part of business sold! - disconnect domains from forest and give them new forest

Posted on 2007-07-30
Last Modified: 2010-04-20

I'm looking for a general approach from folks who have a similar experience.  The goal is to disconnect or de-couple two child domains and their Exchange servers from the parent corp due to selling off of the child businesses.  Let's assume 2003 AD and Exchange running native mode for domain, forest and Exchange.  The two child domains want to be rejoined to a common forest and will be considered the same business with two separate domains.  Let's assume a couple of hundred seats per domain.

What comes to mind immediately is that by disconnecting from the forest, you'll lose the forest FSMO roles.  I guess I'll need those again...  So I was thinking that I could build a new third domain and declare it the first domain in a new forest, then join the two other child domains to this new forest.  Also, since the Exchange servers weren't the first in the organization, I'll lose  the Offline Address Book folder, the Schedule+ Free Busy folder, the Events Root folder, and other folders as described in  What to do there?

Since this scenario isn't yet in play, I'm looking more for a general "this is how I'd approach it" and "you may run into this..." sort of  reply as opposed to questions about what the specifics of the scenario are, because I don't know yet.  Your expertise is always appreciated.  Thanks!  
Question by:JohnDemerjian
    LVL 30

    Accepted Solution

    You basically have two choices:

    [1] Migrate your user accounts from your existing child domain into a new domain for the "new" disconnected business.  So you would migrate your users from to a brand-new AD called  This is the cleanest way to divest, as the disconnected business has its own pristine AD forest that it can start from scratch and manage as it sees fit.

    [2] If you can guarantee that the two company networks will be completely unconnected - no trust relationships, no site-to-site VPNs, no nothing - you can hand them two DCs, one from the parent domain and one from their child domain, that they can use to maintain in-place.  You would need to do some post-divestiture cleanup as follows:

    * On the "severed" root DC, reset every single user and computer password and delete any that are not required by the disconnected child domain.  (You see what I mean about these two networks needing to never talk to each other?)
    * On the "severed" root and child DC, seize all 5 FSMO roles to the severed root DC, and seize all 3 FSMO roles to the severed child DC.
    * On the "original" root and child domains, perform a metadata cleanup to remove your references to the severed root and child DCs.
    LVL 5

    Author Comment

    Thanks Laura!

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now