How to establish AD trust and what's the impact to the user ?

Can someone please assist me in how to setup AD trust between the two different AD domain without causing some problem or AD replication issue ?

My current DC is Windows Server 2008 R2 with Domain & functionality level: Windows 2003, and most of the small AD domain is Windows Server 2003 SBS server.

My parent company (let say AD domain is has just bought multiple smaller business franchise offices (let say AD domain is and so on around 27 of them)

At the moment, those AD domain in each of the is managed by the external IT support team (outsourced)
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

MaheshConnect With a Mentor ArchitectCommented:
Yes, you can
Honestly speaking, adding new 2008 server to SBS, then removing SBS is itself a new project and after that you again have to demote this 2008 server as well after migration if I am not wrong.

Better you could directly move clients and servers to your domain and manually grant server access (file server etc)
Since this is SBS, I guess user base is very less, you can simply migrate user workstation along with profiles to new domain with profwiz tool (free version)
Profwiz will translate profile security and allow you to assign those profiles to users in new domain.
U do need to create users in your domain in advance.
Senior IT System EngineerIT ProfessionalAuthor Commented:
let me know as well if there is any caveats or cons in doing this during the business hours.

lruiz52Connect With a Mentor Commented:
From my understanding, SBS does not support domain trust, you would have to do a full migration.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Senior IT System EngineerIT ProfessionalAuthor Commented:
Seriously ?

OK So in this case i'm going to rebuild the AD domain with proper servwr 2012 R2 and then set the domain trust relationship.

So in case the smaller company is no longer with our company I can just right click and delete the AD trust so that they can still operate themselves without me have to recreate all new AD domain again.

Is that possible ?
MaheshConnect With a Mentor ArchitectCommented:
SBS 2003 doesn't support domain trust

U can upgrade SBS 2003 to 2008 \ 2008 R2 standard and then establish domain trust
Senior IT System EngineerIT ProfessionalAuthor Commented:
OK but in that case my scenario above is achievable right ?
Or not really possible ?
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes, but after adding the new 2008R2 as another DC, I can then demote the old 2003 SBS DC so that I can set the AD trust to the AD domain ?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.