We support two companies right now that are wanting to completely separate networks. At this time we share an Active Directory domain & Exchange servers. Fortunately we have time to do this, so I want to find out the best way to do this with minimal to no down-time. Each company has about 150 people. My first thoughts are below & I was hoping that someone can give me some pointers. They're in order:
Build a new back-end Exchange server for Organization B. Also build a new front-end Exchange server & point our MX-Logic SPAM service to send all messages to that new front-end. Then, gradually start moving mailboxes from Organization A's back-end to the new Organization B Back-end. Once this move has been completed, all of the email will be separated off, then we will proceed to the Active-Directory stage.
I may be over-simplifying this, but right now all of our servers/computers are on DOMAINA...I would build up a new AD server that is the primary DC for DOMAINB, then I would establish a trust relationship between the two (how do I do that?), then I would "drag & drop" all of our groups, users, computers etc over to that domain. Then I would sever the trust & be working on my own. Questions are:
1) Can I drag & drop users/groups between trusted domains?
2) How would all of my file-permissions take it?
3) Can I just move computers in AD, or would I have to go to each computer & join them to the new domain & re-create the profiles? (any ways to do that? Organization B has 80 or so computers in the field that DO not come back in the office but once a year).
Are there any other suggestions that you can think of?