Link to home
Start Free TrialLog in
Avatar of RobertoYzaguirre
RobertoYzaguirre

asked on

Microsoft, Active Directory, 2003, Single Domain Migration

Hello! I am a Windows 2003 Active Directory administratorfor Department A. There are two other Active Directory forests on , B and C. I have been asked to work with administrators from departments B & C to perform the migrations and technical adjustments needed to create a single forest for the whole organization. Detailed information about the AD environment are as follows:

Forest A has four domains and 500 users. The computer and user objects for this forest are in one domain. Two of the remaining three domains have been given to smaller workgroups and are managed by local administrators. These workgroup domains do not have special security needs and use default, unmodified domain Group Policy Objects (GPOs). In the remaining domain one of the Domain Controllers (DC) which holds the Operations Master role needs to be decommissioned. Is this forest unnecessarily complex? What do I need to consider before decommissioning a DC? Moving FSMO roles to other DCs? My log on scripts should be in the SysVol of the other DC correct?

Forest B is a single domain forest with 10,000 users with computer and user objects in separate Organizational Units (OU). Department B provides centralized services to ten workgroups. Each workgroup has their own OU and administrators have been given full control to manage their respective OUs. Department B currently provides Microsoft Office Sharepoint Services (MOSS) for their forest. It is important to note that as part of the integration project, you have been asked to provide MOSS for the entire campus.  When I consolidate, how do I handle a complex application?

Forest C is a single domain forest with 250 users in a small township 50 miles away.  It is connected to campus with a slow link (e.g. fractional T1).  The computer and user objects are in separate Organizational Units. Department C provides centralized services to five workgroups, each with their own OU under Dept. Cs single domain forest. Administrators have been given full control to manage their respective OUs.  Slow links create an additional challenge to any project like this.  How do I manage it? Would this be best with a site?

I know this is a lot; I'm just trying to get an overview of how to proceed e.g. using log on scripts.
Avatar of vsg375
vsg375
Hi,

That's probably not the answer you're looking for, but just suggesting anyway...

If all of the forests are in full 2003 mode, i.e 2003 @ forest functional level, why not use cross-forest trusts ? That would preserve the present architecture, and however allow centralized admin if needed.

Just my 2 cents...

Cheers
ASKER CERTIFIED SOLUTION
Avatar of LauraEHunterMVP
LauraEHunterMVP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial