|
Howard you are correct. The problem occurs when you remove those trusts. Then they will no longer be able to logon to AD because their isn't a computer account in AD. So disabling their old Nt4 account would prevent them from logging on to the old domain but it doesn't tell us that their computer account is migrated. You could check this all manually but i don't like to work hard. Removing the trust would bring chaos which I want to avoid and this should be the last step in the migration process. My reasonning is if I leave their old account active and they attempt to use it I can check if their is a computer account on AD and kick them off if there is and also trap the fact that they are or are not migrated computers.
It just makes things neat and tidy for me and our IT staff.
The purpose of the script would be twofold:
1. Prevent migrated computers from logging on to the old domain
2. Trap which computers still need to be migrated. (i don't trust all the completed paper forms and there is bound to be machines that where left out)
make any sense? I might be doing this totally the wrong way but I think it will work
| 
