Solved

Joining two Active Directory Sites together

Posted on 2008-06-10
13
1,166 Views
Last Modified: 2013-12-02
My company has one AD site containing one domain.  Recently we have taken over another site in another state using Active Directory.  I am trying to develop a plan of sorts to merge the two AD site together.  Is there any guide that I can use that will give an idea on to get started joining the two domains.
What items should I be looking for.  I am thinking the two will need to have a trust between them but our company will be responsible for their mail also.
0
Comment
Question by:hgarciatx
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21755825
You can't actually merge the domains, but you can indeed create a trust between them. http://technet2.microsoft.com/windowsserver/en/library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx?mfr=true
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755948
you might want to consider a complete migration into your current domain....
http://www.block.net.au/help/ad-architecture/

You can use ADMT to get the migration kicked off if thats the path you choose
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21757969
As KCTS has suggested, creating a trust between the domains will allow you to share resources between the two systems, and if sufficient permissions have been created will allow administration of the two domains and is standard practice.

As Jay Jay70 suggests if you then want to have one domain you will have to move the accounts from one of the domains in to the other domain. Using the Active Directory Migration Tool (ADMT) free from Microsoft allows you to move accounts from a source domain to another domain an maintain the settings ans security, it can also migrate the computer accounts so that the profiles are maintained.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:hgarciatx
ID: 21760865
Can I have pros and cons of migration as opposed to trust.
0
 

Author Comment

by:hgarciatx
ID: 21760890
Another question:  How will trust handle the exchange servers if we are going to be responsible for their email domain.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761011
The link from Jay_Jay70 should answer your questions:
http://www.block.net.au/help/ad-architecture/

In a nutshell, implementing the trusts allows you to access data in both domains (once you grant security), you will also be able to manage both domains. It is a quick and easy way to to link the two systems but they are still two different management entities.

If you migrate the two in to one you will have one AD structure, Domain policy etc as per the article mentioned but there is obviusly a lot of work in the migration.

You will have access to thie e-mail servers to manage them over the trust but as they are in two seperate forests you will have to manage them independantly (until you migrate in to one (if required))
0
 

Author Comment

by:hgarciatx
ID: 21761111
so basically if I go with a Trust between sites, I will still have two separate Exchange Org.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761225
Yes, you will have to migrate the mailboxes from the other Org in to the new Org to have them under one Organisation for management purposes. They can co-exist quite happily until you can merge (migrate) the two
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764646
pros of trusts - quick and easy to setup from an AD point of view
cons - migration of mailboxes and segmentation of exchange....

Pro's of Single Migration (all in my article) but in a nutshell, its one centrally managed solution - much nicer to work with
Con's - Migration time can be a killer, its a lot of work, however, its well worth it - i go the migration path almost every time
0
 

Author Comment

by:hgarciatx
ID: 21765028
If eventually the company were to get rid of the added site will it make sense just to stick to trust even it is for a year?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21765055
yes, deffinitely, if the company is going to sell it off, then a trusted domain is the way to go
0
 

Author Comment

by:hgarciatx
ID: 21774250
If I go with a single AD, what effects can I expect with replication over to the other site in the other state.  Will the other site need to be a child domain or since it will be a single AD, I will need just another Domain controller being replicated back to the other site.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 21774744
just another DC - if you have VPN between the two, then the actual replication traffic is pretty small

If you are going to sell though, i wouldnt integrate it - you will just be doubling up - if you arent going to sell, go the single Domain path
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question