(200 pts) Growing an AD tree the wrong way
Posted on 2001-08-17
this question arose in a training I recently attended, and nobody (including the trainer) could give a satisfactory answer. Any input welcome (but no stabbing in the dark please, this thing may be really important for someone some time).
Scenario: in a large company there have been some guys trying ot rush their Windows 2000 to be the first who have it, they made up their own DNS and created a domain named departement.mycompany.com. Unfortunately those people knew their job very well, the domain works excellent and they already implemented Internet access, group policies, and software management in their domain, which also contains a quite large number of users (close to 400) and approx. 10 servers and more than 300 client computers. So there isn't a simple way to shut them down any more.
Now the question is wether it is possible to create mycomany.com and put departement.mycompany.com underneath it to get things in the structure it should originally have had.
Currently mycompany.com does not exist yet, and departement.mycompany.com is in mixed mode, but could be switched to native mode if that was an advantage to clear the scenario.
I already tried to install the scenario on some machines here, and found that I cannot create mycompany.com if department.mycompany.com already exists, at least I cannot create the mycompany.com domain in the same forest. I can create the domain in a separate forest.
Now I am not experienced enough in AD to completely understand what change in behaviour a setup with more than one forest has. I also haven't yet worked with the various import/export/migration tools provided my Microsoft.
* is there another way to append mycompany.com to the existing forest?
* can I join the two domains if they are in diferent forests by manually establishing trusts
* what disadvantages does a two forest scenario have compared to having one forest? Are there advantages as well?
* is there a way to create mycompany.com in a new forest and then move department.mycompany.com there with minimal loss of data (access rights, user passwords, and such), and is the move affected by wether one or both of the domains are set up to use mixed/native mode? In other words, given that having a single forest is declared a must what efforts will it take to move the department domain?
I do assume that more than one expert will contribute. To make splitting points easier for me I set this question at 50, and will increase points and/or post dummy questions as soon as I feel I got my infos.
WARNING. This question is intended to increase my knowledge about the AD. No stabbing in the dark please, and please give the infos in a form so I can not only understand what to do, but also why. No need to type books though. I have access to MS-KB, Technet, and the W2k Ressource Kit books, along with most of the MS Press literature and several MCP Training kits. So a pointer to a specific page or chapter will do nicely, unless you suggest I just "read the whole books x,y and z" :-).