[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 511
  • Last Modified:

Remove a non-root domain from the forest?

I need to remove a domain from the forest but allow that domain to remain intact as an additional independent domain.  I have Internal.edu which is the root domain (first tree in the forest).  I later added internalweb.edu as a second domain in the forest.  We now need to break these two domains apart so that they are no longer in the same forest.

I am having little luck in searching for information on this.  So far all the Microsoft documentation only discusses removing the last domain controller from a domain and then removing the domain from the forest.  I need to break two domains in the same forest into two separate forests....
0
yccdadmins
Asked:
yccdadmins
  • 4
  • 2
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
You can't break a child domain off into its own Forest. All of the AD information in the Child Domain is dependant on the settings and roles that exist in its parent. You would need to create a new forest and Migrate Users and computers over to the new forest, then remove the child domain, to accomplish your needs.
0
 
Adam BrownSr Solutions ArchitectCommented:
Incidendtally, I'm a little confused by your explanation of your setup, since a child domain has to have the root domain in its FQDN. internalweb.edu cannot be a child of internal.edu. internalweb.internal.edu can be, though.
0
 
yccdadminsAuthor Commented:
The domain is not a child domain.  It is a separate domain in the same forest.

"I later added internalweb.edu as a second domain in the forest."

I have two domains: internal.edu and internalweb.edu.  I want internalweb.edu to be "saparated" from the forest.  We would then have two completely independent forests.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Adam BrownSr Solutions ArchitectCommented:
I think you might have a misunderstanding of what Constitutes a forest. Two domains in a single forest cannot have completely different FQDNs like internalweb.edu and internal.edu unless the root domain is just edu. If you have two domains, internalweb.edu and internal.edu, you already have two forests by the definitions of Active Directory. Novel has a different definition of Forests, where two Domains that have a trust between them can constitute a Forest, but AD does not use this definition in its technical implementation. If a root domain in an AD forest is named internal.edu, all additional domains in the forest *must* have internal.edu in their FQDNs.
0
 
yccdadminsAuthor Commented:
Unless I am misunderstanding what you have written above - you are incorrect.

In Active Directory you can have two completely different FQDNs in a single forest.  The first domain I created was internal.edu.  I later created an additional domain in the forest (not a subdomain) called internalweb.edu.  The two domains are both in a single forest and have the default transitive two-way trust.

I can have a single forest with any number of domains in AD.  I could have peterpan.edu and tinkerbell.edu if I wish but they are both in a single forest with a single shared schema etc.

What I wish to do is break these two domains apart so that each has its own server acting as the PDC emulator ( with other assorted FSMO roles) and separate Schemas etc.  This task is what I am not finding any information on out in Internet world.  You with think that with companies breaking up and merging there would be more information on this but not much luck so far....
0
 
Adam BrownSr Solutions ArchitectCommented:
Huh. Never ran into that configuration before, guess it's part of the advanced features for DCPromo that I haven't had to work with yet. After a little research on that topology, I can tell you a few things.Basically, the secondary tree has the same functions as a child domain and is removed the same way. It also has the same limitations as a child domain. The only difference between a child domain and a second tree in a forest is that they utilize different DNS namespaces. The tree cannot be broken off of the forest because it still relies on the forest root for configuration and other information. You would still need to create a new forest and migrate data to it to have a separate forest.
0
 
kevinhsiehCommented:
I concurr that the proper way is to do a migration to a new domain in a new forest. Use AD Migration Tool 3.2.

http://technet.microsoft.com/en-us/library/cc974332(WS.10).aspx
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now