Posted on 2014-03-19
I am asking for some high-level AD design/migration assistance. We have two small (<100 users) AD domains (on Server 2003) which are separated by a firewall. Domain A is behind the firewall and Domain B is outside the firewall currently. We will eventually be moving Domain B to be behind the firewall. We want to upgrade to Server 2008 which will require new physical domain controllers as we cannot upgrade in place on this hardware. We have come up with two options:
1) Build a new domain controller with Server 2008 on new hardware, setup trust with Domain A and migrate Domain A objects to new domain. Repeat for Domain B as it moves behind the firewall
a. Will we be able to use a trust and ADMT work through a firewall?
b. We see a benefit to be able to ‘clean up’ the domain structure by building a new domain – but it also would require more effort to build from scratch.
2) Build a new domain controller with Server 2008 on new hardware in Domain A, setup trust with Domain B and migrate objects to domain A
a. This leaves us with the old “messy” domain objects but we are experienced and comfortable with this process.
Also, any guidance with how to configure DNS for these trusts would be especially helpful. Any advice or suggestions would be appreciated. Thanks.