How should I upgrade 2 Trusted (1 2000/1 2003) forests to Windows 2008?

Posted on 2009-04-30
Medium Priority
Last Modified: 2012-05-06
I have a client who currently has 2 separate forests.  1 contains 1 2000 DC, the other contains 1 2003 DC/File Server and 1 Exchange 2003 Server; they are trusted.  What would be the BEST way to do an upgrade to 2008 on new hardware on both forests.   Ideally I would have liked the 2000 forest to be a new parent in an existing forest but this is how I inherited the domain structure.  The 2000 domain uses exchange off of the 2003 domain so each time I have to create a dummy user account in the 2003 AD, disable it, and then link it to an external account on the 2000 DC.   I will getting new servers and converting everything to 2008 and setting up exchange 2007 too.  Should I  a) keep the existing forest structure and leave well enough alone or b) export the mailboxes to PSTs on 2000 domain user mailboxes, break the trust, and make the replacement 2008 server for the 2000 DC a new parent in an existing forest so I don't have to deal with trusts and what-not.   I understand this is alot more labor from my end because I'd have to reconfigure each PC in that particular domain because of the new SSIDs and then copy over their old profiles.  Does anyone have any other suggestions??
Question by:debbiez
  • 2
  • 2
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 24277372

> a) ...

This is a difficult question to answer because it depends on how well it works for you now against how you would like it to work for you in the future.

It also depends on how much hardware you have available. Draw up something that describes what you want your forest to look like, then figure out if you have the hardware to migrate to a new forest, or if you'll need to restructure the current.

Unless you have strong reasons for needing separate domains within a Forest I would avoid it. They don't provide you with a security boundary, and have higher administrative costs as well as hardware and software (because you need more hardware to make a fault tolerant forest).

> and make the replacement 2008 server for the 2000 DC a new parent in an existing
> forest so I don't have to deal with trusts and what-not

What do you mean here? Because you cannot introduce a new root domain into a forest. You could create a disjointed name space and make this the root of a tree, but that would still mean you need to maintain a separate root domain.

> because I'd have to reconfigure each PC in that particular domain because of the
> new SSIDs and then copy over their old profiles

If you can use ADMT then you can skip that step. It would require a trust between the source and destination domains but it will reconfigure the PC / Profile for you if told to.


Author Comment

ID: 24279496
I'm sorry I meant creating a disjointed name space.  The company wants to keep it this way instead of having just one domain name space.  I just figured for exchange administration this would be the way to go instead of 2 separate forests.
LVL 71

Expert Comment

by:Chris Dent
ID: 24279547

Okay, makes sense. As long as you remember you can't lose the forest root domain :) It's still not what I would recommend as a setup, but I can certainly appreciate that politics tends to make life less than ideal sometimes :)


Author Comment

ID: 24282980
I would like to just have 1 domain myself... if I COULD convince them of that would ADMT would allow me to export the users from forest B to forest A.  Now the way the exchange mailboxes are setup now is that I have disabled user account in forest A that have exchange mailboxes bound to user accounts in forest B.  When I setup the exchange 2007 and move all the mailboxes, which I think is going to be the first thing I tackle, unless that's not the best approach, forest A and B will still be intact.   IF I do decide to get everything down to one domain am I going to lose my association with mailboxes for forest B?  If my forest root domain is intact and I then just make forest B's new server (which will be new hardware) into a member server of the root domain, use ADMT to get the users from the old 2000 server (Forest B) into the root domain AD will I be able to keep the mailbox association?  Sorry I'm stating this wrong but I hope you get the idea :)

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question