Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

Underscore in domain name, sync issues & application access & migratie to Win2008 new domain

There is an underscore in our domain name (i.e. domain_dity.org) which I believe is causing sync issues in DNS and some application access.  Plus our IP scheme is 91.0.0.0 which is a pubic IP range that belongs to some other country and is causing weird stuff to show up in DNS.  There 2 local domain controllers, 6 remote domain controllers all Win2003 Enterprise, 1 Exchange server, SQL, Oracle and a buch of other sequal apps.  I've been given the ok to upgrade to Win2008 and Exchange 2007.  I'm thinking of migrating everything to a new forest and domain (i.e domaincity.org) and a new IP scheme of 172.16.1.0/16 to 172.22.1.0/16.  I'm having a hard time figuring out where to start.  I know that I have to create a trust between the old and the new forest but how do I set up the new IP scheme and DNS so that all the users can continue access the resources while I migrate 700+ users, workstations.  I was thinking of using ADMT and the Exchange Migration Wizard.  I'm probably taking on more that I can chew but can someone help me get started?
0
cwojcicki1099
Asked:
cwojcicki1099
  • 2
  • 2
2 Solutions
 
Chris DentPowerShell DeveloperCommented:

That is quite a big project, but far from impossible.

You just need to break your plan down a bit into requirements:

1. IP Routing

In order to use both IP Ranges at the same time you need something to route between each. That device needs to be fairly capable, after all, it's going to have 700 users going through it while you shift services.

Shifting the IP range in one go, for an organisation of your size, is possible but likely to be more problematic than setting up routing.

Do you have something that can take care of routing between subnets for you?

2. Domain Trust

Once you have your routing up, establish your new domain on that range and configure a Trust with the old domain.

The default settings in MS DNS means it is happy working with underscores, you'll just get a warning about it.

To establish the trust you need to configure name resolution between domains. Conditional forwarders are ideal for this. That should be done on every DNS server used on each domain (even if the PDC Emulator is most important).

3. AD Migration

With the trust up and running a small amount of configuration will give you ADMT. I  highly recommend you disable SID filtering on the trust to allow migrated accounts access to systems using their own SID.

4. Exchange Migration

And finally :) The Exchange Migration Wizard should work well with accounts shifted using ADMT. If anything becomes a problem you, of course, still have ExMerge to fall back on.

Chris
0
 
cwojcicki1099Author Commented:
Is this the correct syntax to turn off SID filtering where the trusting domain is my old Windows 2003 that I'm migrating from and the trusted domain is the new Windows 2008 that I'm migrating to?

Netdom trust  TrustingDomainName /domain:TrustedDomainName /quarantine:No /userD:domainadministratorAcct /passwordD:domainadminpwd
0
 
Chris DentPowerShell DeveloperCommented:

Yes, that's right :)

Chris
0
 
cwojcicki1099Author Commented:
Thank you so much.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now