Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Forest trust, or move domain?

Posted on 2011-09-28
4
Medium Priority
?
553 Views
Last Modified: 2012-05-12
Hi again Experts,

I need to integrate my domain with another. We have a single domain in our forest, and the other company have two domains in their forest. We will be remaining as two separate companies in two geographically separate locations.

In the short term we will be creating a forest trust, however I am considering moving our domain into their forest.

Could anyone advise on the benefits of moving our domain in to the other forest? I have heard that Exchange functionality is improved.
0
Comment
Question by:failed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36715944
You can't pick up and drop a domain from one location to another I'm afraid - you're going to have to actually migrate your domain into the target domain.   This means, migrating user accounts, data, e-mails and applications to the target domain.

Exchange functionality isn't "improved" per se, but it does mean that you will be part of one exchange organization, so mail sending and receiving is faster, and the ability to share calendears and meeting rooms is more accessible.  Also, you will get one address book rather than having to maintain two.
0
 
LVL 4

Expert Comment

by:maxsmith5k
ID: 36716032
Even the "improved" functionality that Lester_Clayton speaks of maybe done with third party products.  In my opinion, i would avoid migrating your domain into their forest - lots of problems to try to avoid.  Instead, stick with federation and if you require more than federation offers, turn to a third party product such as Quest Collaboration Services (for functionality such as synchronization of GAL etc.
0
 
LVL 11

Accepted Solution

by:
TheGeezer2010 earned 2000 total points
ID: 36716083
The other alternative (if you are using Exchange 2010 on both sides and you don't HAVE to merge domains), is to set up a Federation Trust  - this will then allow both sides to share Free/Busy, and, alternatively, allow selected users, DGs etc to share contacts and calendars. You can also share same GAL using FIM (think that it what it is called now).
This is a good article explaining this avenue

http://www.tools4exchange.com/2010/07/galsync-and-federation-using-exchange-2010---part-iii---first-step.html

This is if you want to maintain co existence. If you want to merge the two forests, as stated above, the only supported Microsoft way is to migrate one forest to another. Here is an article showing the constraints of the method of such a merger ;-

http://technet.microsoft.com/en-us/library/mergers_acquisitions_active_directory_prune_and_graft_restructuring_support_limitations%28WS.10%29.aspx

and here is the Microsoft article on how to go about this merger - please be aware that this is anything but trivial, and unless you have experienced and qualified Exchange architects in house, you may be better off bring in outside consultants to design this.

http://technet.microsoft.com/en-us/library/cc974332%28WS.10%29.aspx

Good luck with whatever you decide to do !!

0
 

Author Comment

by:failed
ID: 36892542
Thanks for all the advice!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question