fizzeriano
asked on
Need advice on active directory split strategy.
I have the following scenario of active directory and my company split process
AD with all DC's under 2003 sp1
1 forest
12 Domains
Lests say
Domain1 (forest root)
Domain2
Domain3.
..
Domain12
I'm the admin of Domain10, my company which uses Domain10, was sold, so we need to split our part from the other domains, shutdown the wan links connected to the other companys, and so on.
Actually we agreed with the head quarters to keep a domain controller of Domain1 (forest root), an of course or Domain10 DC's, we plan to cut network comunications forever and seize de fsmo roles to our DC of domain1 in order to not loose the root. I'm asumming that this should not cause any trouble, i'm correct?
But my doubts are with exchange 2003, we use a single exchange organization, connected through routing groups connectors, all exchange servers are exchange 2003 servers running in all the 10 domains, except for the domain1 (forest root), which has no exchange or users on it, i need advice on how to cleanup my active directory and exchange after the split, in order to keep unafected the email flow to the other domains, which of course should be contacted as external e-mail domains by my exchange server, instead of intra-organization domains, i wonder if after the cleanup of the rest of orphaned domains it's enough, please giveme some advice on which steps to follow, or if you have some better strategies, of course or main concern is to minimize impact on the users, feel free to ask any other tech details.
thanks in advance for your feedback
AD with all DC's under 2003 sp1
1 forest
12 Domains
Lests say
Domain1 (forest root)
Domain2
Domain3.
..
Domain12
I'm the admin of Domain10, my company which uses Domain10, was sold, so we need to split our part from the other domains, shutdown the wan links connected to the other companys, and so on.
Actually we agreed with the head quarters to keep a domain controller of Domain1 (forest root), an of course or Domain10 DC's, we plan to cut network comunications forever and seize de fsmo roles to our DC of domain1 in order to not loose the root. I'm asumming that this should not cause any trouble, i'm correct?
But my doubts are with exchange 2003, we use a single exchange organization, connected through routing groups connectors, all exchange servers are exchange 2003 servers running in all the 10 domains, except for the domain1 (forest root), which has no exchange or users on it, i need advice on how to cleanup my active directory and exchange after the split, in order to keep unafected the email flow to the other domains, which of course should be contacted as external e-mail domains by my exchange server, instead of intra-organization domains, i wonder if after the cleanup of the rest of orphaned domains it's enough, please giveme some advice on which steps to follow, or if you have some better strategies, of course or main concern is to minimize impact on the users, feel free to ask any other tech details.
thanks in advance for your feedback
ASKER
mhhhh, yes, in fact, we have planned that as phase 2, mainly because the small time frame available, (2 weeks from now), and other technical issues
thanks
thanks
ASKER
BTW we have just one exchange server on our domain, and 3 DC's.
Renaming the domain is very sensitive issue, and will not sucess unless all domain controllers are updated and information uploaded successfuly
i documented the process hereL
http://www.outlookexchange.com/articles/mahmoudmagdy/default.asp
so i don't recommend going with your approch.
i documented the process hereL
http://www.outlookexchange.com/articles/mahmoudmagdy/default.asp
so i don't recommend going with your approch.
ASKER
sorry, we are not planning any domain renaming, just want to use or own domain with no changes, and reroute email correctly
please ask any question if needed
I know that you want to use ur own domain, but how you are going to do that?
the first step you want to aid is how to seperate ur self from HQ, this could be done using domain renaming to any name , create a seperate forest then migrate the old data to it.
if you want you can export Exchange Databse to exmerge, build the new forest, import tha data, then let the help desk join the new domain
the first step you want to aid is how to seperate ur self from HQ, this could be done using domain renaming to any name , create a seperate forest then migrate the old data to it.
if you want you can export Exchange Databse to exmerge, build the new forest, import tha data, then let the help desk join the new domain
ASKER
Our AD is as follows
Forest
FirstDomain
OurDomain
(and of course the rest of domains)
We already have a domain controller of the FirstDomain running and up to date in our computer center
And of course we have or own domain's DC's in our computer center
so..., i'm asumming that after we shutdown the wan link to the HQ, i just need to seize the fsmo roles of our DC of FirstDomain, do some cleanup of the references to the others domains (ntdsutil), and delete exchange connectors, am i missing some thing important?, thanks for help me.
there is no scenrio here for a rename that i can see.....if you want to remove your company that has been sold, then simply demote that domain out of the forest and then rebuild a new one....if the dcpromo process run cleanly then all you will have to do is check that all trust relationships have been cleared, remove anything from sites and services and DNS and you should be fine
fizzeriano
it seems correct. if you did the cleanup then you are safe
jay jay i don't agree with you because he needs to reserve old data,users and exchange environment
it seems correct. if you did the cleanup then you are safe
jay jay i don't agree with you because he needs to reserve old data,users and exchange environment
ASKER
We need to keep or actual domain, because we have worst problems with our ERP if we do changes to our domain...
ASKER
I already know how to cleanup the orphaned domains, but my question is really oriented to the exchange part, i dont know if after the removal of sites and orphaned domains with ntdsutil, my exchange server will route correctly the email to the other domains using external dns information..., instead of trying to find the dead servers or domains.
thanks busbar.
yes it will
a rename is never a good idea. The rename process is terrible and it fails time and time again. What i would do
Disconnect your Domain. Seize the FSMO roles so that your standalone domain now exists 100% on its own. run ntdsutil and cleanup AD. Reinstall exchange
Disconnect your Domain. Seize the FSMO roles so that your standalone domain now exists 100% on its own. run ntdsutil and cleanup AD. Reinstall exchange
ASKER
Jay Jay
are there any specific issues regarding the exchange reinstall?
ASKER
i did the wrong question to jay jay
basically i want to have more information on your reasons to reinstall exchange
i do no beleive that your current exchange install will work as Busbar claims. you are slamming yoru domain right down the middle...unless you are an exchange guru then i would look at reinstallting and recreating everything that exchange does.
mmmm
i have cleaned several domains before, some with more than 20 domain.
i believe that exchange will work as you will not touch any thing related to it as long that u still has dc/gc
if u have other exchanhge server u might want to remove them from adsiedit and that is it
i have cleaned several domains before, some with more than 20 domain.
i believe that exchange will work as you will not touch any thing related to it as long that u still has dc/gc
if u have other exchanhge server u might want to remove them from adsiedit and that is it
ASKER
Jay jay, make sense your point, i have some experiencie with exchange, as far as i have read on the documentation the critic part is in the exchange 2003 message categorizer, this clasify the incoming message as local or external, and sends the external to the right queue smtp or x.400/rpc for the same-organization domains (of course is not as simple as i mentioned here) , so my logic is: if the message categorizer can't find data regarding the other domains it will send the message to smtp queue to the internet, i'm asumming that all the other's domain data is just stored in the active directory/global catalog, if this asumptions are correct, i should have problems, but..., if exchange is storing routing infomation in other hard to find places then, the best way is to reinstall the exchange, as you say, i will wait a little to hear about this issue before closing the question
thanks
ASKER
if this asumptions are correct, i should have NOT problems,
sorry i forgot to type "NO" in the sentence
i hope not to cause confusion
;-)
sorry i forgot to type "NO" in the sentence
i hope not to cause confusion
;-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
here is what i reaad
Exchange Server 2003 Message Handling
http://technet.microsoft.com/en-us/library/aa996384.aspx
Exchange Server 2003 Message Routing
http://technet.microsoft.com/en-us/library/aa998800.aspx
Exchange Server 2003 Message Handling
http://technet.microsoft.com/en-us/library/aa996384.aspx
Exchange Server 2003 Message Routing
http://technet.microsoft.com/en-us/library/aa998800.aspx
do you have child domains with exchange at each site? just want to clarify
ASKER
Busbar
It's the same idea i have, have you ever tryied this?, sorry if i ask that, it's not unnecesary or bad ass question, just want to understand better your position and experiencie regarding this
By the other way, Jay Jay, i also understand your part, i have 14 years working with M$ crap servers, and i know that reinstall is the safest path, i just want to explore the alternate path, and of course i prefer 2 hours in ntdsutil than twelve hours customizing my "undocumented" exchange setup, and reinstalling the extra third party software.
ASKER
Jay Jay
no, not child domains, nor other resources using trust relations.
no, not child domains, nor other resources using trust relations.
fair enough and i can understand that my friend....i just dont want to see your domain blow up!
ASKER
Extra info:
This exchanges and domain controllers where installed from scratch 3 year ago, so i have no trash or unwanted data from other exchange versions or orphaned objects or acounts from the old nt 4 domains.
No x.400 connectors, no extra gateways, no notes, ..
just one mailbox store, 8gb, so i cand do an exmerge before, just in case..., and take system state fo the exchange and the other 2 dc's
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
many thanks to Busbar and Jayjay for sharing this experience, it was a pleasure. I will split the points.
cheers to you both :) Good luck mate!
Don't worry fizzeriano, I did it, and check my profile if you want to know more abut me ;)
ASKER
Just want to comment, i executed the plan, seize the fsmo on the root domain, cleanup data with ntdsutil, and remove orphaned sites in exchange with adsiedit, everything went ok. ;-)
i was in a similar postion with the MCS, and we decided that we will build a New domain with the original name, rename the old domain them migrate the users, other wise i think that your approch will get a hell of bad issues