?
Solved

Splitting Existing Windows Active Directory 2003

Posted on 2011-02-11
7
Medium Priority
?
471 Views
Last Modified: 2012-05-11
We have an Active Directory 2003 forest root domain XYZ.COM with two child domains A.XYZ.COM and B.XYZ.COM our email environment is Notes 8.5

The business is splitting into two independence entity due to take-over. We are now planning to create two new Greenfield Windows 2008 Active Directory Domains A.Com and B.COM and migrate A.XYZ.COM and B.XYZ.COM

Can you please advice the best approach / tools / method for the migration? Are there risks I need to bear in mind (DNS Trusts, etc)? Can I have a mixture of 32bit / 64bit Domain Controllers in the two new Domains / what are the benefits?


Many thanks
0
Comment
Question by:Monika-D
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 34872557
There is no facility to chop off part of the AD tree in this way.  You will have to create a new domain, migrate the accounts and users to it, then demote all DCs from the existing domain untill they are all gone and the child domain no longer exists.

There is no issue to having a mix of 32 and 64bit DCs - 64Bit machines can address more RAM and support advanced stuff like HyperV.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34873323
I took it as he wanted to do a migration to the new domains not a "prune and graft" (not supported as KCTS said)

You can use a migration tool.  (trust should be setup between the target and source forest).  Microsoft makes the free ADMT  http://blogs.technet.com/b/askds/archive/2010/06/19/admt-3-2-released.aspx

Not sure how big you all are but there are also a few good third party migration tools.  Quest and NetIQ both make tools.  If you do have money to spend I'd look at Quest first.

I'd personally standup a new domain as a 2008 R2 domain.  That is only an 64 bit release.

Thanks

Mike
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34874312
Try not to shoot yourself in the foot by picking top-level real names for the domains. Go with second levels (ad.yourdomain.com) or fake ones (yourdomain.local). Picking yourdomain.com will just result in headaches.  
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 

Author Comment

by:Monika-D
ID: 34886820
Thank you all for your response.


KCTS,
Thank you for the clarification.

Mikline71,
Yes, I want to do a migration to the new domains. Is 2008 R2 only a 64 bit release? Does that mean you cannot  have a mixture of 32 bit and 64bit Domain Controllers for W2k8 AD?

Jar3817,
What are the possible headaches that will result from picking the first level rather than the second levels for real names for the domains?

Many Thanks
0
 
LVL 26

Expert Comment

by:jar3817
ID: 34887527
"What are the possible headaches that will result from picking the first level rather than the second levels for real names for the domains?"

Imagine you name your AD domain "company.com". Your corporate website is located at www.company.com and that name points to your webservers. When lazy people (like myself) on your lan need to go to your website and just type "company.com" into the browser, their computer will be connecting to your domain controllers rather than your web server. There are hundreds of questions on this site involving that very scenario and there are some pretty dirty hacks to get around it, but proper planning from the start can avoid it. You have the opportunity to not make that mistake. Most people inheriting poorly planned systems do not.

And yes, w2k8 is 64bit only. You can still mix domain controllers, but the 32bit ones will be 2k3 and your forest/domain functional level will be at most up to 2003 until they're all 2008.
0
 

Accepted Solution

by:
Monika-D earned 0 total points
ID: 34917583
Thank you jar3817 for the clarification.

Can anyone please point me to any repository where I can find a template design document for Active Directory 2008 R2 deployment?

Many Thanks
0
 

Author Closing Comment

by:Monika-D
ID: 35422335
No comment
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question