Split Active Directory Domain

Scenario: A company splits.  Niether company wants to go trough the trouble of changing the domain name.  All five server roles are running on one AD controller.

Question?  Can we split the domain and have both of the new companies each keep the original domain name.

Let's say new company (A) has the server with all the Roles and new company (B) does not.

We sever the connection beteween (A) & (B).

(A) is fine as it has a Schema master etc... will just need to clean out the AD Controllers using ADSIedit to clean up the controllers that were lost due to the split.

Can company (B) just seize the roles on one of their Global Catalog Servers and continue to run a stable domain?

Theoretically this sounds good but has anyone actually done this?

Thanks for your comments.
PackerlandAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Debsyl99Commented:
Hi

Have I tried this in practise? - well yes - different reasons but same principle I beleive - I have used seizing roles when a full fsmo role holder goes down and it does work - first check that ad replication and dns is fully functional/ok between the two servers.

The only way you can keep the original domain name on two separate networks is as you suggest:

1) A new server is joined to the domain, service packed,  then dcpromo'd upon  which it will get a copy of active directory and yet will be role-less. You then separate the two completely (never to be brought back together) and seize the roles for the domain on the dc that is currently role-less as in article (1). You can keep the roles on dc 1. Then remove the active directory data for the now gone servers from both of them as in article (2) and you could then create two totally separate networks with the same internal domain name, so long as they remain COMPLETELY separate. (you may run into problems if you have the same domain name hosted externally). You'll need to sort out both as global catalogs, dhcp servers, sort out file data transfer etc, you'll also need to sort out which pc's now belong to whom as both will carry identical copies of AD for a short while, but more importantly the SIDS on the workstations attached at the time will remain, so some tweaking for security purposes will be in order. Mat also be tempted to change admin passwords etc etc,

Relevant articles
Using Ntdsutil.exe to seize or transfer FSMO roles to a domain controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504

How to remove data in Active Directory after an unsuccessful domain controller demotion (not unsuccessful but principle for suddenly removed dc applies)
http://support.microsoft.com/default.aspx?kbid=216498&product=nts40

I can't see any reason really why it couldn't be done, so long as your companies don't re-merge!

Deb :))


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
saito1Commented:

I make this operation sometimes and theoretically and practically it's OK. there will not be any problem if two server has no connection after splitting.
after transfering one of domain controller to new location you just need NTDSUtil tool to remove the DC that is transfer to another site and transfer all roles to existing DC.
first process is to remove the DC that doesn't exist on site A and same process on site B.
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 to remove DC
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504 to transfer roles.

if you have any problem while using ntdsutil do not hesitate to ask me as I use it often.




0
Debsyl99Commented:
Isn't that exactly what I posted Saito1???????? What's the point in duplicating other experts posts? Please don't!
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

saito1Commented:
sorry
0
Debsyl99Commented:
No worries - had three people in a row in three questions saying exactly what I'd already said so by the time I got round to this one I was a tad miffed - don't worry about it, and have a nice day,
Deb :))
0
Debsyl99Commented:
Think I pretty much got this one right, thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.