Announcement

Collapse
No announcement yet.

Help moving AD2K domain to new forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help moving AD2K domain to new forest

    We have an organization with disjointed domain names, e.g., abc.com and xyz.com. These were orgininally created in NT where abc.com is the enterprise root and xyz.com a child domain. The entire network was subsequently migrated to Windows 2000, originally in mixed mode.

    For many reasons, xyz.com needs to move to a new forest while keeping the same name (xyz.com). External trusts will, then, be created between the two, but that is less important than maintaining a clean separation since it is imperative that old enterprise administrative SIDs not persist in the new forest where they could create security problems.

    The question is how to achieve the separation. I don't care of xyz.com temporarily loses rights to abc.com but I need to be sure that xyz.com users don't lose access to their files and folders. Also, I want to keep the domain name as we migration to AD 2003. I had thought about trying to orphan xyx.com from the enterprise, then doing a dcpromo of the xyz.com PDC but I'm not sure that will work and I'm not sure what will be the short term effects of losing the enterprise accounts on AD 2000 replication.

    Can anyone suggest a way to do this? It doesn't have to be painless but it has to be correct.

    Thanks in advance.
Working...
X