Splitting up Win2k8 Domain

I would like to split up my network into two separate domains that will not communicate with each other.

I currently have a single domain with 7 servers.
I would like to have 2 separate domains.  I.E Domain1 & Domain2
Domain1 I would have 3 Servers  1 DC
Domain 2 would have 4 servers 1 DC
OS on both DC's Win2k8- r2 64 bit.
Domain and Forest functional level = Win2k3

The users will not share resources anymore. Company is splitting up.
What is the best way to accomplish this. Please be as specific as possible.
Who is Participating?
Sarang TinguriaConnect With a Mentor Sr EngineerCommented:
You will need to create a new forest and then Migrate half (or of your choice) of the users/computers from old domain to new one....No shortcuts will work (You may use ADMT)
If there are less than ten resources to move then I would suggest to disjoin/delete computers/users  from old DC and add/create in new domain
First recommendation is to make sure you have two DCs in each.
Using HyperV with VMs you may achieve what you currently have in physical setup for one in both.

Two servers having a hyper-v a VM DC on each and then whatever other applications you have.
You will have three physical servers left for IO intensive applications that can not or should not be virtualized.

Depending onthe win2k8 version you have, ...
Radhakrishnan RSenior Technical LeadCommented:

The challenging part would be, how you move or split the users between 2 domains. Since you have 1 domain at the moment, you should create the 2nd domain but how you are planning to split the existing users? if the existing users stay in 1st domain then there won't be any issues. Otherwise you need to create trust between these 2 domains at least for moving the users.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

HelpMe01Author Commented:
The users will not share resources on either domain.

I can not do a VM infrastructure right now.

The users are in different companies.
I.E. Users in Domain1 will not need to access Domain2 (and Vise Versa)

If I delete the users, computers What about the rights in the folders the have access to.

Right now they have different home folders on different servers (Already split)
The resources are already split. I just need to migrate the servers, and users to another domain.
Your split is user based which is tied into UUID/GUID
when you separate the users from the Domain, the file ownerships/rights have to be adjusted accordingly. Using the suggestion of transferring users between the two domains will preserve their UUID/GUID and the rights to the files.

Going to a single DC leaves you vulnerable.
David Johnson, CD, MVPOwnerCommented:
Once you remove the user from the domain you will have orphaned SID's on the file shares. This is only an esthetic problem not a functional problem and the users that HAD those SID's will not be able to access the previous shares. Changing your administrative passwords is a good idea on the older domain.
HelpMe01Author Commented:
I will setup a new forest
Create a trust
Run ADMT 3.1
implement Sid history (removes sharing)
implement Sid filtering
then Delete the computers / users from original domain.

Thanks everyone for the quick answers.
piyushranusriSystem Cloud SpecialistCommented:
are you in same physical location?

you can do all these by vlan configuration on switch layer3. just define different vlan and here you go..
HelpMe01Author Commented:
I needed to remove the servers from the domain. Vlan will not work in my scenario.
Thanks for the suggestion though.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.