Announcement

Collapse
No announcement yet.

Merging AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Merging AD

    I want to find out about joining 2 AD domains (both Win2k3 DC's) and whether its a good idea or not. Each AD consists of 1 server and are connected via a site to site vpn. The remote site is halfway across the country. Managing 2 AD is a pain sometimes so I wanted to know how it would be possible to manage them from 1 AD forest. Right now what we do is connect to the remote server via remote desktop.

    Any and all suggestions are appreciated.

  • #2
    Re: Merging AD

    Do you want to merge the domains from 2 to 1 or are you just wanting to merge the forests or create a trust between the forests?

    You'd need a minimum of two AD sites as I'm guessing site A is not "well connected" to site B.

    Tell me more about your requirements. There usually quite a bit more background information that comes in to play when considering AD site design.

    Jas
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: Merging AD

      These are 2 completely seperate domains. So I guess you can say they are in their own forests. We would like to be able to administer (and create GPO's) from 1 location, instead of having to manage the remote domain in its own forest via remote desktop.

      Would creating a trust between the two forests achieve this?

      Scenario: Site A has an existing Win2k3 domain. Site B has an existing Win2k3 domain. No Exchange or anything like that is involved, just file and print services. Site A wants complete control over Site B IT infrastructure including the ability to lock down computers with the use of GPO's. This has to be done w/o having to manually reconfigure any computers at both sites since this has to be done seemlessly w/o the help of anyone phyically at Site B.

      Comment


      • #4
        Re: Merging AD

        I would start by looking at the ADMT, also known as the Active Directory Migration Tool from Microsoft. This will probably be your best bet.

        Helpful links on ADMT 2.0:

        http://www.microsoft.com/downloads/d...DisplayLang=en

        http://support.microsoft.com/kb/326480/en-us

        http://www.petri.com/active_director...ndows_2003.htm

        Perform some serious planning to make sure that what you come up with will serve your organization well now and into the future. Collaborate with your IT groups so that everyone is in agreement on the direction you're heading.
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: Merging AD

          Is it common that such a migration is performed across a vpn? Even on a small network of about 60 nodes at each site?

          Comment


          • #6
            Re: Merging AD

            Originally posted by lincoln
            Is it common that such a migration is performed across a vpn? Even on a small network of about 60 nodes at each site?
            Common for me? No. I work for a large company with over 150,000 users.

            Merging active directory domains or forests is not normally a common task for anyone. A situation which warrants such activity rarely presents itself in most companies, let alone multiple instances.

            Regarding the VPN, are you questioning the integrity of your VPN connection, concerned to the point that should your VPN connection fail during a merging process, all is lost?
            VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
            boche.net - VMware Virtualization Evangelist
            My advice has no warranties. Follow at your own risk.

            Comment


            • #7
              Re: Merging AD

              My thoughts exactly on the vpn. Just wanted to be sure I'm not the only one thinking like that. I'll most likely suggest sticking with managing 2 different domains. Thx.

              Comment


              • #8
                Re: Merging AD

                If you are concerned that the VPN might not be reliable enough for the migration itself, then I would question the VPN's reliability factor as an Active Directory intersite connector for 1 or 2 domains in the same forest. Could be trouble.
                VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                boche.net - VMware Virtualization Evangelist
                My advice has no warranties. Follow at your own risk.

                Comment

                Working...
                X