Solved

Active Directory domain rename versus cross-forest migration?

Posted on 2010-08-17
12
1,026 Views
Last Modified: 2012-05-10
We have a somewhat screwed-up AD domain structure. At some point in the past, Domain A was the parent to Domain B. We have two locations, so I believe previous IT staff set up the remote location as a child of our existing domain. At some point before I worked here, there was a serious problem with network and whatever consultant was brought in to fix things wound up changing things around so that Domain B is now the parent of Domain A. I really don't know more detail than that, but this is what I've been told.

At a later point, but also before I worked here, the IT admin at the time created a new domain in a new forest, thinking that we needed to start fresh. The problem was that there were, in his words, screwed-up permissions due to the parent/child switcheroo. (A big part of our problem is that, although we do pretty well managing the network, neither he nor I is an AD expert.)

A big piece of this migration, which has been going on for quite a while now, is moving Exchange into the new domain. This would involve cross-forest migration of all mailboxes (~180 users), and is not for the faint of heart, from what I understand. Particularly since downtime is absolutely not an option.

A consultant that we hired to help with the Exchange migration got seemingly nowhere after 6 months, so we found someone else, who seems a lot more qualified. This new consultant says that, although we *can* migrate to a new forest, it's a much bigger deal, more expensive, and will take more time. His suggestion is to do a domain rename instead.

As we evaluate our options, I'm looking for advice from other experts out there. Does what this new guy says sound reasonable? Is it wiser for us to consider a (supposedly less expensive and easier) domain renaming process of our two current "old" domains rather than migrating everything to our new domain in a forest? Thanks in advance.
0
Comment
Question by:johnorjack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33458407
considering the issues you experienced with earlier, i would start consider migrating to the new forest
do you already have exchange 2007 or 2010 installed within the forest? if so, domain rename is not an option.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33458415
http://technet.microsoft.com/en-us/library/cc816848(WS.10).aspx
The domain rename operation is not supported in Microsoft Exchange Server 2007 or Exchange Server 2010. DNS domain rename is supported in Exchange Server 2003. However, renaming of the NetBIOS domain name is not supported in any version of Exchange Server. Other non-Microsoft applications might also not support domain rename.
0
 

Author Comment

by:johnorjack
ID: 33458427
No, we only have Exchange 2003. I believe the plan would be to upgrade to 2007 (or maybe even straight to 2010) during the migration. (Although maybe this would be done in steps.)
0
Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

 
LVL 32

Expert Comment

by:endital1097
ID: 33458543
the domain rename option would have the minimal outage window, but you may still have residual effects from when the parent domain was changed
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33459048
Just to add:

Domain rename is an option if you are not running any Exchange above 2003.

The domain rename process is fairly easy but before the start of the migration you would need to run dcdiag to check for any errors before proceeding to make sure you don't have issues before the migration.

http://www.petri.co.il/windows_2003_domain_rename.htm

http://technet.microsoft.com/en-us/library/cc816848(WS.10).aspx

Now when you migrate to a new domain there are a lot more steps like migrating the mailboxes and users over to the new domain which can be hairy sometimes. If you can do a domain rename then I suggest to go with a domain rename for easier migration for a domain change.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 33459499
Exchange does not migrate!

Sorry,...but someone should have just come out and clearly said that by now.

I would also recommend not renaming an already screwed up Domain.

Exchange is a separate process from the Domain migration but it is done at the same time.

You create a new Exchange in the new Domain,...entirely unrelated to the old Exchange.  You then use Exmerge to export the data from the mail boxes of the old Exchange to a safe place.  Then run Exmerge again to import the data into the new Exchange's empty mailboxes.

This is non-destructive to the old Exchange,...the old Exchange is completely intact afterwards.  Nothing is "migrated",...it is just a glorified "copy" process.

Newer versions of Exchange don't use Exmerge,...and hence,...in my opinion,..more difficult to deal with,...Exmerge was a great tool.   So don't go to anything newer than Ex 2003 until later after everything else is finished.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33459702
A domain rename takes less time than a migration to a new domain *IF* things goes smoothly.

If you run into problems, then you'll have problems telling your boss why you chose the renaming path over a controlled migration.

In a single domain forest without errors/warnings (dcdiag/netdiag) and without Exchange, a rename is very easy and you'll most likly succeed.

When you say your domain is a "mess" where the forest root domain is switched over with a child?! I wouldn't be too happy to do a renaming job.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33460419
i disagree with @pwindell regarding building the new domain and exchange organization using exchnage 2003
i would not introduce a legacy version of exchage into a clean environment, then you need to deal with a transition from an older version in your new domain

my vote remains with the new forest though
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33464483
i disagree with @pwindell regarding building the new domain and exchange organization using exchnage 2003
i  would not introduce a legacy version of exchage into a clean  environment, then you need to deal with a transition from an older  version in your new domain
my vote remains with the new forest though

There is no Legacy version here.   According to what I read in his posts he is already using Exch2003. I am just telling him th stay with it during the migration.  It is easier to go from Exch2003 to Exch2003 across a forest because you have Exmerge to do it rather then going Exch2003 to Exch2010 where you can't use Exmerge and have to use the commandline crap.  Then after that,...move to a newer Exchange version in the new Domain after everything is stabilized.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33464506
Legacy is a relative term.  I don't consider Exch2003 Legacy,...Exch 5.5 yes,...Exch2000 maybe.  To me it is not legacy until the technology methods won't work well together between the versions and Exch5.5 is the only one that classifies as that to me.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33464576
i misunderstood what you meant for your implementation path

when discussing exchange 2010 and within the configuration microsoft considers exchange 2003 legacy, and based on the architecture differences I do as well, namely the fact that you can no longer create your own administrative groups, routing groups are gone, etc
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33464600
No problem..

Legacy,...if MS determines it that way, then I understand.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question