Solved

Joining two Active Directory Sites together

Posted on 2008-06-10
13
1,164 Views
Last Modified: 2013-12-02
My company has one AD site containing one domain.  Recently we have taken over another site in another state using Active Directory.  I am trying to develop a plan of sorts to merge the two AD site together.  Is there any guide that I can use that will give an idea on to get started joining the two domains.
What items should I be looking for.  I am thinking the two will need to have a trust between them but our company will be responsible for their mail also.
0
Comment
Question by:hgarciatx
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21755825
You can't actually merge the domains, but you can indeed create a trust between them. http://technet2.microsoft.com/windowsserver/en/library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx?mfr=true
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755948
you might want to consider a complete migration into your current domain....
http://www.block.net.au/help/ad-architecture/

You can use ADMT to get the migration kicked off if thats the path you choose
http://www.microsoft.com/downloads/details.aspx?FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212&displaylang=en
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21757969
As KCTS has suggested, creating a trust between the domains will allow you to share resources between the two systems, and if sufficient permissions have been created will allow administration of the two domains and is standard practice.

As Jay Jay70 suggests if you then want to have one domain you will have to move the accounts from one of the domains in to the other domain. Using the Active Directory Migration Tool (ADMT) free from Microsoft allows you to move accounts from a source domain to another domain an maintain the settings ans security, it can also migrate the computer accounts so that the profiles are maintained.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:hgarciatx
ID: 21760865
Can I have pros and cons of migration as opposed to trust.
0
 

Author Comment

by:hgarciatx
ID: 21760890
Another question:  How will trust handle the exchange servers if we are going to be responsible for their email domain.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761011
The link from Jay_Jay70 should answer your questions:
http://www.block.net.au/help/ad-architecture/

In a nutshell, implementing the trusts allows you to access data in both domains (once you grant security), you will also be able to manage both domains. It is a quick and easy way to to link the two systems but they are still two different management entities.

If you migrate the two in to one you will have one AD structure, Domain policy etc as per the article mentioned but there is obviusly a lot of work in the migration.

You will have access to thie e-mail servers to manage them over the trust but as they are in two seperate forests you will have to manage them independantly (until you migrate in to one (if required))
0
 

Author Comment

by:hgarciatx
ID: 21761111
so basically if I go with a Trust between sites, I will still have two separate Exchange Org.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 21761225
Yes, you will have to migrate the mailboxes from the other Org in to the new Org to have them under one Organisation for management purposes. They can co-exist quite happily until you can merge (migrate) the two
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21764646
pros of trusts - quick and easy to setup from an AD point of view
cons - migration of mailboxes and segmentation of exchange....

Pro's of Single Migration (all in my article) but in a nutshell, its one centrally managed solution - much nicer to work with
Con's - Migration time can be a killer, its a lot of work, however, its well worth it - i go the migration path almost every time
0
 

Author Comment

by:hgarciatx
ID: 21765028
If eventually the company were to get rid of the added site will it make sense just to stick to trust even it is for a year?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21765055
yes, deffinitely, if the company is going to sell it off, then a trusted domain is the way to go
0
 

Author Comment

by:hgarciatx
ID: 21774250
If I go with a single AD, what effects can I expect with replication over to the other site in the other state.  Will the other site need to be a child domain or since it will be a single AD, I will need just another Domain controller being replicated back to the other site.
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 21774744
just another DC - if you have VPN between the two, then the actual replication traffic is pretty small

If you are going to sell though, i wouldnt integrate it - you will just be doubling up - if you arent going to sell, go the single Domain path
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question