Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Multiple AD Forests Merge / Migration

  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple AD Forests Merge / Migration

    Hello! (deep breath)

    Firstly, let me say I am really just looking for general pointers and discussion here, not anything in depth.

    I work in IT for a company which has over the last few years bought other businesses (6 in total). This has resulted in several separate AD forests of varying MS server versions. We are currently looking into implementing a single AD domain to service the whole "group" of companies.

    Some facts:

    In total, we have about 100 Domain PCs / Users.

    On the whole, things are setup pretty basic i.e. no great use of GP, no DFS, very basic account groupings etc.

    4 sites or LANs. These sites can currently be looked at as 2 sites joined together by a WAN link (letís say site group A) and another 2 sites linked by a WAN link (site group B). The 2 sets of 2 are not joined at all. Going forward, there will be reliable WAN links between all sites, bandwidth still to be decided.

    Site group A is home to 4 AD forests (all Server 2003). 3 of these are "organisational" forests (regular user accounts, shares, printers, SQL databases etc.) and the 4th is a "resource" forest which serves email (exchange 2007) to the users in the other 3 domains.

    Site group B has 2 domains. 1 domain is served by NT4 (honest) and the other 2003. The 2003 domain also has Exchange 2003 serving mailboxes to the users in the NT4 domain.

    So....My current thinking is that we create a new Forest with DCs spread around the sites (once full WAN is in place). Then either (a) migrate computer accounts and users to ne domain while still accessing shares, mail and other resources on old domains (with trusts and appropriate permissions) then move the resources from old to new or (b) move the shares, mail and other resources to the new domain first with the users and PCs on the old domains, again using trusts and permissions and then migrate the computers and users to the new domain.

    In either case, the idea is to be able to migrate Computer accounts and Users 1 at a time i.e. be under no pressure to do the lot in a night or weekend or whatever.

    I could go into much more detail over how I would plan to do the above but letís just leave it at the highest possible level steps for now.

    Additionally, for the mail migration part, I'm thinking exmerge but haven't really done much homework here except I have "migrated" mailboxes away from SBS 2003 to exchange 2007 successfully before so hoping that this will work again here.

    Essentially I see the project as a "manual" migration.

    I suppose my main questions are (1) has anyone been through anything like this before and would like to share their experience and (2) I know that there are things like ADMT about but I'm not convinced they fit my setup or are safe / stable enough to risk?. Anyone agree / disagree?

    Many apologies for very lengthy first post (in a while anyway) and thanks for listening!