Announcement

Collapse
No announcement yet.

Advice on AD issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advice on AD issue

    Our current setup is an AD forest which was upgraded from an NT4 domain. There has been lots of problems with it over the years but essentially we are now at the stage where its reasonably stable. The original w2k AD controllers have been upgraded to w2k3 r2 boxes and the domain/forest is now w2k3 native. With the additional help from Microsoft other odd ad errors have been fixed.

    Because this was done badly in the first place - poor advice given to my predecessor - we have a strange domain name which makes it non logical to include other offices which want to join our AD structure.

    The original domain is internal.london.company.com where company.com is our external name space.

    Would it be better to create a new root child domain of company.local, move users and servers over and then remove the old internal.london.company.com domain? Including the FSMO roles etc.

    If so would we need to keep the old domain controllers for the forest or would the new ones hold that data?

    Or would it be better to create a new forest instead?

  • #2
    Re: Advice on AD issue

    If your domain is setup as you want it and stable with the only problem being the name then I'd rename it to something more sensible and then you can add branch offices as child domains if necessary. Daniel has written a guide:-

    http://www.petri.com/windows_2003_domain_rename.htm
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Advice on AD issue

      Seems extreme but might be a better option. Thanks for the headsup, I'll take a look.

      Comment


      • #4
        Re: Advice on AD issue

        If you are going to rename, I'd advise picking a different TLD to .local - some operating systems use that by default. Granted, if you don't use any of those operating systems then it shouldn't cause a problem, but makes sense to avoid it anyway. I use .lan for office networks.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Advice on AD issue

          Thanks for the tip.

          I have had a look through the domain rename proceedure but need to hear practical advise from anyone who has done this. We have 120 laptop users with local profiles and renaming the domain looks like it will affect those badly. Not too keen on fixing 120 profiles in a morning!

          Is it feesable to create a new domain and then move users/servers over gradually and then remove the old root domain?

          Comment


          • #6
            Re: Advice on AD issue

            It is most likely feasible, you would most likely create a trust between the two domains so as not to affect user access to services.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Advice on AD issue

              I was thinking more along the lines of another root domain and then when completed moving users and servers, deleting the old root domain. They then should share the same trust and exchange org.

              Comment


              • #8
                Re: Advice on AD issue

                I'm pretty certain that there is no way to create a new root domain for an existing forest. When you DCPromo the first DC in a domain, it can either be the first domain controller in a forest, or the first domain controller in a child domain. You cannot specify that the DC is to be the first DC in a new root domain of an existing forest.

                Neither can you assign an existing domain to a new forest; once a domain exists within a particular forest it always will be a member of that forest.

                I would recommend that you create a new forest and either use a migration tool to get your users and resources across or create them anew. There are advantages and disadvantages to both approaches.


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment


                • #9
                  Re: Advice on AD issue

                  When using dcpromo I get 3 options:

                  1) Create a new domain in a new forest
                  2) Create a new domain in an existing forest
                  3) Create a child domain in an existing domain

                  If I choose option 2 to create a new root domain. Can I then move all users and servers over and then remove the old domain?

                  Comment


                  • #10
                    Re: Advice on AD issue

                    Originally posted by zarg View Post
                    When using dcpromo I get 3 options:

                    1) Create a new domain in a new forest
                    2) Create a new domain in an existing forest
                    3) Create a child domain in an existing domain

                    If I choose option 2 to create a new root domain. Can I then move all users and servers over and then remove the old domain?
                    The new domain will NOT be a new forest root domain. It will be a domain at the root level; but the existing forest root domain will always be the forest root domain.

                    Sorry...
                    Attached Files


                    Tom
                    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                    Anything you say will be misquoted and used against you

                    Comment


                    • #11
                      Re: Advice on AD issue

                      I understand now, any new domain will not be a root domain...

                      If I create a new forest can they share exchange org? Or do I need to setup a new one?

                      Comment


                      • #12
                        Re: Advice on AD issue

                        You will need to set up a new Exchange Organisation.


                        Tom
                        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                        Anything you say will be misquoted and used against you

                        Comment

                        Working...
                        X