Restructure Active Directory Forest Root Domain

windows active-directory windows-server-2012-r2

The best solution is to migrate to a greenfield environment. While possible to migrate all modern objects to legacy, the amount of effort required to move the objects in modern is roughly the same as moving to greenfield forest, but the greenfield effort has the benefit of also cleaning up any leftover objects or potentially compromised accounts.


Short answer: No you cannot.

Long answer: The first domain create in an forest is used to identify the forest in self. This document explain in a simple but clear the AD Forest Architecture.

The only way to move out of this scenario is migrate the other two domain in brand new forest.

This other document is a good starting point to find procedure, best practices and tools.

An advice: it is not a simple or fast process and require a lot of planning, in my humble opinion it is useful only if you have to remove a lot of junk in your domains.

Related

SSH forwarding (SSH_AUTH_SOCK) on Windows
Installing Powershell modules through GPO
Nginx config for Restful API behind proxy
Invalid block device mapping: Invalid device name - Creating an AMI from an Instance Store-Backed
TLS: Error while reading file
packet_write_wait: Broken Pipe error on MacOS Sierra SSH to Amazon EC2
How to query the age of an ARP-cache entry in Linux
zpool autoexpand doesn't change size of pool
How to change logging driver on a running container in docker
High system interrupt rate
Server freezes without kernel panic
Windows DNS Server: Problems after DNS server cache clearing. What does Clear-DnsServerCache do?