Announcement

Collapse
No announcement yet.

Split one domain into two.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Split one domain into two.

    A customer has asked me to assist in splitting one domain into two. This follows the splitting of his company into two entities. I've never done this b4 and was wondering what the process is. It's a Windows 2003 domain.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Split one domain into two.

    I would first find out if he actually needs two domains i.e. is it for security purposes or is he just trying to follow the topology of the company.

    If he definately needs two domain then I create a new forest and use the Active Directory Migration toolkit to migrate the specified users / computers to the new domain.

    Hope this helps

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Split one domain into two.

      Thanks m80arm, I presume I'd have to setup a trust b/w the domains beforehand? I seem to have noticed that if the domain's functional level is set to "Windows 2000 native" then migration is not possible. I got this from the help file:
      When the domain functionality is set to Windows 2000 native or Windows Server 2003 then migration is possible b/w domains
      Thus if the existing server's domain functionality is defaulted to Windows 2000 mixed", then it seems it has to be promoted to "Windows 2000 Native" before migration is possible. Is this correct?

      And does the domain functionality have to be set on both old and new servers?
      |
      +-- JDMils
      |
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
      |

      Comment


      • #4
        Re: Split one domain into two.

        The following article from a well respected website should help :

        http://www.petri.com/active_director...ndows_2003.htm

        there should be no issues in changin the domain level from mixed to native providing all your DC's are 2000 or above.

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Split one domain into two.

          If we migrate all users to the new domain, what happens to the ACLs on the server we migrate? Won't the ACLs on the server (before the migration) still point to the previous domain once the server is added to the new domain?

          As a summary, we have a server (ABC) (of many servers) in the AN domain. We are migrating specific users to the IPL domain. This server (ABC) will then be demoted and promoted to the new domain (IPL).

          We are interested to see what happens to the home shares of the users on this server. Does anyone know what is going to happen to the ACLs?
          |
          +-- JDMils
          |
          +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
          |

          Comment


          • #6
            Re: Split one domain into two.

            We found out that the ACLs on the file system will still be valid for those users you migrate since we are migrating the SID history.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment

            Working...
            X