Solved

Windows Server 2003 to 2008 Trust

Posted on 2010-11-12
8
326 Views
Last Modified: 2012-05-10
Hi All,

Just a quick sanity check / brain storm.

I have taken over the care of a network with the plan of scrapping their old nasty exchange infrastructure.

192.168.0.x/24 = HQ (companyuk.local)
192.168.1.x/24 = NEW COLO (additional site to companyuk.local)
x.x.x.x = OLD COLO (Public address only) - Completely separate site AD (company.co.uk)

The old colo contains an Exchange 2003 server, New colo contains an Exchange 2010 server which we will be migrating accounts to.

I want to set up a trust between the two for migration purposes.

Since company.co.uk (the actual domain name, not the AD domain name on the exchange 2003 box) is also used for a website and various portal/crm which are located on another box and used internally, what problems am I going to face by creating a trust?

Can I create the trust without having the zone file for company.co.uk ?

What issues am I likely to face?

Thanks.
0
Comment
Question by:Whiterat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120591
What is the AD FQDN of the old forest?
You said it has "company.co.uk" as the email doamin but not AD.
Also not sure what you mean by "Public addresses only", Do these servers have public IP addresses and are live on the internet? Is there a VPN tunnel or other connection between the two domains?


To setup the trust and provide DNS resolution I would create conditional forwarders in each Domain to point to the other.


http://support.microsoft.com/kb/304491 
0
 
LVL 4

Author Comment

by:Whiterat
ID: 34120676
Hi KenMcF,

The AD FQDN is unfortunately company.co.uk .
It is a public facing server with an access list allowing everything between the 2.

Thanks.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120720
Then as long as the DNS server for "company.co.uk" has all the correct records and there is no NAT between the two domains you can create conditional forwarders on each and should be good if I understand your topology correct.  
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 4

Author Comment

by:Whiterat
ID: 34120843
There is NAT running on the new domain...
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120918
It is not supported to do a trust with NAT. Take a look at this thread and the links provided.

http://social.technet.microsoft.com/forums/en-US/winserverDS/thread/9dffd77b-6991-48bb-9ddf-6f6d605be594
0
 
LVL 4

Author Comment

by:Whiterat
ID: 34120965
:(

In which case can you think of a good way to perform the migration besides ExMerge ?
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34121093
it is possible to get the trust to work, I personally have never tried it. You would have to do a lot of DNS configuration and work on the firewalls.

But exmerge would probably be the easiest.

0
 
LVL 4

Author Closing Comment

by:Whiterat
ID: 34299093
Ran out of time to test anything special, just ended up using exmerge
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question