?
Solved

active directory

Posted on 2016-11-22
17
Medium Priority
?
65 Views
Last Modified: 2016-12-21
We already have 2 domain controllers in  our organization

1.world-hq1.com (having all fsmo roles)
2. world-hq2.com (this is also DC)

We want to build another dc name with world.com ( having all fsmo roles) in our organization.

How can we replicate info from world-hq1.com 2. And world-hq2.com (this is also DC)
To world.com ( which is another DC) preferably only user groups from world-hq1.com 2. And world-hq2.com

any tools we can use , they are all on premise servers
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
17 Comments
 
LVL 9

Accepted Solution

by:
Tomas Valenta earned 2000 total points
ID: 41898247
Hello,
you can do it by creating domain trust.
See for example this:
https://technet.microsoft.com/en-us/library/cc816837%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 41898340
one would normally create the forest world.com and then add the domains hq1.world.com and hq2.world.com.
0
 

Author Comment

by:pramod1
ID: 41899082
But how should I sync the user groups from domains hq1.world.com and hq2.world.com to world .com

will it sync on its own or what tools I should use

also what type of trust I should have
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 41899108
Just to be sure we understand your needs - Trusts between domains or forests are used for authentication purposes, so users from one domain can logon in second domain (or different forest - it is your case) by their account from first domain and vice versa. So there is no data sync only authentication request is forwarded to the trusted partner and I trust to response.
0
 

Author Comment

by:pramod1
ID: 41899135
I am giving you example.

company called -Johnson-hq.com I have right now 2 DC with name as Johnson-hq1.com and Johnson-hq2.com
johnson hq1.com has all fsmo roles

now I want to add Johnson.com as I have purchased that domain into a separate DC
want to have all fsmo roles in it. but need to sync users around 5000 from Johnson-hq1.com and Johnson-hq2.com to Johnson.com

first step would be to create two way trust between these 2 forests, but how will I sync? so how will data sync?
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 41899166
and what is the reason of syncing users ?
0
 

Author Comment

by:pramod1
ID: 41899170
actually my IT planner wants to finally upgrade to office 365 so that all user attributes sync from Johnson.com to office e365 instead running directory synchronization from two other dc's as he has made Johnson.com as primary tenant in office 365
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 41899180
OK, now it is clear. For your scenario is used Azure AD connect:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-topologies
0
 

Author Comment

by:pramod1
ID: 41899187
I  am reading the article but I need to sync all users from Johnson.com still I need to sync between on premise servers?
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 41899213
All domains will sync with Azure AD connect and Azure AD connect will be single AD partner for O365
0
 

Author Comment

by:pramod1
ID: 41899255
so you mean even I don't sync to Johnson.com from these other  2dc's it will sync to Johnson.com in 0365

but then what is the point in creating Johnson.com which my IT person wants
0
 

Author Comment

by:pramod1
ID: 41899299
Johnson-hq is a forest and Johnson.com will also be another forest?
0
 

Author Comment

by:pramod1
ID: 41899302
we want 1 forest
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 41899312
The best scenario is one forest but from your request it looks like your IT will not do it.
The better should be if you send me your current Domain structure.
Because if you have forest ".com" with domains world-hq1.com and world-hq2.com
then you can add third domain "johnson.com" and you do not need any sync inside, because
all domains are in one forest.
0
 

Author Comment

by:pramod1
ID: 41899313
I need to sync between two on premise forests so that users sync from 1 forest to 0365
0
 

Author Comment

by:pramod1
ID: 41899315
you are getting closer but he needs 1 more forest created with Johnson .com which will be main tenant in 0365. and want all users to sync from Johnson-hq1 and hq2 to Johnson .com , there must be some way sir
0
 

Author Comment

by:pramod1
ID: 41899338
my simple question can we sync users between 2 different forests through some tools
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question