?
Solved

Joining / Merging 2 companies AD's

Posted on 2013-12-16
7
Medium Priority
?
137 Views
Last Modified: 2014-03-27
Hey guys,

Really hoping you guys can help me out here..

Our company has just been bought out by another and I have been asked to look at and prepare a document on how to join the 2 AD domains together.

I believe that both AD forests are at 2003 level and both companies run an internal Exchange 2010 server.

I've never had to deal with something like this so I am looking forward to the challenge. From my brief readings it seems that there are a few ways to go about this and are based on what outcome you want to achieve.

If someone has had to do a similar thing, could you be so kind in giving me some info on the pro/con of the different methods and any link to materiels you used for the process

Thanks
0
Comment
Question by:QuazzieM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39722910
Start by looking at the Microsoft ADMT guide

http://blogs.technet.com/b/askds/archive/2010/06/19/admt-3-2-released.aspx

also be aware that the new ADMT is coming out in Q1 2014, the ds team just blogged about it on Fri

http://blogs.technet.com/b/askds/archive/2013/12/13/an-update-for-admt-and-a-few-other-things-too.aspx

Having said that there are also third party migration tools like Quest that are a bit more mature.   Quest is not cheap but you should at least look at it.

Setup a lab and start testing migrations.  

Do they want you all to migrate into their infrastructure or build a new infrastructure and migrate the two into that?

Thanks

Mike
0
 

Author Comment

by:QuazzieM
ID: 39722942
That's the million dollar question ATM. I've gone back to my new CIO and requested some clarification as to what the really want to achieve from the process.

I asked if they simply want each site to be able authenticate against each other. So that users from each forest have the ability to log into either sites Terminal servers or if they want to consume our forest into there's. I cant see them wanting to create another new domain forest as they are lot bigger then us.

From what I can tell, doing a 2 way forest trust should allow for users from both sites to authenticate and access things like terminal servers and I believe this is what they'll want, as I believe we'll still operate as single entity, but they'll just need access to our systems (once I join the two Telstra MPLS networks)

My only real concern for this is the exchange side of things.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39722947
How big are the two companies?
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:QuazzieM
ID: 39722957
We have about 500 AD users and about 400 Exchange mailboxes and over 1200 PC's

Them I have nfi.. I would presume a lot more.

From what I can tell, they simply just need to be able to authenticate against our domain, so that they can log into our Terminal servers and what not from their location.

I don't think they will want to consume the company as they've bought out multiple companies and they still operate under there original names once this new conglomerate buys them out.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 750 total points
ID: 39722967
You may also get away with just establishing a trust relationship between the two.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 750 total points
ID: 39723126
My suggestion would be the following:

1.  Use ADMT tools and migrate AD objects from one domain to the other
2.  Read http://msexchangeteam.com/archive/2006/11/02/430289.aspx and http://technet.microsoft.com/en-us/library/aa997145.aspx to ensure you follow the correct migration path
0
 

Author Comment

by:QuazzieM
ID: 39723224
OK so the CIO finally got back to me.

It seems that they want a simple solution, which is the ability for AD user accounts from either domain to be able to log in and access Terminal servers and what not.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question