Forum Discussion
Rebranding of Company | Rename / Migrate / Trust entire Domain
Hi Team,
Consider our existing company name is "Sparkle Corporation" and our domain setup is "Sparkle.local" (This is a private internal domain with no Internet access).
Now our company has been acquired by a new Businessman and he wants to run this company under a new branding and as a standalone company without mixing or merging with his original company.
New company name is "Healthy Organization" and our new domain setup would be "Healthy.Org".
Old Organization Setup Includes the following:
Active Directory, On-Prem Exchange Server 2019, Skype for Business Server 2019, ADFS, DFS, Enterprise PKI Solution (CA Setup), VAMT, Symantec Endpoint Protection, Smart Card Solution, VAMT, VMware Horizon VDI Solution, Enterprise Print Solution, KMS,
There is a mix of Physical & Virtual Servers (VMware Enterprise Cloud, full setup) & users are also split on standalone machines and VDI (Virtual Desktop Infrastructure) and majority (nearly 70%) on VDI with roaming profile available. Users are only using Smart-Card to login into physical or virtual desktops to login and authenticate.
New organization Setup Includes the following:
New VMware cloud with full setup on additional new hardware & VMware Horizon VDI Solution. They want this migration to be as neatly as possible without large outages and chaos. We thought of following options..
- Renaming the Domain itself; this will bring down many services and the cards have to be re-issued with new certificate. New Exchange Servers, create mailboxes and import old mailboxes data into new ones, etc... This will definitely bring lot of issues and client desktops might re-join to new new domain but not sure of ACL's on File Shares for User's Personal Data, Roaming Profile Data, Teams shared data etc.
- Setup brand new VM's for new Servers and Deploy New Domain and setup all identical Services like in old setup, create Users & Mailboxes using script and allowing them to login using username and password. Challenge is how to rejoin all physical desktops at once because if we do in small batches then it is difficult to transfer data from old to new.
- Setup Trust from New Forest to Old forest. I'm not sure how far will this work.
New Hardware is available.
What should our approach be to minimize downtime, smooth transition with minimal loss of data.? How much time do you think this will take?
Is using ADMT tool helpful? I don't want to bring old data in new like that.
(Size of Organization: 5850)
Please share best possible solution or ideas you can think of.
Thanks
1 Reply
hi. ReverseSwing find below high level response to your query's
What should our approach be to minimize downtime, smooth transition with minimal loss of data?
- The recommended approach is to build a new Active Directory forest (Healthy.Org) and run both environments in parallel with a forest trust in place.
- Use a phased migration (department by department) rather than a big-bang cutover.
- Core services (Exchange, PKI, ADFS, Horizon VDI, DFS) should be stood up fresh in the new environment, while user accounts, mailboxes, and profiles are migrated in controlled batches.
- This minimizes outages, keeps users working, and allows rollback if issues arise.
How much time will this take? ( tentatively )
- Preparation & new domain build: ~6–8 weeks.
- Pilot migrations: ~2 weeks.
- User and service migration in phases: ~6–8 weeks.
- Application reconfiguration & cleanup: ~4–6 weeks.
Realistically, you should plan for a 3–4 month program end-to-end, depending on resources and smart card re-issuance.
Is using ADMT tool helpful?
- Yes – ADMT is very helpful to migrate users, groups, and workstations while preserving SIDHistory so existing file shares and roaming profiles remain accessible during transition.
- Even if you don’t want to “bring old data,” using SIDHistory during the migration phase avoids major access issues. Once migration is stable, SIDHistory can be cleaned up.
- Without ADMT, you’d face manual account recreation and broken ACLs, which would cause more downtime and data access problems.
