Link to home
Start Free TrialLog in
Avatar of ittechdarren

asked on

2 Companies Merging with 2 Domains, many questions.

Here is the scenario: We are a large company that is merging with a humungous company. We are lucky in the aspect that all of my facilities are running off of VLANS from the company that bought us. They use an IP scheme of 10.10.XX.XX, I am using the infastructure of 10.80.XX.XX, I have several VLANS with this company (152 - 153 - 200 -201- 228). We are running 2 seperate Domains, for example purpose I will be Domain A (10.80.XX.XX) and they are Domain B (10.10.XX.XX). I am running 32 Servers and 220 Desktops. They are running 100's of servers and thousands of Desktops. I know the correct thing to do is just bite the bullet and configure all Desktops and servers for there Domain. Its not quite that simple. We are going to do this over time. But here are some of my questions. 1.) I have an exchange server and they have an exchange server. We are all going to be getting new email addresses with Domain B. I have TRIED, talking them into setting up a domain trust between the 2 domains. For some reason they are not for this. I need to #1 have all email from what is going to be the domain that is going away (eventually) forwarded to the new Exchange server accounts. I also need to know the best way to configure the clients for there new Domain B without having to authenticate every time they open up Outlook. Here is Question #2) We are currently using a VPN connection to access some of there programs, when the VPN connects it gives an IP of (of course) 10.10.**.**, once again we are a 10.80.**.**, when the VPN connects needless to say we loose connectivity to all of our network resources on our domain. This is not acceptable. Can they not create a route in there PIX to route certain users that connect to 10.80 and still have access to 10.10? we also have our own current AD, most everything that we need to access can be accessed across the VPN, so is it possible to have access to both domains at the same time? If I am missing something really simple please let me know. I know running 2 domains is not always the easiest, especially when they are this large. give me all of your ideas. Even if it means creating a domain trust. Please let me know, I am in a hurry for this info. So I appreciate all input. Thanks
Avatar of dave4dl

build a script to transfer all the computers to the new domain

backup (from yours) and restore (to theirs) the exchange data

which vpn software are you using?  Cisco allows you to continue accessing your LAN after you connect (while accessing the private network)
Avatar of ittechdarren


Not really that simple to buld the script to change all workstations to the new domain. The migration will all come in time. If I was to build a script, basically ALL user profiles are gone when you join a new domain. I have all users My Docs synced to one of my servers for backup purposes. All servers will still be on the old domain, so I would still need to access these as well. I know with authentication you can do this, but re-authenticating gets old for users. As for the second part of your suggestion, it is a Juniper or better (neoteris). I still believe that they are going through a PIX, I could be wrong, it may be a Citrix server? To explain a little moe about the situation, in a nutshell. We are running many applications on our VLAN, and we DO have access to some of there applications through the VLAN. But they are on a Citrix server. I guess I need to know what is going to be the best way, WITHOUT joining there domain to access there 10.10 scheme? As well as the email issue. How can I configure our Outlooks to look at there server that is on a 10.10? I am sure that there can be a route set in the router cant there? Or do we need to create trust? Or can it all be set up in DNS entries?
Well if they were willing to they could punch a hole in their firewall for your network to access their computers without vpn.  If their IT is at all security conscious then they won't though.  I would say that your best option is to get accounts for all of your users on their exchange server and phase yours out.  Get all your users to store their data on the big company's servers (they have to have a file share somewhere) so they have access to those files while they are connected to the vpn.

Basically get your users to work wholly in their environment.  This of course means that your users will have to get used to connecting to vpn first thing in the morning every day.

If you have apps on your network then ship them over to the Big Company's network as soon as possible so your employees can use them there (as well as possibly the other company's employees).
Well actually as I stated earlier, I am running on a leg of there VLAN, sorry I didnt describe in better detail! Theres alot to tell. Heres a little more for you. I currently have a Internet connection with a PIX in place. I will be removing my PIX and my internet connection is going to be phased out, here in the next week or so. This menaas that my VLAN will now be fed by there backbone. So in essence I am going to be behind there firewall, just on seperate VLANS. And once again I will eventually be migrating over to there domain, but once again this will be over some time because we are so large. I have so many applications that is run from my domain. Really at this time all i need is email access to there exchange server (Preferably, without authenticating everytime), also when we need to connect the VPN that is pulling an IP of 10.10 and we are 10.80, I still need access to our network. For some strange reason the local area connection appears to no longer work after the VPN is connected. It disconnects all network drives as well as my current email.  Any suggestions there. I know the merge in inevitable. I hate that, because I am the Administrator, I am loosing my whole network to the big boys. But its gonna happen, I cant stop that. I just need some GOOD LOGICAL SOUND solutions for the time. I have a meeting tommorow with all of the administration. I need to find a way to convincec them to leave our network alone and not tear it apart, at least not right now. There is NO possible way that we can implement the domain change overnight. We have way to many applications and MANY interfaces that run in the background for data transfer from Database to Database. We need to take our time and make sure of all the interfaces and the ports that they are using, that they dont interfere with any of the larger companies applications. So in short, I need some good key talking points tommorow, and some good solutions for the new email, along with the VPN connectivity problem. I appreciate all the input.
I would try to convince them to temporarily open a few holes in their firewalls/routers between you and them.  This shouldnt be a huge issue for them (unless they dont trust your guys as much as their own) since you are all protected behind the same network and it is only temporary.  The vpn setup is possible from a network standpoint but i only have experience with windows vpn and cisco vpn client software so i dont know how to configure Juniper client (or if they even provide that possibility).  Hunt around the setting to see if anything pops out at you (or, if you have exhausted all other avenues, check the documentation).
Thanks for all the input, I have a meeting tommorow and I am just trying to throw together all the ideas that I can. I want to bombard them with information. I want them to walk away from the meeting scraatching there heads! I know that sounds bad, but no Network administrator likes loosing control of his network that he has built from the ground up. I just dont understand why we cant set up the Domain trust with Kerberos authentication. It just makes sense. Like I say, why reinvent the wheel. I dont mind going on there backbone, and I dont mind loosing my mail server, but thats it!!!! Looks like I will ride it out and see where it takes me. The bad part is all the guys who call the shots and control the network are not even in this state. There located across the country. Bigger is not better in all cases. This is one of them.
Avatar of Redwulf__53
Flag of Netherlands image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
So how did the meeting go? Did you sweep the management team off their feet? :)
Actually believe it or now, we have met severla times on this issue. I finally have the attention of the boys from out of State, the BIG meetings are today and tommorow. I was reviewing notes. I will let you know how it goes. I think they have a different agenda though!