Solved

Joining two Active Directory Sites together

Posted on 2008-06-10
13
1,167 Views
Last Modified: 2013-12-02
My company has one AD site containing one domain.  Recently we have taken over another site in another state using Active Directory.  I am trying to develop a plan of sorts to merge the two AD site together.  Is there any guide that I can use that will give an idea on to get started joining the two domains.
What items should I be looking for.  I am thinking the two will need to have a trust between them but our company will be responsible for their mail also.
0
Comment
Question by:hgarciatx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21755825
You can't actually merge the domains, but you can indeed create a trust between them. http://technet2.microsoft.com/windowsserver/en/library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx?mfr=true
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755948
you might want to consider a complete migration into your current domain....
http://www.block.net.au/help/ad-architecture/

You can use ADMT to get the migration kicked off if thats the path you choose
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21757969
As KCTS has suggested, creating a trust between the domains will allow you to share resources between the two systems, and if sufficient permissions have been created will allow administration of the two domains and is standard practice.

As Jay Jay70 suggests if you then want to have one domain you will have to move the accounts from one of the domains in to the other domain. Using the Active Directory Migration Tool (ADMT) free from Microsoft allows you to move accounts from a source domain to another domain an maintain the settings ans security, it can also migrate the computer accounts so that the profiles are maintained.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:hgarciatx
ID: 21760865
Can I have pros and cons of migration as opposed to trust.
0
 

Author Comment

by:hgarciatx
ID: 21760890
Another question:  How will trust handle the exchange servers if we are going to be responsible for their email domain.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761011
The link from Jay_Jay70 should answer your questions:
http://www.block.net.au/help/ad-architecture/

In a nutshell, implementing the trusts allows you to access data in both domains (once you grant security), you will also be able to manage both domains. It is a quick and easy way to to link the two systems but they are still two different management entities.

If you migrate the two in to one you will have one AD structure, Domain policy etc as per the article mentioned but there is obviusly a lot of work in the migration.

You will have access to thie e-mail servers to manage them over the trust but as they are in two seperate forests you will have to manage them independantly (until you migrate in to one (if required))
0
 

Author Comment

by:hgarciatx
ID: 21761111
so basically if I go with a Trust between sites, I will still have two separate Exchange Org.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761225
Yes, you will have to migrate the mailboxes from the other Org in to the new Org to have them under one Organisation for management purposes. They can co-exist quite happily until you can merge (migrate) the two
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764646
pros of trusts - quick and easy to setup from an AD point of view
cons - migration of mailboxes and segmentation of exchange....

Pro's of Single Migration (all in my article) but in a nutshell, its one centrally managed solution - much nicer to work with
Con's - Migration time can be a killer, its a lot of work, however, its well worth it - i go the migration path almost every time
0
 

Author Comment

by:hgarciatx
ID: 21765028
If eventually the company were to get rid of the added site will it make sense just to stick to trust even it is for a year?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21765055
yes, deffinitely, if the company is going to sell it off, then a trusted domain is the way to go
0
 

Author Comment

by:hgarciatx
ID: 21774250
If I go with a single AD, what effects can I expect with replication over to the other site in the other state.  Will the other site need to be a child domain or since it will be a single AD, I will need just another Domain controller being replicated back to the other site.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 21774744
just another DC - if you have VPN between the two, then the actual replication traffic is pretty small

If you are going to sell though, i wouldnt integrate it - you will just be doubling up - if you arent going to sell, go the single Domain path
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question