/import your group policy objects to RAD domain and link as appropriate.
- Reconfigure new computer deployment processes to target the RAD domain.
- Ensure you’ve got the cross-forest GPO setting in place in your local domain.
- Update all IIS default domain settings if using your local domain for authentication.
- Change ownership of profiles from local domain user to RAD user.
- Change default logon domain on all computers to RAD domain.
- Disable local domain users.
- Adjust ‘change domain suffix on domain join’ setting as needed.
- Migrate workstations on whatever time scale that works. Disable local domain computer account when moved to keep track.
- Migrate servers on whatever time scale that works. Start with least complex servers.
- Until all computers are migrated, leave a single domain controller behind with a logon script to automatically migrate missed computers like laptops.
- Decommission your old domain.