Forcibly Split AD Domain
Posted on 2014-10-24
We currently have an AD domain (2003 functional level) which spans two sites, connected via VPN tunnel. Site A hosts 6 DCs, including a DC which currently holds all of the FSMO roles. Site B just a single DC, and several users / clients. Due to changes in the organization, we need to split these two organizations into separate domains, so that they can be administered independently of one another. There will be different owners for both domains, which is why we are doing this.
Our current migration plan is to simply kill the VPN tunnel, and seize all of the FSMO roles onto the single DC at site B. Site A will never know that roles have been seized by the DC at site B, it will only know that the DC at site B is somehow inaccessible. At site B, we will simply act as if the remaining DC is now the sole DC on the domain. Essentially, what we're trying to do is a "forced" migration to site B, which will leave us with two identically named domains that can be managed independently.
Are there any caveats to doing it this way, vs. going through the official AD migration process (with ADMT, etc.)? ADMT seems to be a fairly involved process, and our current plan seems like it would greatly simplify this configuration change. Any suggestions, or insight as to what we're getting into, is greatly appreciated.