How should I upgrade 2 Trusted (1 2000/1 2003) forests to Windows 2008?

I have a client who currently has 2 separate forests.  1 contains 1 2000 DC, the other contains 1 2003 DC/File Server and 1 Exchange 2003 Server; they are trusted.  What would be the BEST way to do an upgrade to 2008 on new hardware on both forests.   Ideally I would have liked the 2000 forest to be a new parent in an existing forest but this is how I inherited the domain structure.  The 2000 domain uses exchange off of the 2003 domain so each time I have to create a dummy user account in the 2003 AD, disable it, and then link it to an external account on the 2000 DC.   I will getting new servers and converting everything to 2008 and setting up exchange 2007 too.  Should I  a) keep the existing forest structure and leave well enough alone or b) export the mailboxes to PSTs on 2000 domain user mailboxes, break the trust, and make the replacement 2008 server for the 2000 DC a new parent in an existing forest so I don't have to deal with trusts and what-not.   I understand this is alot more labor from my end because I'd have to reconfigure each PC in that particular domain because of the new SSIDs and then copy over their old profiles.  Does anyone have any other suggestions??
debbiezAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

> a) ...

This is a difficult question to answer because it depends on how well it works for you now against how you would like it to work for you in the future.

It also depends on how much hardware you have available. Draw up something that describes what you want your forest to look like, then figure out if you have the hardware to migrate to a new forest, or if you'll need to restructure the current.

Unless you have strong reasons for needing separate domains within a Forest I would avoid it. They don't provide you with a security boundary, and have higher administrative costs as well as hardware and software (because you need more hardware to make a fault tolerant forest).

> and make the replacement 2008 server for the 2000 DC a new parent in an existing
> forest so I don't have to deal with trusts and what-not

What do you mean here? Because you cannot introduce a new root domain into a forest. You could create a disjointed name space and make this the root of a tree, but that would still mean you need to maintain a separate root domain.

> because I'd have to reconfigure each PC in that particular domain because of the
> new SSIDs and then copy over their old profiles

If you can use ADMT then you can skip that step. It would require a trust between the source and destination domains but it will reconfigure the PC / Profile for you if told to.

Chris
0
 
debbiezAuthor Commented:
I'm sorry I meant creating a disjointed name space.  The company wants to keep it this way instead of having just one domain name space.  I just figured for exchange administration this would be the way to go instead of 2 separate forests.
0
 
Chris DentPowerShell DeveloperCommented:

Okay, makes sense. As long as you remember you can't lose the forest root domain :) It's still not what I would recommend as a setup, but I can certainly appreciate that politics tends to make life less than ideal sometimes :)

Chris
0
 
debbiezAuthor Commented:
I would like to just have 1 domain myself... if I COULD convince them of that would ADMT would allow me to export the users from forest B to forest A.  Now the way the exchange mailboxes are setup now is that I have disabled user account in forest A that have exchange mailboxes bound to user accounts in forest B.  When I setup the exchange 2007 and move all the mailboxes, which I think is going to be the first thing I tackle, unless that's not the best approach, forest A and B will still be intact.   IF I do decide to get everything down to one domain am I going to lose my association with mailboxes for forest B?  If my forest root domain is intact and I then just make forest B's new server (which will be new hardware) into a member server of the root domain, use ADMT to get the users from the old 2000 server (Forest B) into the root domain AD will I be able to keep the mailbox association?  Sorry I'm stating this wrong but I hope you get the idea :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.