AD Domain Migration - Trust Relationships and Policy Inheritance
Posted on 2012-03-20
My company has decided in its infinite wisdom that we will migrate to a new AD domain, i.e. move from existingdomain.com to newdomain.com, to put us in line with our re-named email domain from an old company to the new owners which is already live.
Ordinarily I would not have an issue in doing this but they have said they want a completely new domain as the existing one is considered 'dirty', problematic and full of multiple historical issues.
It would have been simply establishing a trust and migrating all the boxes which I've done before. However with this scenario, I am to avoid at all costs the 'cross polination' of any existing errors from the old to new domain which is now giving me a headache.
My main question is this:
If I create a new domain, called newdomain.com, build the DCs, File & Print, etc etc, establish the new DCs as FSMO holders, create group policy and so on, but then establish a trust relationship between the 2 domains, would the new domain inherit any of the hidden AD issues or is the trust relationship simply 'what is says on the tin'?
By that I mean it will readily allow me to migrate users, groups, files & permissions, apps and even Exchange without inheriting the issues as effectively it's a different domain with different AD installation and policy?
I also assume that it would make life easier for the email server move (Exchange 2010)?
Sorry, almost forgot - both domains are 2008.
Hope that makes sense, please ask for clarification if it does not.
Thanks in advance :-)