Solved

Migrating DomainA to new hardware...

Posted on 2004-09-14
2
194 Views
Last Modified: 2010-04-19
I have a Windows Server 2003 Dell 500 server that needs to be retired. It already died once and had to do a restore to it. It is currently running Windows Server 2003 and is a PDC. It also runs Exchange 2003. The new server is a Dell 2850 running Windows Server 2003. Currenlty, the prduction server is setup as domainA.net. I setup up the new server as domainB.local. Setup the DNS so that they could see each other. Where I'm having problems is with setting up the Trusts. Part of the ADMT instructions tell you to setup a trust and put the administrator(or user who is running ADMT) of the target domain in the Administrators group of the source domain. I'm not finding any clear cut instructions on how to do this and what I did find seems to fail. It is also my understanding to migrate the workstation in the domain, I have to have the user running the ADMT of the target domain in the Local Administrators group of each of the workstations. So this still requires a visit to each workstation.

When I set the trusts up I can validate it one way but not back to the target domain. I'm also hoping that I can change the domain back to DomainA.local when the migration is finished. Instead of using the .net on the inside network.

Regards,
Brendan
0
Comment
Question by:b_davies
2 Comments
 
LVL 12

Accepted Solution

by:
ColinRoyds earned 250 total points
ID: 12059116
I would imagine that your DNS is not working correctly, I would first get this sorted out, then your trusts shouls work.
Sorry I don't feel like retyping this so I copied it from a previous question

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21127674.html

How to setup DNS for trusts

There are two ways to do this
1.
Use a host file for name resolution
Use a lmhosts file for DC resolution, so the remote DC for the remote domain can be found.

2 In DNS of domain A on your forward lookup zone allow for unsecure communications
In the DNS for domain B, add a secondary forward lookup zone for domain A, specify domain A' DNS server address
In the DNS of domain A on the forward lookup zone allow for zone transfers (this can alos be restricted to domain B only if you want)
Then in the DNS of domain B in the new secondary zone expand the zone then right click and click transfer from master.
You should now have name resolution for domain A from domain B, do the same in revers for domain B - A.
check dns resolution using nslookup in both directions

Now setup your trust using AD D+T, and verify them

Trust done, if you used step 1 to do this you might want to now do step 2 for proper dns resolution.

The reason you cannot do 2 immediately is that DNS by default will only alow for secure comm's so if you are not on the domain you can not do a look up. Therefor as stade in step 2, if this is done before the trust is in place you MUST change the forward lookup zone to unsecure.

after this is done do the migration the use the domain rename tool to change it back to what you want
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question