part of business sold! - disconnect domains from forest and give them new forest


I'm looking for a general approach from folks who have a similar experience.  The goal is to disconnect or de-couple two child domains and their Exchange servers from the parent corp due to selling off of the child businesses.  Let's assume 2003 AD and Exchange running native mode for domain, forest and Exchange.  The two child domains want to be rejoined to a common forest and will be considered the same business with two separate domains.  Let's assume a couple of hundred seats per domain.

What comes to mind immediately is that by disconnecting from the forest, you'll lose the forest FSMO roles.  I guess I'll need those again...  So I was thinking that I could build a new third domain and declare it the first domain in a new forest, then join the two other child domains to this new forest.  Also, since the Exchange servers weren't the first in the organization, I'll lose  the Offline Address Book folder, the Schedule+ Free Busy folder, the Events Root folder, and other folders as described in  What to do there?

Since this scenario isn't yet in play, I'm looking more for a general "this is how I'd approach it" and "you may run into this..." sort of  reply as opposed to questions about what the specifics of the scenario are, because I don't know yet.  Your expertise is always appreciated.  Thanks!  
Who is Participating?
LauraEHunterMVPConnect With a Mentor Commented:
You basically have two choices:

[1] Migrate your user accounts from your existing child domain into a new domain for the "new" disconnected business.  So you would migrate your users from to a brand-new AD called  This is the cleanest way to divest, as the disconnected business has its own pristine AD forest that it can start from scratch and manage as it sees fit.

[2] If you can guarantee that the two company networks will be completely unconnected - no trust relationships, no site-to-site VPNs, no nothing - you can hand them two DCs, one from the parent domain and one from their child domain, that they can use to maintain in-place.  You would need to do some post-divestiture cleanup as follows:

* On the "severed" root DC, reset every single user and computer password and delete any that are not required by the disconnected child domain.  (You see what I mean about these two networks needing to never talk to each other?)
* On the "severed" root and child DC, seize all 5 FSMO roles to the severed root DC, and seize all 3 FSMO roles to the severed child DC.
* On the "original" root and child domains, perform a metadata cleanup to remove your references to the severed root and child DCs.
JohnDemerjianAuthor Commented:
Thanks Laura!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.