Solved

Joining two Active Directory Sites together

Posted on 2008-06-10
13
1,162 Views
Last Modified: 2013-12-02
My company has one AD site containing one domain.  Recently we have taken over another site in another state using Active Directory.  I am trying to develop a plan of sorts to merge the two AD site together.  Is there any guide that I can use that will give an idea on to get started joining the two domains.
What items should I be looking for.  I am thinking the two will need to have a trust between them but our company will be responsible for their mail also.
0
Comment
Question by:hgarciatx
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
You can't actually merge the domains, but you can indeed create a trust between them. http://technet2.microsoft.com/windowsserver/en/library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx?mfr=true
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
you might want to consider a complete migration into your current domain....
http://www.block.net.au/help/ad-architecture/

You can use ADMT to get the migration kicked off if thats the path you choose
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
As KCTS has suggested, creating a trust between the domains will allow you to share resources between the two systems, and if sufficient permissions have been created will allow administration of the two domains and is standard practice.

As Jay Jay70 suggests if you then want to have one domain you will have to move the accounts from one of the domains in to the other domain. Using the Active Directory Migration Tool (ADMT) free from Microsoft allows you to move accounts from a source domain to another domain an maintain the settings ans security, it can also migrate the computer accounts so that the profiles are maintained.
0
 

Author Comment

by:hgarciatx
Comment Utility
Can I have pros and cons of migration as opposed to trust.
0
 

Author Comment

by:hgarciatx
Comment Utility
Another question:  How will trust handle the exchange servers if we are going to be responsible for their email domain.
0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
The link from Jay_Jay70 should answer your questions:
http://www.block.net.au/help/ad-architecture/

In a nutshell, implementing the trusts allows you to access data in both domains (once you grant security), you will also be able to manage both domains. It is a quick and easy way to to link the two systems but they are still two different management entities.

If you migrate the two in to one you will have one AD structure, Domain policy etc as per the article mentioned but there is obviusly a lot of work in the migration.

You will have access to thie e-mail servers to manage them over the trust but as they are in two seperate forests you will have to manage them independantly (until you migrate in to one (if required))
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 

Author Comment

by:hgarciatx
Comment Utility
so basically if I go with a Trust between sites, I will still have two separate Exchange Org.
0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
Yes, you will have to migrate the mailboxes from the other Org in to the new Org to have them under one Organisation for management purposes. They can co-exist quite happily until you can merge (migrate) the two
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
pros of trusts - quick and easy to setup from an AD point of view
cons - migration of mailboxes and segmentation of exchange....

Pro's of Single Migration (all in my article) but in a nutshell, its one centrally managed solution - much nicer to work with
Con's - Migration time can be a killer, its a lot of work, however, its well worth it - i go the migration path almost every time
0
 

Author Comment

by:hgarciatx
Comment Utility
If eventually the company were to get rid of the added site will it make sense just to stick to trust even it is for a year?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
yes, deffinitely, if the company is going to sell it off, then a trusted domain is the way to go
0
 

Author Comment

by:hgarciatx
Comment Utility
If I go with a single AD, what effects can I expect with replication over to the other site in the other state.  Will the other site need to be a child domain or since it will be a single AD, I will need just another Domain controller being replicated back to the other site.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
Comment Utility
just another DC - if you have VPN between the two, then the actual replication traffic is pretty small

If you are going to sell though, i wouldnt integrate it - you will just be doubling up - if you arent going to sell, go the single Domain path
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Have you ever stumbled upon a software that is so great that you just love? It happened to me. Love at first sight. Filezilla Server.   Ok its not the most advanced ftp server I've came across. But its a fairly simple piece of software to get the …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now