Need to integrate two domains - Need Direction

We need to integrate two domains into a third.
We need to move both domains from a 10.x.x.x network to a 172.16.x.x network.

Where do I begin?
What needs to be set up first?

Should I look at this from an OSI layer perspective (i.e.- take care of layers 1-3 first, then go on to services like exchange, OU's, etc.)?
...or should I be server focused, making sure that everyone's profiles get moved, yada yada yada?

I have all of the requirements in my mind for the most part, but it's hard to organize them in order of priority... yes, I have made notes on paper/computer but that isn't helping me prioritize.

Essentially, I'm asking one question- In what order should I complete all the steps necessary to integrate two domains into a third?

(It would be great if there was a walkthrough or a template for this sort of thing.)

Not that it strictly matters at this point, but we will be prepping the third domain for deploying everyone onto XenDesktop 7.
Paul WagnerFriend To Robots and RocksAsked:
Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
from Exchage point of view, we do require more information

How would you want to go ahead ?

Do you want to keep same smtp namespace (Shared SMTP name space) in 3rd forest as like in forest A and forest B or it is entirely different ?
This will deside your mailflow architecture.

What is the affected user base at each domains as this will key question whether you need co-existence for lonf period OR short period and depending on this you need to decide kind of automation, manual work required.

Its not simply you can migrate users with ADMT, infact you can't do that because of Exchange dependencies and there is Exchange specific steps are involved for each user from server and client side as well.
Its really required careful planning otherwise you will face NDR issues, GAL updation issues, X500 problems
You can find out lot of online documenatiton wrt cross forest MS exchange migration and you can use it as reference, but you need to finalize your plan and you may face unknown issues during co-existence, some times you need to take MS help in case of weried issues

You do require email address of eah domain to be listed as contacts in each of domain if you want to ensure mailflow during co-existence.
During co-existence do you want to GAL to updated automatically in all 3 forests or you will manage that manually by adding and removing contacts
MS FIM is there to do automation for you (GAL SYNC)

Also do you want to have freebusy \ calender information to be shared across forests, then there you need to setup with MS tools such as Interorg replication tool (Exchange 2003), but well works in co-existence scenarios.

In simple words:
After you prepared AD with migration prerequistes there are multiple ways to migrate resources cross forest as MS Exchange is involved

The normal ADMT migration without MS exchange involved is pretty straight forward:
Build DNS name resolution across forests
Build cross forest \ external trusts
Migrate all groups
Migrate all service accounts
Migrate all users
Migrate all computers
Lastly migrate all application \ infrastructure servers

But things are getting complicated when exchange is involved cross forest as ADMT does not work with Exchnge attributes, simply can't migrate exchange attributes
Hence you must use seperate tools (may be 3rd party is one good option such s Quest) wrt to exchange user mailbox migration and this is directly impacting AD user and group migration.
Quest is really having very good migration tools, bit costly but help you to save time and headeque

Suppose you have all Exchange enabled distribution groups then ADMT will not migrate there exchnge attribute, so either you can provision them with FIM if its quantity is in thousands or you could migrate them with ADMT without exchange attributes and then mke them mail enabled them one by one \ through script
In case of mailbox user cross forest migration, you need to use exchange tool \ scripts (Preparemoverequests.ps1 if I can recollect perfectly) 1st to copy use from one exchnge org and then use ADMT in merged mode to have other AD attribute such as SID to be migrated.

Also unless you define proper gal sync \ updation solution, it will create mess with X500, NK2 files with cached x500 and so on.  

Frankly speaking, Exchange cross forest migrtion scenarios are never painless according to my experience.
Now as you aware, there are lot of stuff to be designed \ looked, You need to go google on each milestone and ensure that hired consultant is taking steps as appropriate.
because here one cannot provide you end to end plan for verification, hence you need to go ahead with step by step verification.
Please don't get me wrong, just trying to make you aware of troubles during co-existence \ migration.

Will SzymkowskiSenior Solution ArchitectCommented:
The following should be done this particular order...
This is a very high level overview...

- Network (communication between all domains)
- Create your 3rd domain
- Create Forest Trusts from Domain A and Domain B to Domain C (3rd domain)
- Use the Active Directory Migration Tool to move AD Objects to Domain C
- Migrate Exchange Mailboxes to Domain C
- Setup Exchange Accepted Domains for all of the domain that you will still be using or receiving mail internally for

There are much more details to the list above but that should get you started.

ADMT Download -

ADMT Step-by-step -

ADMT is very simple when only AD migration is there
When MS Exchange is involved in migration, its not simple thing to do
It requires lot of planning to maintain co-existence, mail flow, GAL and so on.

You need to hire consultant to design and deploy it properly, this is not the case where you can get detailed plan from blogs, EE and guides as this is situation specific and one must fully aware with your scenario, environment and exact requirements and then he can come up with plan.

Paul WagnerFriend To Robots and RocksAuthor Commented:
What is it going to do to have exchange servers in domain A and domain C with the same external email certs, email addressses, etc.? Do I need to flip the switch overnight or can they coexist?

We did hire a consultant already and he is working on the plan. I want to make sure his plan is sound.
Paul WagnerFriend To Robots and RocksAuthor Commented:
Very well thought out and intelligent. Thanks for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.