Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1163
  • Last Modified:

New Domain vs Domain collapse

Hi Experts,
I have given a task to get information on domain migration,
We have windows 2003 DCs with 1 parent xxx.com and 10 child domains yyy.xxx.com. We have about 1600 users in parent and child domains. At least 80 Security and Distribution groups in each domain.
We are planning to get rid of child domains and keep only 1 parent domain as xxx.com

I need your suggestion weather we should collapse the existing child domains and use xxx.com as new domain environment or create a new domain environment using a new name like zzz.com & create 1600 users but I am sure we don't have to create a lot of groups

I spoke with consultant and they are advising to create  new domain environment zzz.com.
Reason they are giving is, new domain will not have the attributes from windows 2003, that they believe could affect the performance of the new domain environment.
0
maliks121
Asked:
maliks121
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
LazarusCommented:
You fail to state if you are staying with 2003 as the domain architecture or upgrading to 2008 or 2012? If that's relevant, it should be mentioned. But they are correct that collapsing the subdomain might not pickup the proper attributes for those coming into the original domain. Better to start a new domain as they suggest. Also makes for a cleaner overall  start.
0
 
maliks121Author Commented:
We are planning to upgrade DCs to 2008, 2012 & Exchange 2013. Can you shed some light on how CLEANER OVERALL START will help? It's going to be more work i believe if we would have to create a new domain environment.
0
 
SandeshdubeyCommented:
If you are creating new domain then the work will be large starting from creating object,rejoining machine to domain,profile migration,etc and many more.

However you can create new domain and do migration i.e you can have same user object and there will be no manual profile migration required.

If you want to migrate user from one domain to new domain using ADMT tool you need to create trust relationship between two domain.

You need to understand nuances of ADMT and its working before you actually taken on migration production env.Also, its much better if you can simulate in a lab environment for successful result. I have below link which might help you to understand this. Start from reading ADMT guide first.

ADMT Guide: Migrating and Restructuring Active Directory Domains
http://technet.microsoft.com/en-us/library/cc974332(WS.10).aspx

MIGRATING STUFF WITH ADMTV3
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

ADMT Series
http://blog.thesysadmins.co.uk/category/admt

ADMT doesn’t have an Exchange/mailbox migration option.  If you are not planning to use a third party migration tool like Quest or NetIQ, your only option is to export the mailbox (exmerge) and import them.  But you will have some mail routing challenges here – like non-migrated users sending emails to migrated users and vice versa.

If you have a lot of mailboxes to migrate my recommendation is to consider a third party migration tool or a custom solution for mail routing (you can use a dummy SMTP address in the targetAddress attribute and a SMTP connector during the migration/co-existence to achieve this).
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
Leon FesterCommented:
Reason they are giving is, new domain will not have the attributes from windows 2003, that they believe could affect the performance of the new domain environment.

I'm not sure what attributes from Windows 2003 will be left lying around after you change the functional level of your domain.

Have a look at the "features that are available at each domain functional level"
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(WS.10).aspx

http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx

I would suggest upgrading your current root domain to Windows 2008/2012 DC's and then migrating the child domains using ADMT. In my opinion this solution requires the least re-design in my opinion.
0
 
LazarusCommented:
I'm not really into upgrades and I still side with going new. Upgrading brings all the old stuff... Junk and All... and depending on how old your domain is, there may well be a lot of crude. in the AD.

Obviously a new Domain would be more work, and take longer but you would have the option at that point to get things designed correctly for the new architecture before hand and have it ready to go.

I'm sure I'm not winning any points here, because I'm opting for a lot more work. Sometimes more work is better than a long drawn out headache.
0
 
maliks121Author Commented:
Thanks for your expert opinions. I am not going with upgrade in place, I am going with new domain environment. Creating new users, groups & joining servers with domain. I know it's A LOOOT more work as compared to collapsing the child domains but I am concerned about the possibility of moving attributes and objects to new domain.

what dvt_localboy has advised is right as well but it's not workable in my environment where my company has bought several small companies with different AD architecture.

Again Thanks guys
0
 
Leon FesterCommented:
in my environment where my company has bought several small companies with different AD architecture.


if that is the current environment then you don't have child domains. In which case the new domain would be the preferred route. Just make sure you've set aside enough time for testing of all the AD-integrated applications.

Tip: Easiest way to get users onto the new domain is to build the new domain with AD and Exchange, setup the trusts and use the linked mailbox feature to migrate the email services first. It also shows your company some quick wins...even if the rest of the project gets delayed, at least all your users will be able to use the same email domains, if required.

I had a similar project for a large financial organization with 24 domains and 25000 users, 3 major sites in different cities.

Planning took the best part of a year, so don't rush it. Implementation took another 2 years, because of the lack of documentation from some of the sites and only discovering some AD integrated applications along the way.

I'd suggest investing some time/money into the Quest tools. Very handy little tool for migrations.
0
 
LazarusCommented:
@maliks12, what dvt_localboy is saying is good advice. Take your time, get it right and  think seriously about getting the Quest tools, they are worth it.. I don't think it would take you nearly as long as his past project, but a lot depends on how complex an environment you have.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now