Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Infrastructure migration to a new Domain. Joining TS and SQL

Posted on 2007-03-31
Last Modified: 2008-02-01
I need some expert help with some Infrastructure migration.

I have a client that refuses to spend money on there Network. They have a Break/Fix mind set. The only time they spend money on there network is when it breaks and production stops. That mind set has led to a Patch work style network held together with gum, and super glue. 

Well something has broken, and now they need to fix it. I want to use this opportunity to improve there Network Infrastructure as much as possible.

Here is what they currently have.


•  Win03 server. Function: Exchange03, File Server, Domain Controller, FSMO holder.   This is the only server in this domain.  


•  Win2K server. Function: Terminal server, Domain Controller
•  Win2K server. Function: Domain controller, FSMO holder, This is where a Trust Relationship is setup In-between the 2 domains.
•  Win03 server. Function: Member server running SQL only. All the workstations (and terminal server) have a MAS500 client software installed.

I want to get all the servers on to one Domain and dissolve the other domain. All of the workstations are joined to DOMAIN1. They have there computers and desktops setup how they want it.

The Terminal server is broken and needs to be rebuilt from scratch. The SAGE (MAS500) software people have convinced my client that it’s not there software that is broken, and that the Terminal server needs to be rebuilt. I don’t fully agree with this, but the decision has been made and Ill use this opportunity to upgrade them to Win03 with the proper TS CAL’s.

Please critique my migration plan.
•  On DOMAIN2 win2K Terminal Server: make this the FSMO holder. Setup a trust relationship in-between the 2 domains from here.
•  Take the second Win2K server offline, format, install Win03, Join to DOMAIN1, configure as a New Terminal Server.
•  Join SQL to the other domain
•  Point the Firewall to the New Win03 Terminal Server.
•  At this point The old Win2K terminal server will be the only server in DOMAIN2. Run DCpromo and dissolve this domain completely.

I know nothing about SQL. What risks are there in joining the SQL server to another domain? It will change the name of the server ( from sql.company.local to sql.BlaBlacompany.local) what impact will that have.  Will that affect the MAS500 clients?

I know this may have been long but I wanted to be through.
Thank you for any help you can offer.
Question by:Mrstrike
  • 2
LVL 29

Accepted Solution

Alan Huseyin Kayahan earned 500 total points
ID: 18829724
            Hey Chad
                There is no risk at all for joining SQL server to another domain or even not joining it into domain your software running in both server and clients doesn't use the the full computer name for connectivity. I once falled in to that situation and since then, i am using only the computername SQLSRV while locating sql server.
                I am not used to MAS5000 but the worst scenario you would face is locating sql server as in it's new path in every client. If that software has to map a folder in sql server, then you will have to re-create these maps. Also if this software has outputs to some MSexcel or MSaccess files, then you will encounter some ODBC errors, which would be fixed by relocating sql server with its new name.
              If you ask my opinion, it is much easier to dissolve DOMAIN1. By using ADMT (Active Directory Migration Tool) you would transfer users and policies easily. And I don't recommend TS to hold the FSMOs, it is even not a good idea to keep TS as a DC. Uninstall TS from server in DOMAIN2 (w2k), after migration operation, join the server of DOMAIN1 to DOMAIN2. And install TS and reconfigure Exchange.
              If you decide to use TS as DC, apply restriction policies to TS users, which is still may be risky.

Author Comment

ID: 18832186
Thank you Mr Husy.
ok I will call SAGE software (MAS500 creators) to triple check joining the SQL server to another domain.

"If you ask my opinion, it is much easier to dissolve DOMAIN1. By using ADMT (Active Directory Migration Tool) you would transfer users and policies easily"

you are not the first person to say that. However If I dissolve DOMAIN1 I will have to rejoin 50+ workstations to DOMAIN2.  While I have seen a few handy scripts, the biggest drawback will be the client perception.  They will loose all the stuff on there desktop, unless I run a FAST (Files and Settings Transfer Wizard) and that will take 3 hours per machine. In there minds they are thinking "My computer works fine, why are you messing with it?"
... unless there you know of an script that will keep the desktop the same? (but that will be a different thread :-) )

"And I don't recommend TS to hold the FSMOs, it is even not a good idea to keep TS as a DC"

I wholeheartedly agree. However the TS is already a DC (before my time). My plan to have the current old TS as a DC and holding the FSMO's would be only for 48 hours or so.

My intention is not to challenge your advice, if there is a flaw in my thinking PLEASE poke holes in it. I have no ego to bruise.

LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18832431
        Hi Chad,
           Following question perfectly fits your issue and explains what i meant by using ADMT. You don't have to rejoin the clients :).
Objective: Managing and Maintaining an Active Directory Infrastructure
SubObjective : Manage an Active Directory Forest and Domain Structure
Single Answer Multiple Choice

You are the network administrator for Cliner Gattam International (CGI). The company's logical network design consists of a single Active Directory domain named cgi.com. CGI has five offices. An Active Directory site is created for each location. All servers run Windows Server 2003, and all client computers run Windows XP Professional.

CGI has recently merged with Smithfield Manufacturing (SFM). The company's logical network design consists of a single Active Directory domain named sfmanu.com.

SFM has 1000 employees at one manufacturing plant. These employees must have user accounts in cgi.com and be able to authenticate and access resources on the cgi.com network. You will be deploying cgi.com domain controllers at the SFM site. All client computers in this location will join the domain. The site administrator provides you with a comma-delimited file containing user object information from sfmanu.com. You plan to import this data to Active Directory using the csvde utility.

SFM users must maintain their existing e-mail identities (user@sfmanu.com). However, you have been instructed maintain a single Active Directory domain. You must be able to import this data while allowing the new users to maintain their existing e-mail identities.

What should you do?

A. Create a one-way forest trust using Netdom in which cgi.com trusts sfmanu.com.
B. Create a one-way forest trust using Netdom in which sfmanu.com trusts cgi.com.
C. Create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.
D. Migrate the user accounts from sfmanu.com to cgi.com using the Active Directory Migration Tool (ADMT).

C. Create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.

You should create a UPN suffix named sfmanu.com using Active Directory Domains and Trusts.

To import the text file from sfmanu.com, you must use Active Directory Domains and Trusts to create a UPN suffix named sfmanu.com. The comma-delimited text file will be exported from sfmanu.com using the user principal name as user@sfmanu.com. Creating a matching UPN suffix will allow the text file to be imported using the csvde utility. This action will meet the requirement to allow users to retain their Smithfield Manufacturing identities.

The user principal name (UPN) suffix is the part of the UPN to the right of the @ character. By default, the UPN suffix for a user account is the DNS domain name of the domain that contains the user account. You can add alternative UPN suffixes to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is applicable within the Active Directory forest, but is not required to be a valid DNS domain name.

You should not create a one-way forest trust relationship in either direction. Because the migration is being performed by importing from a text file, a trust relationship is not necessary. Trust relationships are required when you are migrating objects from one forest to another using a migration tool, such as ClonePrincipal.

You should not migrate the user accounts from sfmanu.com to cgi.com using the Active Directory Migration Tool (ADMT). The Active Directory Migration Tool (ADMT) is used to perform intraforest or interforest object migrations. However, ADMT cannot be used to import objects from comma-delimited files.

1. Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure - Module 4: Implementing User, Group, and Computer Accounts
- Lesson: Implementing User Principal Name Suffixes - All

2. Windows Server 2003 Help - Search
- To add user principal name suffixes


Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question