We currently have a single forest and a single domain this has been upgraded from NT to 2003 to 2008 Active Directory over the last 10 - 15 years.
I have been tasked with redesigning our Active Directory and Group Policies with an aim to make it more efficient and manageable. However most of the contents has not be documented as to what it does and those that new have either forgotten or have left (just the start of my headache).
As you can imagine it is like playing a big game of Jenga any little change to an account or group policy could potentially bring it all down.
What I wanted to do was create a brand new domain in the same forest and then rebuild all the machines and servers over time joining them to the new domain. I would also be recreating groups and user accounts in the new domain. While doing this I would want both domains to be able to see each other so will need a trust in place.
Can anyone see any major issue in doing this, I have spoken to a number of individuals and they and suggested never ever doing this but I can not understand why?