[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

create a Windows 2003 child domain in a 2008 AD

Posted on 2011-10-11
12
Medium Priority
?
474 Views
Last Modified: 2012-05-12
Aloha Everyone,
  Is there a way to create a Windows 2003 Child domain in a 2008 Active Directory?  I need a 2003 Child domain so I can run MSDSS and migrate my Novell 6.5 sp8 server.  The 2008 Active Directory does not have a 2003 domain controller.  This prevents me from being able to run MSDSS.  

Thanks,
Brian
0
Comment
Question by:supertechhawaii
  • 6
  • 4
  • 2
12 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36951214
What is your forest functional level set at right now?

Thanks

Mike
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36951439
Just only to add.
Yes, it is possible if your Forest Functional Level is not grater than Windows Server 2003 mode. Then you can create child domains using Windows Server 2003 DCs. In case that it is grater, you cannot. For that you need to create separate forest and configure forest trust between them.

The rest, Mike will tell you if you have additional questions :)

Regards,
Krzysztof
0
 

Author Comment

by:supertechhawaii
ID: 36951512
Aloha iSiek and mkline71,
   I just checked my Forest functional level.  It is set to 2008 functional level. Since this is set this way, I believe that is is not possible to add a 2003 child domain.  Is this correct?  The only thought I have is to Create a 2003 AD and run a forest trust?  

Thanks,
Brian
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 36951741
You are correct,  since the forest functional level is 2008 you can't introduce any DCs lower than 2008 into the forest.

Thanks

Mike
0
 

Author Comment

by:supertechhawaii
ID: 36952108
Aloha mkline71,
   I am assuming that a 2003 AD can be forest trusted with a 2008 AD with no issues.  If this can be done, does this mean that I can run MSDSS on the 2003 AD and migrate the AD to the 2008 AD?

Thanks,
Brian
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36952146
You could migrate, using ADMT or a third party tool.

Thanks

Mike
0
 

Author Comment

by:supertechhawaii
ID: 36952196
Aloha mkline71,
   Thanks ;) I need to use MSDSS for my migration.  This is the migration tool from Microsoft to migrate Novell to AD.

Thanks,
Brian
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36952235
ahh ok.  won't blow smoke...I haven't used that tool
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 36953907
I also didn't use this tool but in my opinion it should work. If parent-child domain scenario works, so also forest to forest scenario might work. In both cases domains use trust (in parent-child there is also trust between domains, created automatically by AD during child domain set up). Raise Forest Functionsl Level for the new forest to Windows Server 2003 mode and set up two-way forest trust and check that migration software :)

Krzysztof
0
 

Author Comment

by:supertechhawaii
ID: 36957669
Aloha All,
   I just finished the setting up the forest trust ;)  I will be testing the MSDSS this morning and will let you all know how it worked.  If it did work, I will let you all know what I did in order to get this to work to help any one else who might have the same issues :)

Thanks,
Brian
0
 

Author Comment

by:supertechhawaii
ID: 36959434
Aloha all,
   I have tried everything to set this up. I just can't seem to get the "directory synchronization service" installed on the windows 2008 server.  We are just going to need to purchase Quest NDS migrator tool. I have ran several test with the tool and it works great, even if I have a Native 2008 AD.  

I just wanted to say thanks to everyone who tired to hep me out on this ;)

Thanks,
Brian
0
 

Author Closing Comment

by:supertechhawaii
ID: 36959435
Thanks for the help on this ;)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question