Solved

Infrastructure migration to a new Domain. Joining TS and SQL

Posted on 2007-03-31
3
469 Views
Last Modified: 2008-02-01
I need some expert help with some Infrastructure migration.

I have a client that refuses to spend money on there Network. They have a Break/Fix mind set. The only time they spend money on there network is when it breaks and production stops. That mind set has led to a Patch work style network held together with gum, and super glue. 

Well something has broken, and now they need to fix it. I want to use this opportunity to improve there Network Infrastructure as much as possible.

Here is what they currently have.

DOMAIN 1
BlaBlacompany.local

•  Win03 server. Function: Exchange03, File Server, Domain Controller, FSMO holder.   This is the only server in this domain.  

DOMAIN2
Company.local

•  Win2K server. Function: Terminal server, Domain Controller
•  Win2K server. Function: Domain controller, FSMO holder, This is where a Trust Relationship is setup In-between the 2 domains.
•  Win03 server. Function: Member server running SQL only. All the workstations (and terminal server) have a MAS500 client software installed.

GOALS
I want to get all the servers on to one Domain and dissolve the other domain. All of the workstations are joined to DOMAIN1. They have there computers and desktops setup how they want it.

SENARO
The Terminal server is broken and needs to be rebuilt from scratch. The SAGE (MAS500) software people have convinced my client that it’s not there software that is broken, and that the Terminal server needs to be rebuilt. I don’t fully agree with this, but the decision has been made and Ill use this opportunity to upgrade them to Win03 with the proper TS CAL’s.

MIGRATION PLAN
Please critique my migration plan.
•  On DOMAIN2 win2K Terminal Server: make this the FSMO holder. Setup a trust relationship in-between the 2 domains from here.
•  Take the second Win2K server offline, format, install Win03, Join to DOMAIN1, configure as a New Terminal Server.
•  Join SQL to the other domain
•  Point the Firewall to the New Win03 Terminal Server.
•  At this point The old Win2K terminal server will be the only server in DOMAIN2. Run DCpromo and dissolve this domain completely.

QUESTION
I know nothing about SQL. What risks are there in joining the SQL server to another domain? It will change the name of the server ( from sql.company.local to sql.BlaBlacompany.local) what impact will that have.  Will that affect the MAS500 clients?

I know this may have been long but I wanted to be through.
Thank you for any help you can offer.
Chad
0
Comment
Question by:Mrstrike
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
Comment Utility
            Hey Chad
                There is no risk at all for joining SQL server to another domain or even not joining it into domain your software running in both server and clients doesn't use the the full computer name for connectivity. I once falled in to that situation and since then, i am using only the computername SQLSRV while locating sql server.
                I am not used to MAS5000 but the worst scenario you would face is locating sql server as in it's new path in every client. If that software has to map a folder in sql server, then you will have to re-create these maps. Also if this software has outputs to some MSexcel or MSaccess files, then you will encounter some ODBC errors, which would be fixed by relocating sql server with its new name.
              If you ask my opinion, it is much easier to dissolve DOMAIN1. By using ADMT (Active Directory Migration Tool) you would transfer users and policies easily. And I don't recommend TS to hold the FSMOs, it is even not a good idea to keep TS as a DC. Uninstall TS from server in DOMAIN2 (w2k), after migration operation, join the server of DOMAIN1 to DOMAIN2. And install TS and reconfigure Exchange.
              If you decide to use TS as DC, apply restriction policies to TS users, which is still may be risky.
               
0
 

Author Comment

by:Mrstrike
Comment Utility
Thank you Mr Husy.
ok I will call SAGE software (MAS500 creators) to triple check joining the SQL server to another domain.

"If you ask my opinion, it is much easier to dissolve DOMAIN1. By using ADMT (Active Directory Migration Tool) you would transfer users and policies easily"

you are not the first person to say that. However If I dissolve DOMAIN1 I will have to rejoin 50+ workstations to DOMAIN2.  While I have seen a few handy scripts, the biggest drawback will be the client perception.  They will loose all the stuff on there desktop, unless I run a FAST (Files and Settings Transfer Wizard) and that will take 3 hours per machine. In there minds they are thinking "My computer works fine, why are you messing with it?"
... unless there you know of an script that will keep the desktop the same? (but that will be a different thread :-) )

"And I don't recommend TS to hold the FSMOs, it is even not a good idea to keep TS as a DC"

I wholeheartedly agree. However the TS is already a DC (before my time). My plan to have the current old TS as a DC and holding the FSMO's would be only for 48 hours or so.

My intention is not to challenge your advice, if there is a flaw in my thinking PLEASE poke holes in it. I have no ego to bruise.
cheers
chad


 
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
Comment Utility
        Hi Chad,
           Following question perfectly fits your issue and explains what i meant by using ADMT. You don't have to rejoin the clients :).
 
Objective: Managing and Maintaining an Active Directory Infrastructure
SubObjective : Manage an Active Directory Forest and Domain Structure
Single Answer Multiple Choice

You are the network administrator for Cliner Gattam International (CGI). The company's logical network design consists of a single Active Directory domain named cgi.com. CGI has five offices. An Active Directory site is created for each location. All servers run Windows Server 2003, and all client computers run Windows XP Professional.

CGI has recently merged with Smithfield Manufacturing (SFM). The company's logical network design consists of a single Active Directory domain named sfmanu.com.

SFM has 1000 employees at one manufacturing plant. These employees must have user accounts in cgi.com and be able to authenticate and access resources on the cgi.com network. You will be deploying cgi.com domain controllers at the SFM site. All client computers in this location will join the domain. The site administrator provides you with a comma-delimited file containing user object information from sfmanu.com. You plan to import this data to Active Directory using the csvde utility.

SFM users must maintain their existing e-mail identities (user@sfmanu.com). However, you have been instructed maintain a single Active Directory domain. You must be able to import this data while allowing the new users to maintain their existing e-mail identities.

What should you do?

A. Create a one-way forest trust using Netdom in which cgi.com trusts sfmanu.com.
B. Create a one-way forest trust using Netdom in which sfmanu.com trusts cgi.com.
C. Create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.
D. Migrate the user accounts from sfmanu.com to cgi.com using the Active Directory Migration Tool (ADMT).


Answer:
C. Create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.

Tutorial:
You should create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.

To import the text file from sfmanu.com, you must use Active Directory Domains and Trusts to create a UPN suffix named sfmanu.com. The comma-delimited text file will be exported from sfmanu.com using the user principal name as user@sfmanu.com. Creating a matching UPN suffix will allow the text file to be imported using the csvde utility. This action will meet the requirement to allow users to retain their Smithfield Manufacturing identities.

The user principal name (UPN) suffix is the part of the UPN to the right of the @ character. By default, the UPN suffix for a user account is the DNS domain name of the domain that contains the user account. You can add alternative UPN suffixes to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is applicable within the Active Directory forest, but is not required to be a valid DNS domain name.

You should not create a one-way forest trust relationship in either direction. Because the migration is being performed by importing from a text file, a trust relationship is not necessary. Trust relationships are required when you are migrating objects from one forest to another using a migration tool, such as ClonePrincipal.

You should not migrate the user accounts from sfmanu.com to cgi.com using the Active Directory Migration Tool (ADMT). The Active Directory Migration Tool (ADMT) is used to perform intraforest or interforest object migrations. However, ADMT cannot be used to import objects from comma-delimited files.

Reference:
1. Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure - Module 4: Implementing User, Group, and Computer Accounts
- Lesson: Implementing User Principal Name Suffixes - All

2. Windows Server 2003 Help - Search
- To add user principal name suffixes


0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now