Solved

Windows Server 2003 to 2008 Trust

Posted on 2010-11-12
8
279 Views
Last Modified: 2012-05-10
Hi All,

Just a quick sanity check / brain storm.

I have taken over the care of a network with the plan of scrapping their old nasty exchange infrastructure.

192.168.0.x/24 = HQ (companyuk.local)
192.168.1.x/24 = NEW COLO (additional site to companyuk.local)
x.x.x.x = OLD COLO (Public address only) - Completely separate site AD (company.co.uk)

The old colo contains an Exchange 2003 server, New colo contains an Exchange 2010 server which we will be migrating accounts to.

I want to set up a trust between the two for migration purposes.

Since company.co.uk (the actual domain name, not the AD domain name on the exchange 2003 box) is also used for a website and various portal/crm which are located on another box and used internally, what problems am I going to face by creating a trust?

Can I create the trust without having the zone file for company.co.uk ?

What issues am I likely to face?

Thanks.
0
Comment
Question by:Whiterat
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120591
What is the AD FQDN of the old forest?
You said it has "company.co.uk" as the email doamin but not AD.
Also not sure what you mean by "Public addresses only", Do these servers have public IP addresses and are live on the internet? Is there a VPN tunnel or other connection between the two domains?


To setup the trust and provide DNS resolution I would create conditional forwarders in each Domain to point to the other.


http://support.microsoft.com/kb/304491
0
 
LVL 4

Author Comment

by:Whiterat
ID: 34120676
Hi KenMcF,

The AD FQDN is unfortunately company.co.uk .
It is a public facing server with an access list allowing everything between the 2.

Thanks.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120720
Then as long as the DNS server for "company.co.uk" has all the correct records and there is no NAT between the two domains you can create conditional forwarders on each and should be good if I understand your topology correct.  
0
 
LVL 4

Author Comment

by:Whiterat
ID: 34120843
There is NAT running on the new domain...
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34120918
It is not supported to do a trust with NAT. Take a look at this thread and the links provided.

http://social.technet.microsoft.com/forums/en-US/winserverDS/thread/9dffd77b-6991-48bb-9ddf-6f6d605be594
0
 
LVL 4

Author Comment

by:Whiterat
ID: 34120965
:(

In which case can you think of a good way to perform the migration besides ExMerge ?
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34121093
it is possible to get the trust to work, I personally have never tried it. You would have to do a lot of DNS configuration and work on the firewalls.

But exmerge would probably be the easiest.

0
 
LVL 4

Author Closing Comment

by:Whiterat
ID: 34299093
Ran out of time to test anything special, just ended up using exmerge
0

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now