Solved

Single Forest rename

Posted on 2011-02-15
5
900 Views
Last Modified: 2012-05-11
Hi Experts,

We would like to rename our Forest due to conflicting issues in our network... current Forest FQN is ad.company.local we would like to rename this to ad.company.corp. currently we are migrating from 2003 DCs to 2008 DCs, once finished we'll be renaming the Forest before we migrate from Notes to Exchange 2010. Is there any best practices for this or any recommended way? i can find a lot of material on domain rename but not forest....

Can we create a new AD Forest create a 2 way trust and migrate objects with ADMT to the new Forest?
Or do we rename the forest root once we have upgraded all the servers to 2008? (is the rename even possible?) then join the machines using a netdom batch file or is there any more advanced tools?

There's about 400 machines to migrate and i'm cautious about users not being able to access resources with the sIDHistory attribute, once users have been migrated and the down time of machines.

Any advice is appreciated

Cheers

0
Comment
Question by:WeirdFishes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 34903845
Hello,

The domain rename process is complex, and it requires a great deal of care in planning and execution.it is not intended to make domain rename a routine operation. There are so many dependencies on domain.

This may help you.

http://technet.microsoft.com/en-us/library/cc781575%28WS.10%29.aspx

Regards,
Tushar Kaskhedikar
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
ID: 34905033
i can find a lot of material on domain rename but not forest....

You don't rename the forest, but the doman. A forest can consist of multiple domans that you can rename, or a single domain forest.

It looks like you don't have Exchange at the moment, but Notes. I can't tell you how Notes will deal with a domain rename.

The safest and most controlled approch is migrating.

Btw. you can't rename a domain with Exchange 2010!
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34905996
you could deal with forest trust and ADMT to migrate from the old to new one forest.
but, maybe a most simple solution, could you maybe explain us what the issues you encouter with your current forest name, and why it's so important to change the name?
because maybe we could find a quickest solution ...
0
 
LVL 1

Author Comment

by:WeirdFishes
ID: 34912278
the issue is that we want to integrate macs with AD and bonjour's equivalent to a Windows workgroup is .local which is the FQN of our domain "ad.company.local" Apple has fixed this issue after OS X v10.4 but many apps for macs still conflict on many levels as it treats the .local from the domain FQN as the local machine.

I'm aware that you rename domains, and restructure domain in a forest but documentation don't mentioned if if you can rename the last "DC=local" parameter to "DC=corp" documentation says you can rename "DC=AD,DC=Company,DC=local" to "DC=AD,DC=Business,DC=local" but what i want is "DC=AD,DC=Company,DC=local" to "DC=AD,DC=Company,DC=.corp" is it possible?

So seems like a migration is a better approach, just confirming a 2 way forest trust enable users to access resources on both forests?...
does anyone know of a reliable tool to migrate machines for minimum downtime?
we are willing to purchase something if it's good or will a "netdom join" batch file do the trick and run it remotely with psexec? I have only used "netdom join" to join a domain. Can you use netdom to join a machine to a new domain even if it's already in a domain? Sorry for all the questions

Cheers

Can
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34913853
what i want is "DC=AD,DC=Company,DC=local" to "DC=AD,DC=Company,DC=.corp" is it possible?

Yes indeed.

If you're going to migrate, you should read the ADMT Guide:

http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=6d710919-1ba5-41ca-b2f3-c11bcb4857af

and get the tool itself:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=20C0DB45-DB16-4D10-99F2-539B7277CCDB

You don't use "netdom" to join the computers, ADMT will handle this. You migrate the computers to the destination domain, restart the computer and it's a member of the new domain.




0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question