Link to home
Start Free TrialLog in
Avatar of MarkBourn

asked on

Active directory 2008 + AD 2000 question

I am setting up a new Active directory 2008r2 domain.  This will be handling a new desktop migration however I have a current 2000 Active directory that everything currently runs from.

I have the following questions based on the above scenario.
Q1 -  Can I set up a trust between the existing 2000 AD and the new 2008 r2 AD as there is an email service running against the current 2000 AD that the users on the 2008 Ad will need to access.

Q2 -  What domain functional level should I be setting the new AD 2008 domain to to handle the trust on AD 2000.  As I am not integrating the 2000 AD into a new 2008 forrest my thoughts are I should be able to use the 2008 native functional level but not sure.
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MarkBourn



To clarify I can do the following:

- New Windows Server 2008 R2 FFL4
- New Windows Server 2008 R2 DFL4 under the above forest
- Setup trust between the Server 2008 DFL (Not FFL) to the existing AD 2000 Domain.
Are you just planning a 2008 DC to your domain or setup a completely new Child Domain?

If you are just adding a 2008 DC to our Domain you do not need to create a trust.  It will happen when you DCPROMO the 2008  server.
You will need to keep the FFL and DFL at 2000 level until you remove the 2000 box from your domain.
You will also need to run ADPREP for both the forest and domain
Once you run this on the 2000 box then you can run DCPROMO on your 2008 box.
I will be creating a new completely seperate 2008 domain which will run alongside the 2000 domain.  I will not be putting the 2000 domain into the 2008 forrest as it will be phased out.  I will just be looking to put a trust between the 2 of them.
What is the reason behind your decision?
Apologies for the lateness in my reply.  

The decision is based on keeping the domains seperate with simply trusts in place.  

To summarise in order for me to connect my new 2008 domain to the 200 domain I can leave it in either DFL or FFL on the new domain
Will the domains have different purposes?
Will that have different user accounts or just a mirror of your users?