• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 641
  • Last Modified:

How to track Traffic over Domain Trust?

I currently have an Active Directory domain trust between 2 AD domains.  All domain controllers except 1 are Server 2008 (the odd man out is Server 2003).

1. The old domain is a 2008 server operating at a Windows 2000 native domain functional level
2. The current domain is all 2008 & 1 2003 server operating at a Windows Server 2003 domain functional level.
3. We have migrated to the current domain what we believe to be the last of the machines and systems dependent upon the old domain.
4. We are ready to retire the old domain and want to ensure no systems or machines are still dependent upon it.

Is there a way that I can monitor traffic that is traversing the trust to ensure that we are completely unreliant on the old 2000 domain?  What do I need to configure\enable to accomplish this?

3 Solutions
I myself would take a look at the security log in the event viewer on the 2003 server and see if you have a lot of entries of users/devices hitting it up to authenticate for any reason.

On the old DC.
Run wireshark, check the traffic.

Are they separate forest?

I would power off the old domain for a day or two. I did a migration and we found that the Sharepoint server had permissions issues after. (  server was moved to new domain)
Did you do a manual move to the new domain of a AD migration with MS's tool or another tool? Did you migrate with SID History?)

check wins?
check dns?
check dhcp services?
any vpn's etc, pointed at the old dc ?

disable the old domain user accounts.
diable the old domain computer accounts.

As far as a tool , none that I know of.
You could tun up windows auditing and see what is logging in.

Hope this list helps.

As per my understaing you want to check that is there any user or machine is login to old domain or not.If yes then either you can write down a script or use oldcmp.exe(freeware from Joeware.net) and have a look on "http://www.nixadmins.net/2008/08/12/find-stale-dead-removed-computers-or-users-from-active-directory-using-oldcmp-from-joeware-net/" for few examples i don't think you need to check the same on trust traffic
VIBTAuthor Commented:
Thanks guys!  I ended up using a combination of all solutions to help me decommission the old domain in the trust.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now