• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 108
  • Last Modified:

How to establish AD trust and what's the impact to the user ?

Hi,
Can someone please assist me in how to setup AD trust between the two different AD domain without causing some problem or AD replication issue ?

My current DC is Windows Server 2008 R2 with Domain & functionality level: Windows 2003, and most of the small company.com AD domain is Windows Server 2003 SBS server.

Background:
My parent company (let say AD domain is BigCompany.com) has just bought multiple smaller business franchise offices (let say AD domain is SmallCompany1.com and so on around 27 of them)

At the moment, those AD domain in each of the SmallCompany1-27.com is managed by the external IT support team (outsourced)
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 4
  • 2
3 Solutions
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
let me know as well if there is any caveats or cons in doing this during the business hours.

Thanks
0
 
lruiz52Commented:
From my understanding, SBS does not support domain trust, you would have to do a full migration.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Seriously ?

OK So in this case i'm going to rebuild the AD domain with proper servwr 2012 R2 and then set the domain trust relationship.

So in case the smaller company is no longer with our company I can just right click and delete the AD trust so that they can still operate themselves without me have to recreate all new AD domain again.

Is that possible ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
MaheshArchitectCommented:
SBS 2003 doesn't support domain trust

U can upgrade SBS 2003 to 2008 \ 2008 R2 standard and then establish domain trust
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
OK but in that case my scenario above is achievable right ?
Or not really possible ?
0
 
MaheshArchitectCommented:
Yes, you can
Honestly speaking, adding new 2008 server to SBS, then removing SBS is itself a new project and after that you again have to demote this 2008 server as well after migration if I am not wrong.

Better you could directly move clients and servers to your domain and manually grant server access (file server etc)
Since this is SBS, I guess user base is very less, you can simply migrate user workstation along with profiles to new domain with profwiz tool (free version)
Profwiz will translate profile security and allow you to assign those profiles to users in new domain.
U do need to create users in your domain in advance.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes, but after adding the new 2008R2 as another DC, I can then demote the old 2003 SBS DC so that I can set the AD trust to the bigcompany.com AD domain ?
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now