    Wondering if any of you guys had been involved in the following sort of project before and how you did it.....

    I've got a client that wants us to install Exchange on there AD LAN but, it's a little tricky, well not tricky more that there's a couple of ways to do it.

    They have two locations that are joined over a WAN but in two totally seperate AD forests. Hence the machines can ping each other but they can't interact. For ease of admin, they would like to have a trust between the forests so they all see each other.

    If you guys were to walked into a project like this how would you manage it? The way I see it we have two choices, we implement the trust and then move all of company twos users into their own OU in company ones forest. Or (the way I'd like to do it) migrate the whole of company twos domain into company ones forest.

    Is there any migration tools availbale for this type of thing (mainly for SID history).

    Am I getting myself into the shittiest project of all time is what i think i'm really asking ;o)

    Anyway, any help or input greatly appricated.



  • #2
    If you want to use Exchange, by far the easiest way is to consolidate all into one forest. It is possible to use a 'resource forest' with Exchange, at the cost of extra administrative overhead, but avoid that if you can.

    If it is politically feasable you could take one of the existing forests, and migrate the other into it. That is the least-work option. Best result is to end up with on domain. For political reasons you could implement two domains, but that has very little technical advantage. It just makes stuff more complicated and harder to manage.

    If you have a lot of cleanup to do from the old forests you could start a new forest and migrate both old forest into that.

    As for tooling: check out ADMT. The lastest version is V3, I believe. That will at least migrate your user accounts. If you already have Exchange in the old forests you will need additional tooling. I just did an 'exmerge' type migration that went well.

    > Am I getting myself into the shittiest project of all time

    All in a days work Test and prepare well, and all will be fine.


    • #3
      Thanks for the input mate, you talk a lot of sense ;o)

      I have thought about the whole new forest scenerio and have definately left it open as an option. I'm going to their sites soon to do the survey's but I already know there will definately be a lot of cleanup on at least one of the forests, so new might be less work in the loing run.

      Does ADMT migrate SID history with the users? Just for the ease of file permissions and the like, would be a lot less hassle once the migration is complete.

      I've just compeleted a GroupWise to Exchange migration which was fun...... Looking foward to this now as there's NO Novell involved LoL!!

      Again Thanks fo the reply



      • #4
        Hi DeanPorter,

        Is it Windows 2003 AD? If yes, is "Federated Forest" an option for you?



        • #5
          > Does ADMT migrate SID history with the users?

          yes, it will. It will also clean it up again after the migration, if you want to.

          Good luck, let us know which option you go for.