Domain Restructuring

Posted on 2008-11-07
Last Modified: 2013-12-05
We recently took over IT support roles for a local bank.  The bank has 6 branches and roughly 120 PCs.  Originally, when the networks were setup, there was no inter-branch communication.  BranchA could not talk to BranchB, etc.  As such, there was separate domains setup at each location.  From a management standpoint, this is a nightmare.  Everything that has to be done, has to be done 6 times.  Group policy changes, security changes, WSUS installations, MBSA Scans, etc.  

Now they have a VPN between all locations.  I am trying to figure out the best way to switch their domains around.  The main branch we'll call BranchA has the most PCs and Uppermanagement personnel.  The other branches have basic bank operations, tellers, csrs, etc.  4 of the branch servers are running Windows Server 2003, 2 are running Windows 2000 Server.

At first I was thinking of connecting all PCs to the BRANCHA domain, switching all servers to be domain controllers and setting up sites and OU's in active directory.  Then I was thinking about child domains.

Any help would be appreciated.

Thank you.
Question by:CoastalSlns
    LVL 24

    Accepted Solution

    Why do child domains?  I would create one flat domain and since there is a vpn all machines can be joined to that domain.....
    I would also make all server local domain controllers and also use AD sites and services as you suggested.
    LVL 63

    Expert Comment

    As usual, it is best to test with the smallest branch or a test LAB, and make sure you have full backups before hand.

    I hope this helps !
    LVL 95

    Expert Comment

    by:Lee W, MVP
    Are the servers secured in each location?  If not, you should probably consider using 2008 servers in the branches (I assume the branches would be the greatest security risks) as that way you can use RoDCs there (You will need to be in 2003 Native mode so that means getting rid of the 2000 DCs).  And you'll need one DC in the main office with 2008.

    I agree, flat structure is best, but from security standpoint, the RoDC concept is probably your best option.

    Author Closing Comment

    We ended up using AD Domain Rename tool to rename the BranchA domain to a more acceptable domain name for the entire bank.  We waited about 2 weeks and then moved over BranchB to the new domain and all the PCs.  What a nightmare that was.  We are in the process of moving the other branches now, 1 at a time.  Fun fun!

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
    Know what services you can and cannot, should and should not combine on your server.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now