Announcement

Collapse
No announcement yet.

Windows 2003 AD Restructure Nightmare

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 AD Restructure Nightmare

    Hi all,

    I'm facing with this problem now:

    We have 2003 AD forest with one root (ap.xxx.com) and one child domain (sg.ap.xxx.com), running at Windows 2000 native(domain function) and Windows 2000(forest function).

    Now the problem is, we will need to join "sg.ap.xxx.com" to our headquarter's AD infrastructure: which already consist of an AD forest (ad.xxx.com), as well as sub forest domain (ap.ad.xxx.com) for Asia Pacific region.

    What should we do now? I'm out of wits, as our HQ AD is running at Windows 2000 native as well, which means we can't use the domain rename function.

    Hope to hear from you guys soon.

  • #2
    Re: Windows 2003 AD Restructure Nightmare

    I will give this a shot.

    Seems the easiest thing to do would be to create a new, empty subdomain in ad.xxx.com and use the Active Directory Migration Tool 3.0 to populate it with the accounts from sg.ap.xxx.com.

    ADMT 3.0 is a free download from Microsoft.

    Daniel P. also has a brief overview of it on this site.

    Hope this points you in the right direction.

    Wiley
    MSCA (2000 & 2003), MCSE (2000 & 2003), A+, Net+
    Next exams:70-298, 70-299 & Security+ for MCSE + Security
    "Never argue with a fool, because someone standing 15 feet away will not know which one of you is the fool."

    Comment


    • #3
      Re: Windows 2003 AD Restructure Nightmare

      Have you thought about simply configuring a forest to forest trust?

      Comment


      • #4
        Re: Windows 2003 AD Restructure Nightmare

        This was my first thought.

        As I understand it though, he is running one Server 2003 machine and one Windows 2000 machine. Both forest are set to Windows 2000 forest functional level. Forest trust require both forests to be Server 2003 at 2003 forest functional level.

        If both domains are on Server 2003, then raising the forest functional level to 2003 on both would certainly help solve the problem.

        Wiley
        MSCA (2000 & 2003), MCSE (2000 & 2003), A+, Net+
        Next exams:70-298, 70-299 & Security+ for MCSE + Security
        "Never argue with a fool, because someone standing 15 feet away will not know which one of you is the fool."

        Comment


        • #5
          Re: Windows 2003 AD Restructure Nightmare

          Originally posted by twj100
          What should we do now? I'm out of wits, as our HQ AD is running at Windows 2000 native as well, which means we can't use the domain rename function.
          Even if you could rename the ap.xxx.com forest or sg.ap.xxx.com domain, you still can not move the domain from ap.xxx.com forest to corporate ad.xxx.com forest.

          To me it looks like you have 2 options:

          1) upgrading existing ap.xxx.com forest to W2K3 and creating a forest trust (notice that this still does not accomplish the target - you are still stuck with 2 forests to manage)

          2) Performing a fully blown migration from sg.ap.xxx.com domain to sg.ad.xxx.com domain in the corp forest.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment

          Working...
          X