Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

W2K3 Forest Trust roll-back

Posted on 2013-02-01
7
Medium Priority
?
381 Views
Last Modified: 2013-02-21
Hi - we are in the process of merging two companies and looking at implementing a 2 way forest trust.

Both companies are operating AD at 2003 functional level. Our DC's are running on server2008R2 in a vmware environment.

Can anyone offer some advice as to a roll-back plan? We are confident with the steps involved to establish the forest trust and have been doing some tests in an isolated environment but not sure of what to expect in a worst case scenario?

Thanks
Shaughn
0
Comment
Question by:snymas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 123

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 750 total points
ID: 38843599
In a worse case scenario the trust relationship would not establish, and would be broken, just as the relationship is now.

As with any change to production environment , I would recommend a full backup (not a vmware snapshot) or ALL DCs.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 38843637
Yes, the worst case would be the trust won't work as expected.
For roll back, you just need to revert the steps that will be used to create the trust.
0
 
LVL 10

Expert Comment

by:millardjk
ID: 38846672
Forest trusts are a form of credentialling; you're exchanging tokens that permit one AD forest to automatically authenticate users in the other forest to access resources.

Rollback is easy: delete the authorization in forest A and forest B users can no longer access its resources.
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 

Expert Comment

by:prosynexperts
ID: 38854847
thank You for your comments. If the forest trust does not stablish properly, could we have any big authentication issues? We might need to go back to our AD backups and restore all DCs across all sites. Is that correct?
0
 
LVL 10

Expert Comment

by:millardjk
ID: 38855828
If you have problems establishing the trust, you will have issues with users in forest A accessing resources in forest B (and vice-versa). Unless you have inherent issues in ether forest to begin with (you've run a dcdiag to see how healthy they are, right?), you won't have any intra-forest issues after attempting to set up the trust--succeed or not.
0
 

Author Comment

by:snymas
ID: 38857470
Hi millardjk, thank you for all your replies.
Yes, you are right. DCdiag shows no errors. Server healthy on my end. Not sure our sister company. I'll ask them if they have run it fo reasurance as I know they were having issues. I have advised them to take AD backups from all their DCS. I am just concerned as their systems had a couple of major glitches lately. If the trusts are not sucessful we can always delete the authorization, right?
Just one more thing, if the trust is sucessful PC's will get a scrolldown menu with the second domain/forest, right?
Is there anything else we would need to do?
Will exchange synch contacts, GAL?
Many thanks
0
 
LVL 10

Accepted Solution

by:
millardjk earned 750 total points
ID: 38857497
1) if not successful, you can delete the trusts and you're back to where you are today
2) if the sister co is having issues, trust could link up, but your side could have issues accessing them while they access your side w/o probs [most likely failure scenario]
3) should have dropdown populated, but if not, can still manually enter domain\user or user@domain and login
4) exchange is a completely different animal, and I can't begin to tell you how it would work, especially w/o knowing the version of Exchange. In short, that's a different question for Experts Exchange.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question