Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Splitting up Win2k8 Domain

Posted on 2013-06-08
9
Medium Priority
?
465 Views
Last Modified: 2013-06-11
I would like to split up my network into two separate domains that will not communicate with each other.

I currently have a single domain with 7 servers.
I would like to have 2 separate domains.  I.E Domain1 & Domain2
Domain1 I would have 3 Servers  1 DC
Domain 2 would have 4 servers 1 DC
OS on both DC's Win2k8- r2 64 bit.
Domain and Forest functional level = Win2k3

The users will not share resources anymore. Company is splitting up.
What is the best way to accomplish this. Please be as specific as possible.
0
Comment
Question by:HelpMe01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 39232573
First recommendation is to make sure you have two DCs in each.
Using HyperV with VMs you may achieve what you currently have in physical setup for one in both.

Two servers having a hyper-v a VM DC on each and then whatever other applications you have.
You will have three physical servers left for IO intensive applications that can not or should not be virtualized.

Depending onthe win2k8 version you have, ...
0
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 39232621
Hi,

The challenging part would be, how you move or split the users between 2 domains. Since you have 1 domain at the moment, you should create the 2nd domain but how you are planning to split the existing users? if the existing users stay in 1st domain then there won't be any issues. Otherwise you need to create trust between these 2 domains at least for moving the users.
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 1500 total points
ID: 39232812
You will need to create a new forest and then Migrate half (or of your choice) of the users/computers from old domain to new one....No shortcuts will work (You may use ADMT)
If there are less than ten resources to move then I would suggest to disjoin/delete computers/users  from old DC and add/create in new domain
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:HelpMe01
ID: 39233225
The users will not share resources on either domain.

I can not do a VM infrastructure right now.

The users are in different companies.
I.E. Users in Domain1 will not need to access Domain2 (and Vise Versa)

If I delete the users, computers What about the rights in the folders the have access to.

Right now they have different home folders on different servers (Already split)
The resources are already split. I just need to migrate the servers, and users to another domain.
0
 
LVL 80

Expert Comment

by:arnold
ID: 39233270
Your split is user based which is tied into UUID/GUID
when you separate the users from the Domain, the file ownerships/rights have to be adjusted accordingly. Using the suggestion of transferring users between the two domains will preserve their UUID/GUID and the rights to the files.

Going to a single DC leaves you vulnerable.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 39233669
Once you remove the user from the domain you will have orphaned SID's on the file shares. This is only an esthetic problem not a functional problem and the users that HAD those SID's will not be able to access the previous shares. Changing your administrative passwords is a good idea on the older domain.
0
 

Author Closing Comment

by:HelpMe01
ID: 39235930
I will setup a new forest
Create a trust
Run ADMT 3.1
implement Sid history (removes sharing)
implement Sid filtering
then Delete the computers / users from original domain.

Thanks everyone for the quick answers.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39236760
are you in same physical location?

you can do all these by vlan configuration on switch layer3. just define different vlan and here you go..
0
 

Author Comment

by:HelpMe01
ID: 39237534
I needed to remove the servers from the domain. Vlan will not work in my scenario.
Thanks for the suggestion though.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question