Migrate and Synchronise Active Directory between 2 domains


We have a client who we want to move over to a child domain under our datacentre domain.
They already have a domain, with objects.
I can manually set up the OUs and migrate users across (using the ADMT tool), but they will be using this new child eventually.

Is there a way of migrating, synchronising and replicating the two domains, so that all organisational objects and the structure are in tact and they coninue to replicate with each other.

The primary DCs for both domains are Server 2008 R2, the domain functioning level is 2003 (as one of the DCs in the domain is 2003).

Can anyone assist.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Domain synchronization is possible, but it requires ILM (Identity Lifecycle Management) or FIM (Forefront Identity Manager). Both of these programs are *really* expensive (18,000 bucks).
XpertaAuthor Commented:
Okay assuming I have Forefront Identity Manager, how simple is it to copy over the domain objects and set up synchronising?

I understand that is a fairly broad questions.
Adam BrownSr Solutions ArchitectCommented:
Very very difficult, actually. FIM is an extremely complex piece of software that does a *lot* of different things. I spent about a month trying to get Domain Sync working with it and was never successful. If you were to go through a course on FIM, you might be able to figure it out, but the documentation on it that is freely available is really not very useful.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

XpertaAuthor Commented:
It looks like it is easier to mimic the OUs and ADMT the users over.

Unless there is no other way.

You used to be able to use ADAM under Server 2003, is there no 2008 R2 equivalent?
Adam BrownSr Solutions ArchitectCommented:
They changed the name of ADAM in 2008. It's now called AD-LDS (Lightweight Directory Services). Mostly that's just used to sync information so it can be read and used by applications, I haven't attempted to use if to sync data between forests before, so I don't know if it's capable of doing it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
XpertaAuthor Commented:
I will look in to AD-LDS and see if it fits my purpose.
XpertaAuthor Commented:
Nope that doesn't seem to fit.  That simply adds a database of users in an external domain, which applications can then call upon.

I'm struggling to work out why this cannot be done any more.  I'm fairly certain this was possible in Server 2000.
XpertaAuthor Commented:
It would seem that I cannot do what I wanted, which is fine, I've decided to put the other domain in Exchange 2010 mode and then migrate 2010 to 2010.

Thanks for the help given.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.