?
Solved

Consolidation of two Windows Active Directory domains

Posted on 2010-01-10
14
Medium Priority
?
331 Views
Last Modified: 2012-05-08
Greetings!!!
I have two separate domains (a.domain.com, b.otherdomain.com) and would like to consolidate to one domain to become everyhting a.domain.com.

Both domains are Windows 2003, and not connected to each other.  There is only one Exchange server which is running in a.domain.com.  I would like to bring all the users, security groups, desktop, servers and anything related to a.domain.com.  

I would like to know the best steps to take to get this done. I believe I need to create a trust between the two domains.  Also do I need to have a site to site VPN or if I bring one DC from the b.domain.com and then do the trust relationship or single VPN connection.

Any pointers much appreciated. Thanks-
0
Comment
Question by:elaw
  • 8
  • 5
14 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26279779
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26279797
I missed the part about they're not connected to each other.
If isolated network segments that can't be routed, it's true that you nead to connect them with a VPN tunnel.
If on same network and can reach the other with ping IP-address, but can't resolve the other domain because of separate DNS namespace, it's enough to configure conditional forwarding between the two domains.
0
 

Author Comment

by:elaw
ID: 26279965
Does it require a site to site VPN or we could have a single VPN connection from one of the DC in either site.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 7

Expert Comment

by:himvy
ID: 26286953


Create a secondary zone in dns  of b.domain in domain A and vice versa.After this you can follow the ADMT guide mentioned above and follow the steps.
0
 

Author Comment

by:elaw
ID: 26288249
When we acquired this domain b company, we did not complete the merge due to multiple reasons.  Now we have to complete the merge.  we created the user accounts for domain b users in our existing domain a for the emails.  These users are still using domain b credentials for accessing the infrastructure domain b.  They have been accessing email using webmail.

Now the scenario is that we need to migrate the following:
1. Servers - should not have any issue
2. PC's - should not have any issue
3. Services accounts - should not have any issue
4. User accounts - This is the confusion part because both domains have user accounts for each person.  How we will handle this.

I think we should also migrate the users from domain b into domain a.  And associate their domain b account to their mail boxes.

If there is a confussion in defining the scenario please let me know.

Thanks
0
 

Author Comment

by:elaw
ID: 26288318
Hey henjoh09:

The link you have provided me is for windows 2008.  Will it work 2009.  Please let me know. Thanks
0
 

Author Comment

by:elaw
ID: 26288494
Literally speaking what things we need to be careful duing this type of migration.
henjoh09: provided a link for ADMT guide but if there is any practical guide for this kind of migration.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 26288952
ADMT is the tool to use when migrating/consolidating two domains. Links for both the ADMT tool and the guide is posted above.
ADMT requires atleast Windows 2000 native functional level for the domains that shall be migrated. A difference between ADMT 3.0 and 3.1 is that the newer version also supports Windows Server 2008 domain.

Do you mean that each user has an account in both domain (duplicate users)?
If having file server permissions configured for both domains' usernames, you can use the resource kit tool subinacl.exe to consolidate file server permissions.
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
0
 

Author Comment

by:elaw
ID: 26289011
One thing to clarify.  There is no duplication
UserA has two accounts in domain a and domain b
But UserA has different username in each domain.  So there is no duplication.
So what I m thinking is to migrate these users and associate the migrated users to the email boxes for each users.

There are only 40 mail boxes.  It should not have an issue.  What do you think
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 2000 total points
ID: 26298301
Having multiple user account with different username or the same username doesn't matter as it can be managed the same way with the subinacl tool for changing file server permissions. It's a little bit simplified if it's the same username, but the tool can as said also handle different usernames.

Not a big amount of users, so the migration of the mailboxes shouldn't be a problem.
0
 

Author Comment

by:elaw
ID: 26298360
mailboxes migration is not required becuase the mailboxes already created in domain a for domain b users and they are using it.

But as mentioned earlier.  User A has accounts in both domain a and domain b.
domain a accounts for mailboxes
domain b accounts for file access and other services

What i was suggesting that we will dump the domain a account for each user and migrate the accounts from domain b and assocate the mailboxes with the user accounts migrated from domain b.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26443944
Sorry for the delay as I thaught I already had folled up your last followup. I must had missed to click submit...

If it was just file servers in domainB, I think the migration with keeping the users in domainB instead of domainA would be a slightly more job to do than keeping the domainA users and changing the file server permissions when moving the file server from domainB. What more services than file servers will be moved from domainB?

Use ADMT (the guide has step by step instructions) to move the users/computers from domainB to domainA, disconnect the mailbox from userA and reconnect it to its new user.
0
 

Author Comment

by:elaw
ID: 26451002
Thanks Henjoh09.  I will read this and let you know
0
 

Author Closing Comment

by:elaw
ID: 31675277
resolved
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question