No announcement yet.

Help moving AD2K domain to new forest

  • Filter
  • Time
  • Show
Clear All
new posts

  • Help moving AD2K domain to new forest

    We have an organization with disjointed domain names, e.g., and These were orgininally created in NT where is the enterprise root and a child domain. The entire network was subsequently migrated to Windows 2000, originally in mixed mode.

    For many reasons, needs to move to a new forest while keeping the same name ( External trusts will, then, be created between the two, but that is less important than maintaining a clean separation since it is imperative that old enterprise administrative SIDs not persist in the new forest where they could create security problems.

    The question is how to achieve the separation. I don't care of temporarily loses rights to but I need to be sure that users don't lose access to their files and folders. Also, I want to keep the domain name as we migration to AD 2003. I had thought about trying to orphan from the enterprise, then doing a dcpromo of the PDC but I'm not sure that will work and I'm not sure what will be the short term effects of losing the enterprise accounts on AD 2000 replication.

    Can anyone suggest a way to do this? It doesn't have to be painless but it has to be correct.

    Thanks in advance.