Jimmy Vad
asked on
Domain Migration
Hi Experts,
I have a client whose AD forest has two trees. The forest root domain is a Windows 2003 domain, another tree is a Windows 2008. Now they are planning to upgrade to domain 2016.
The 2003 domain exists merely because that it's the forest root domain. In fact, all production resources are already in the 2008 domain.
I was wondering if they should create a new forest with a fresh setup 2016 domain, then migrate everything from the other forest to the new domain; or they should setup another tree within the same forest?
Which approach is least interruptive to the production environment?
Thanks
JV
I have a client whose AD forest has two trees. The forest root domain is a Windows 2003 domain, another tree is a Windows 2008. Now they are planning to upgrade to domain 2016.
The 2003 domain exists merely because that it's the forest root domain. In fact, all production resources are already in the 2008 domain.
I was wondering if they should create a new forest with a fresh setup 2016 domain, then migrate everything from the other forest to the new domain; or they should setup another tree within the same forest?
Which approach is least interruptive to the production environment?
Thanks
JV
ASKER
Hi Alex,
Thanks for your comment. It's possible to demote a forest root domain? Im under an impression that we cannot remove forest root domain ...
Thanks
JV
Thanks for your comment. It's possible to demote a forest root domain? Im under an impression that we cannot remove forest root domain ...
Thanks
JV
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Alex,
I see your point. Thanks.
JV
I see your point. Thanks.
JV
No problem,
Quite a handy guide here
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Quite a handy guide here
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers
Also,
I've just done some more digging
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
That states you cannot go direct from 2003 to 2016, so you need to go to either 2008r2 or 2012, then to 2016.
I've just done some more digging
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
That states you cannot go direct from 2003 to 2016, so you need to go to either 2008r2 or 2012, then to 2016.
If you build a new forest, you'll have to use something like the quest ad migration manager to get all your objects over, its a lot of work for not much benefit.
Thanks
Alex