Solved

New Domain vs Domain collapse

Posted on 2013-05-31
8
1,070 Views
Last Modified: 2013-06-03
Hi Experts,
I have given a task to get information on domain migration,
We have windows 2003 DCs with 1 parent xxx.com and 10 child domains yyy.xxx.com. We have about 1600 users in parent and child domains. At least 80 Security and Distribution groups in each domain.
We are planning to get rid of child domains and keep only 1 parent domain as xxx.com

I need your suggestion weather we should collapse the existing child domains and use xxx.com as new domain environment or create a new domain environment using a new name like zzz.com & create 1600 users but I am sure we don't have to create a lot of groups

I spoke with consultant and they are advising to create  new domain environment zzz.com.
Reason they are giving is, new domain will not have the attributes from windows 2003, that they believe could affect the performance of the new domain environment.
0
Comment
Question by:maliks121
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 20

Expert Comment

by:Lazarus
ID: 39212020
You fail to state if you are staying with 2003 as the domain architecture or upgrading to 2008 or 2012? If that's relevant, it should be mentioned. But they are correct that collapsing the subdomain might not pickup the proper attributes for those coming into the original domain. Better to start a new domain as they suggest. Also makes for a cleaner overall  start.
0
 

Author Comment

by:maliks121
ID: 39213024
We are planning to upgrade DCs to 2008, 2012 & Exchange 2013. Can you shed some light on how CLEANER OVERALL START will help? It's going to be more work i believe if we would have to create a new domain environment.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 50 total points
ID: 39215862
If you are creating new domain then the work will be large starting from creating object,rejoining machine to domain,profile migration,etc and many more.

However you can create new domain and do migration i.e you can have same user object and there will be no manual profile migration required.

If you want to migrate user from one domain to new domain using ADMT tool you need to create trust relationship between two domain.

You need to understand nuances of ADMT and its working before you actually taken on migration production env.Also, its much better if you can simulate in a lab environment for successful result. I have below link which might help you to understand this. Start from reading ADMT guide first.

ADMT Guide: Migrating and Restructuring Active Directory Domains
http://technet.microsoft.com/en-us/library/cc974332(WS.10).aspx

MIGRATING STUFF WITH ADMTV3
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

ADMT Series
http://blog.thesysadmins.co.uk/category/admt

ADMT doesn’t have an Exchange/mailbox migration option.  If you are not planning to use a third party migration tool like Quest or NetIQ, your only option is to export the mailbox (exmerge) and import them.  But you will have some mail routing challenges here – like non-migrated users sending emails to migrated users and vice versa.

If you have a lot of mailboxes to migrate my recommendation is to consider a third party migration tool or a custom solution for mail routing (you can use a dummy SMTP address in the targetAddress attribute and a SMTP connector during the migration/co-existence to achieve this).
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 100 total points
ID: 39215923
Reason they are giving is, new domain will not have the attributes from windows 2003, that they believe could affect the performance of the new domain environment.

I'm not sure what attributes from Windows 2003 will be left lying around after you change the functional level of your domain.

Have a look at the "features that are available at each domain functional level"
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(WS.10).aspx

http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx

I would suggest upgrading your current root domain to Windows 2008/2012 DC's and then migrating the child domains using ADMT. In my opinion this solution requires the least re-design in my opinion.
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 100 total points
ID: 39216551
I'm not really into upgrades and I still side with going new. Upgrading brings all the old stuff... Junk and All... and depending on how old your domain is, there may well be a lot of crude. in the AD.

Obviously a new Domain would be more work, and take longer but you would have the option at that point to get things designed correctly for the new architecture before hand and have it ready to go.

I'm sure I'm not winning any points here, because I'm opting for a lot more work. Sometimes more work is better than a long drawn out headache.
0
 

Author Closing Comment

by:maliks121
ID: 39217436
Thanks for your expert opinions. I am not going with upgrade in place, I am going with new domain environment. Creating new users, groups & joining servers with domain. I know it's A LOOOT more work as compared to collapsing the child domains but I am concerned about the possibility of moving attributes and objects to new domain.

what dvt_localboy has advised is right as well but it's not workable in my environment where my company has bought several small companies with different AD architecture.

Again Thanks guys
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39217464
in my environment where my company has bought several small companies with different AD architecture.


if that is the current environment then you don't have child domains. In which case the new domain would be the preferred route. Just make sure you've set aside enough time for testing of all the AD-integrated applications.

Tip: Easiest way to get users onto the new domain is to build the new domain with AD and Exchange, setup the trusts and use the linked mailbox feature to migrate the email services first. It also shows your company some quick wins...even if the rest of the project gets delayed, at least all your users will be able to use the same email domains, if required.

I had a similar project for a large financial organization with 24 domains and 25000 users, 3 major sites in different cities.

Planning took the best part of a year, so don't rush it. Implementation took another 2 years, because of the lack of documentation from some of the sites and only discovering some AD integrated applications along the way.

I'd suggest investing some time/money into the Quest tools. Very handy little tool for migrations.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 39217567
@maliks12, what dvt_localboy is saying is good advice. Take your time, get it right and  think seriously about getting the Quest tools, they are worth it.. I don't think it would take you nearly as long as his past project, but a lot depends on how complex an environment you have.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question