Link to home
Create AccountLog in
Avatar of Whiterat
WhiteratFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Windows Server 2003 to 2008 Trust

Hi All,

Just a quick sanity check / brain storm.

I have taken over the care of a network with the plan of scrapping their old nasty exchange infrastructure.

192.168.0.x/24 = HQ (companyuk.local)
192.168.1.x/24 = NEW COLO (additional site to companyuk.local)
x.x.x.x = OLD COLO (Public address only) - Completely separate site AD (company.co.uk)

The old colo contains an Exchange 2003 server, New colo contains an Exchange 2010 server which we will be migrating accounts to.

I want to set up a trust between the two for migration purposes.

Since company.co.uk (the actual domain name, not the AD domain name on the exchange 2003 box) is also used for a website and various portal/crm which are located on another box and used internally, what problems am I going to face by creating a trust?

Can I create the trust without having the zone file for company.co.uk ?

What issues am I likely to face?

Thanks.
Avatar of KenMcF
KenMcF
Flag of United States of America image

What is the AD FQDN of the old forest?
You said it has "company.co.uk" as the email doamin but not AD.
Also not sure what you mean by "Public addresses only", Do these servers have public IP addresses and are live on the internet? Is there a VPN tunnel or other connection between the two domains?


To setup the trust and provide DNS resolution I would create conditional forwarders in each Domain to point to the other.


http://support.microsoft.com/kb/304491 
Avatar of Whiterat

ASKER

Hi KenMcF,

The AD FQDN is unfortunately company.co.uk .
It is a public facing server with an access list allowing everything between the 2.

Thanks.
Then as long as the DNS server for "company.co.uk" has all the correct records and there is no NAT between the two domains you can create conditional forwarders on each and should be good if I understand your topology correct.  
There is NAT running on the new domain...
It is not supported to do a trust with NAT. Take a look at this thread and the links provided.

http://social.technet.microsoft.com/forums/en-US/winserverDS/thread/9dffd77b-6991-48bb-9ddf-6f6d605be594
:(

In which case can you think of a good way to perform the migration besides ExMerge ?
ASKER CERTIFIED SOLUTION
Avatar of KenMcF
KenMcF
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Ran out of time to test anything special, just ended up using exmerge