Splitting 2003 AD Multisite Single Domain

  I have been tasked with taking a single domain with two sites and splitting them so they are no longer affiliated after a company sold off a group they no longer needed.  Looking at the current config (physically in the satellite office) it has its own physical Server 2003 domain controller.  DHCP is handled locally.  There is a point to point vpn that establishes connectivity between sites.  I see what looks to be complete AD, DNS, etc...

  My question is how best to sever the ties between companies.  I see many people say to not do this but to create a new domain and start over.  Is there a way to simply sever the relationship and deactivate the VPN and then continue functioning?

  I was directed to ADMT or Dells AD Migration software but without further handholding I am not sure what the process would really be.

Thanks in advance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
So basically you have 1 single domain and part of the company is now been sold. What you will have to do is create a new AD Forest Root domain, and then create a forest trust. You then use the ADMT tool to migrate any objects from the current domain to the new one.

When all of the objects that are required to be moved you then simply remove the trust between the domain and your done.

Check out the step-by-step tutorial below.

SandeshdubeySenior Server EngineerCommented:
In addition to above you can break VPN connection between two Sites DCs during split and perform below steps. I am assuming that you have one DC1 in main office and other DC2 in remote office which will be sold.

1.Move FSMO role on DC1 if it is not acting as FSMO role holder server.
2.Break the VPN connectivity between main and remote site.
3.Perform metadata cleanup of DC2 on DC1.
4.Seize the FSMO role on DC2.
5.Perform metadata cleanup of DC1 on DC2.
6. Delete the users, computers, groups etc. from both DC1 and DC2 which are not required as per business needs.

After performing above steps you end up with two separate identical domains running, unaware of each other.

You can also perform migration using ADMT.If you want to migrate user, computers, groups from one domain to new domain using ADMT tool you need to create trust relationship between two domain.
You need to understand nuances of ADMT and its working before you actually taken on migration production env. Also, its much better if you can simulate in a lab environment for successful result. I have below link which might help you to understand this. Start from reading ADMT guide first.

ADMT Guide: Migrating and Restructuring Active Directory Domains


Hope this helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.