• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

part of business sold! - disconnect domains from forest and give them new forest


I'm looking for a general approach from folks who have a similar experience.  The goal is to disconnect or de-couple two child domains and their Exchange servers from the parent corp due to selling off of the child businesses.  Let's assume 2003 AD and Exchange running native mode for domain, forest and Exchange.  The two child domains want to be rejoined to a common forest and will be considered the same business with two separate domains.  Let's assume a couple of hundred seats per domain.

What comes to mind immediately is that by disconnecting from the forest, you'll lose the forest FSMO roles.  I guess I'll need those again...  So I was thinking that I could build a new third domain and declare it the first domain in a new forest, then join the two other child domains to this new forest.  Also, since the Exchange servers weren't the first in the organization, I'll lose  the Offline Address Book folder, the Schedule+ Free Busy folder, the Events Root folder, and other folders as described in http://support.microsoft.com/kb/822931.  What to do there?

Since this scenario isn't yet in play, I'm looking more for a general "this is how I'd approach it" and "you may run into this..." sort of  reply as opposed to questions about what the specifics of the scenario are, because I don't know yet.  Your expertise is always appreciated.  Thanks!  
1 Solution
You basically have two choices:

[1] Migrate your user accounts from your existing child domain into a new domain for the "new" disconnected business.  So you would migrate your users from child1.company.com to a brand-new AD called company.com.  This is the cleanest way to divest, as the disconnected business has its own pristine AD forest that it can start from scratch and manage as it sees fit.

[2] If you can guarantee that the two company networks will be completely unconnected - no trust relationships, no site-to-site VPNs, no nothing - you can hand them two DCs, one from the parent domain and one from their child domain, that they can use to maintain child1.domain.com in-place.  You would need to do some post-divestiture cleanup as follows:

* On the "severed" root DC, reset every single user and computer password and delete any that are not required by the disconnected child domain.  (You see what I mean about these two networks needing to never talk to each other?)
* On the "severed" root and child DC, seize all 5 FSMO roles to the severed root DC, and seize all 3 FSMO roles to the severed child DC.
* On the "original" root and child domains, perform a metadata cleanup to remove your references to the severed root and child DCs.
JohnDemerjianAuthor Commented:
Thanks Laura!

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now