I have a number of domain local resource groups that need:
a) to be changed into Universal groups.
b) renamed.
c) have the users of their member groups collapsed into this group itself.
d) remove the (no longer needed) member-groups.
The groups currently contain a mix of member-groups (sometimes nested groups) and users.
The end result would be a Universal group with just users. (So basically it is just a collapse of the entire tree structure into a single group.)
What would be the best order:
First change the groups type and name, then re-assign the members.
Or the other way around: First the members, than the rename/type of the group ?
Or doesn't make any difference ?
I can't find a definitive source on this.
Are there any tools that can automate this ? Doing it manually is a lot of work...
P.S.
This is in preparation of a domain migration/phase out.
The Universal groups (and the users) will eventually be transferred into the new domain. The domains are functionally AD2003 with 2008 and 2012 DC's (if that makes any difference).
I recommend you using the AGDLP structure of nested groups instead of UG's. Use: Accounts => Global Group (GG's)=> Domain Local Group (DLG's) => Permissions, as it makes it way more easy to administer.
You do not need universal groups if you migrate to a single Domain. Furthermore it is way easier to create new groups (e.g. via PS /CSV) instead of renaming.
Back to topic, I suggest you create the GG's / DLG's first, prepare the Group adding script and then you just migrate (Hopefully via MS ADMT) the user accounts + just run the script. The User accounts will be in the Global Groups, that are already nested into the DLG's.
Furthermore you could prepare all permissions before migrating the User accounts (silent switch).
Feel free to ask for more as I've migrated multiple domain structures into single ones several times already.