We have been administering 3 AD 2019 servers serving around 150 Windows 10 clients, in a single AD domain. As part of an organization merging, a single AD domain will be created and a task to migrate clients to the new domain will be handled by a third-party. Since a large number of gpo-based software installations (from MSI packages) are in place in the old domain, plus a number of file shares with rather peculiar permissions to cater for the complex user groups, I'm wondering how to tackle the following:
First there's the issue of existing software installations made via GPO: all of them were configured with the "uninstall when this falls out of management scope". There's some very good advice in this discussion, but I'm pondering whether which of the following might be cleaner in the long run:
- either leave things as they are and make similar GPO-based installations on the new AD, or
- disable "uninstall when this falls out of management scope" for the install GPOs in the old domain and take my time to find a more efficient way to handle installations on the new on (MCEM perhaps), or
- something else entirely?
Second, the third-party proposed to establish trust between the two domains, probably to make sure that clients transferred to the new domain have still access the old one. This is an interim solution, but in the long run the old AD file share should be transferred to the new, in order to able to phase out the entire old AD infrastructure. The scope of the project is vague regarding this cleanup, hence I'd like to press them to transfer/convert files from the old AD to a new AD disk/shares at the initial phase. Is my line of thought technically unreasonable?
Thank you for any advice provided. These might be a walk in the park procedures, but I'm definitely out of my safe zone here.
