asked on Divide the existing active directory domain into two separate domains
Hello Experts,
I need a help in this please.
Current environment:
Single AD domain hosted in 2 DCs and 4 exchange servers, all of them are controlled by an IT department which belongs to finance department, another IT department which is for the whole org. is responsible for all other servers and machines in the network.
The problem is all mailboxes and AD object is not controlled by the IT department, I am thinking of a possible solution for that is to create a new domain in the existing forest. then migrate all AD objects except the ones for the finance dept. to this domain.
I need to have control over our objects
Any thoughts ?
I need a help in this please.
Current environment:
Single AD domain hosted in 2 DCs and 4 exchange servers, all of them are controlled by an IT department which belongs to finance department, another IT department which is for the whole org. is responsible for all other servers and machines in the network.
The problem is all mailboxes and AD object is not controlled by the IT department, I am thinking of a possible solution for that is to create a new domain in the existing forest. then migrate all AD objects except the ones for the finance dept. to this domain.
I need to have control over our objects
Any thoughts ?
Active DirectoryExchangeWindows Server 2008
Last Comment
pwindell
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes the IT-Finance manages the AD and exchange.
I am new admin in the company, I came and found it like this :S can't find any reason to make the AD design like this. I am trying to find out a way to create an AD domain for the real IT dept.
I am new admin in the company, I came and found it like this :S can't find any reason to make the AD design like this. I am trying to find out a way to create an AD domain for the real IT dept.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Domains are not the true security divider, forests are. To achieve complete separation you would need to setup a new forest and domain. Enable trusts between them and use ADMT to migrate users and computers. That is a lot of work and should be unnecessary. As has been already suggested, move to an OU model. Create OUs for each department, move the respective users and computers to those OUs. Delegate control of those OUs to departmental IT if they have it. Transfer ownership of the domain controller hardware and licensing from finance to the corporation if necessary to satisfy the companies books. For Exchange, depending on how you are set up, split the finance users off onto their own Exchange server if they still want email autonomy. I would however suggest that the company combine all lT personnel in a reorganization. Your company has invented problems.
ASKER
Thank you guys,, seems that I am going with OU separation option.
I am just thinking how could exchange be designed in the second option (new domain) ? does a new exchange server needed knowing that both AD domains should have the same external domain name ( company.com).
I know that it a mess, so I am out of ideas.
I am just thinking how could exchange be designed in the second option (new domain) ? does a new exchange server needed knowing that both AD domains should have the same external domain name ( company.com).
I know that it a mess, so I am out of ideas.
You can only have one Exchange org per domain. So if you go with the OU model, leave Exchange alone. You can separate users via information store or server, but they have to be in the same org to use the same external domain name.
Dear,
i do agree with above experts sugegstion.... a simlest way waould be t create one OU named Finance, under that create two OU one for Users and one for finance computers, delegate control of only Finance OU to Finance It team,,, keep remaining domain with you.
i do agree with above experts sugegstion.... a simlest way waould be t create one OU named Finance, under that create two OU one for Users and one for finance computers, delegate control of only Finance OU to Finance It team,,, keep remaining domain with you.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks all,
After a long discussion , I got access and control over all systems.
After a long discussion , I got access and control over all systems.
Excellent!
Very good.
Very good.
I'm not sure that I understood your question.
The main IT department don't have any domain? How many users are in other department? Why IT-finance manage all Exchange servers?
Dan