Home / server / Questions / 224448
Accepted
rboarman
Asked: 2011-01-20 16:49:28 +0800 CST

What are the ramifications of unbinding and rebinding to a new domain?

  • 772

For a variety of reasons out of my control, I am building a new domain controller to replace one that is no longer in service. My platform is Server 2008 R2 with several Windows 7 member computers.

Several computers are bound to the old domain which is no longer available so I cannot promote and demote like I would normally.

I have a new domain controller built using a different name and I have unbound one machine from the old domain and rebound it to the new domain.

My questions are:

1) What will happen to the newly bound computer in terms of security? What am I risking by doing this?

2) Will I be able to get access to the files in the users’ profile so I can copy them into their new profile?

3) Are there windows services that will no longer start up because the domain has changed?

4) Is there anything I should do prior to unbinding the machines from the old domain? For example, copy files out and strip the ACLs.

5) What issues should I look out for?

Thank you in advance.

Rick

windows-server-2008 domain-controller

2 Answers

  1. Best Answer

    You did not specify this, but I assume you only had he one domain controller for the domain? Everything that follws is based on this assumption. If this was the case, I hope you will be able to convince someone to buy a second server just in case...

    1. The PC once joined to the new domain will gain the policies of the new domain. If you had set things to forced before hand, but now leave them to default - those policies will remain. The local accounts still remain, so you may need to remove/rename/reset passwords as appropriate.
    2. If you are able to log on as the local admin you should be able to get access to any data files. Once the PC is added to the domain, you could use a PC admin to do the same. I would reccomend just backing up the data files and deleting the old profiles.
    3. Very rarely will this be the case in a vanilla setup. If you had setup MOM or some other special software, then maybe. Enterprise AV solutions may need to be removed/reinstalled.
    4. refer to point 2 about data. You might need to double check the local groups to make sure non of the old domain users/groups are listed.
    5. Some software may force you to call the supplier to re-register the licenses. Remember to update he IP settings for the new domain. Data backups before are required for each PC. Otherwise not much.

    good luck

    • 1

  2. The only real issue should be the user accounts, which will obviously need to be recreated in the new domain.

    I haven't done this on Win 7 but the procedure I've always used in the past is to have each user log onto the client machine with their new account, then log off again. Log on as an admin copy the old profile to the new account, after which everything should be back to normal. I know of no reason why this shouldn't work on Win 7 as well.

    In regard to services, change their logon credentials (where appropriate) to use the new accounts.

    • 0