Solved

Internal Domain Rename

Posted on 2013-11-20
6
473 Views
Last Modified: 2015-06-22
I have a two site single SBS domain network I want to break into two separate networks. Here is a brief description of the current setup.

Site A (Primary Site)
SBS2003 (FSMO holder, GC)

Site B
Win2k3 Srv
AD, DNS, DHCP, GC

Connected by site-to-site VPN

My goal is to get both sites operating independently and remove the VPN. I'm already aware of all the licensing I need to achieve this. I'm looking for some advice on the separation. Here is my initial plan.

Site A
perform swing migration from SBS 2003 to Win 2012 R2.

Site B
This is where I'm unsure on how to proceed. Can I run a swing to 2012 R2 then use the domain rename tool to rename my internal domain at site B to something more appropriate to the organization and different than site A? Or does that even matter? I do have several users that work primarily at Site A but occasionally travel to Site B to work. What ramifications, if any, exist by just renaming the domain for these users?

Of course I can always start from scratch and build a new internal domain and migrate existing users to it but that is much more labor intensive and disruptive.

I look forward to the feedback. Thanks in advance.
0
Comment
Question by:mthsupport
6 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
If you have Exchange or SQL in your environment I would not do internal domain name change as it could break several applications. Your best bet would be to create a new Forest in Site B and use the Active Directory Migration Tool to migrate the objects from Site B to the new Forest. From there you will have complete separation.

ADMT - http://www.microsoft.com/en-ca/download/details.aspx?id=8377

ADMT Guide - http://www.google.ca/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&ved=0CCsQFjAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2Fa%2F9%2F4%2Fa94c5f56-f7b5-4ec8-bcaa-1eadf84c4e3f%2FV3MigGuide.doc&ei=RMmMUpqEGMeSyAGT_4GIBA&usg=AFQjCNF5JJLhOP_rb1rAe7KfUtVQsk4rLA&sig2=r9Hv5v6Qxw2IvpH37XAlxQ

I would not recommend doing the domain name change in a produciton environment. This is for test purposes only.

Will.
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
I think you would encounter problems if you split the two sites (whether you renamed one of them or not) when you have domain users and/or machines traveling and connecting between the sites.  Domain SIDs are not going to be changed by a rename.

You're going to have to set up a new domain in a new forest.  Migrating objects would help to reduce disruptions.
0
 

Author Comment

by:mthsupport
Comment Utility
Okay. Thanks for the feedback. A new domain it is.

I've never used ADMT before so I'm not sure if it is even worth it with a network of approximately 30 users. What advantages would using the ADMT provide me? It won't migrate passwords but will it migrate computer SID and user SID so at the workstations I won't have to create new profiles?
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
ADMT is used if you want to migrate Users/Groups or other AD Objects. This also allows for users in the new domain to be able to access files from the old domain as well. You will also have to re-create the profiles as they are in a new domain. If you only have 30 users then might not be worth the effort.

Will.
0
 

Author Comment

by:mthsupport
Comment Utility
Okay thanks Spec01.
0
 

Expert Comment

by:teggra
Comment Utility
Hi all,

short update 2 years later:

current status 2015
We also tought about renaming our domain or go ahead with a forest migration.
After discusison with Microsoft (ps calls) we identified exchange and sharepoint
as a no-go for any renaming procedures - only forest migration is an option (or just let it how it is ... ).

regards,
A.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now