Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to establish AD trust and what's the impact to the user ?

Posted on 2015-02-10
7
Medium Priority
?
104 Views
Last Modified: 2015-02-26
Hi,
Can someone please assist me in how to setup AD trust between the two different AD domain without causing some problem or AD replication issue ?

My current DC is Windows Server 2008 R2 with Domain & functionality level: Windows 2003, and most of the small company.com AD domain is Windows Server 2003 SBS server.

Background:
My parent company (let say AD domain is BigCompany.com) has just bought multiple smaller business franchise offices (let say AD domain is SmallCompany1.com and so on around 27 of them)

At the moment, those AD domain in each of the SmallCompany1-27.com is managed by the external IT support team (outsourced)
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602488
let me know as well if there is any caveats or cons in doing this during the business hours.

Thanks
0
 
LVL 17

Assisted Solution

by:lruiz52
lruiz52 earned 668 total points
ID: 40602533
From my understanding, SBS does not support domain trust, you would have to do a full migration.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602588
Seriously ?

OK So in this case i'm going to rebuild the AD domain with proper servwr 2012 R2 and then set the domain trust relationship.

So in case the smaller company is no longer with our company I can just right click and delete the AD trust so that they can still operate themselves without me have to recreate all new AD domain again.

Is that possible ?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 1332 total points
ID: 40602621
SBS 2003 doesn't support domain trust

U can upgrade SBS 2003 to 2008 \ 2008 R2 standard and then establish domain trust
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602680
OK but in that case my scenario above is achievable right ?
Or not really possible ?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1332 total points
ID: 40602695
Yes, you can
Honestly speaking, adding new 2008 server to SBS, then removing SBS is itself a new project and after that you again have to demote this 2008 server as well after migration if I am not wrong.

Better you could directly move clients and servers to your domain and manually grant server access (file server etc)
Since this is SBS, I guess user base is very less, you can simply migrate user workstation along with profiles to new domain with profwiz tool (free version)
Profwiz will translate profile security and allow you to assign those profiles to users in new domain.
U do need to create users in your domain in advance.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602947
Yes, but after adding the new 2008R2 as another DC, I can then demote the old 2003 SBS DC so that I can set the AD trust to the bigcompany.com AD domain ?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question