rickyrakParticipantApr 25, 2019 at 9:23 am #616558
Hello IT Gurus!
I wanted to get some advice on the best way to tackle a domain issue. Currently, my company operates on domain name which was created when the company was under a different ownership. So for example, we are contoso.com Now that we have changed names, and we have a need to bring our servers up level to Server 2016, we want to create a new domain to match our current company name (example, contisi.com)
Our idea was to create the new forest and domain controllers with contisi.com and then slowly start to migrate people. The questions I have are below:
– As both servers would be in the same subnet, are there any risks we face to operate this way? Will we suffer any issues when we promote the new domain?
– Do we need to consider anything special on our DNS setup?
– I assume we should build a trust between the two domains so that we can operate all of our member servers to the users seamlessly?
– Would creating a new domain and new forest be the best way to do this?
If anyone has any experience having done this before and can offer some guidance and lessons learned, that would be great! Thank you!
Russell SmithParticipantMay 31, 2019 at 2:56 pm #617675
Instead of creating a new AD domain/forest, you could consider just adding a new UPN suffix to your existing domain. That way users log in with [email protected] instead of [email protected]. You could also look at renaming your existing domain: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc738208(v=ws.10) and then upgrade servers to 2016. This may or may not be possible depending on what else you have in your infrastructure.
In answer to your other questions:
As long as DNS and DHCP are working properly, there shouldn’t be any issues running multiple domains/forests on the same physical subnet.
Assuming you will have two separate dedicated DNS infrastructures, I don’t think there’s anything special you need to think about.
If you want users to connect seamlessly to member servers in the old domain, then you will need a trust relationship.
If you must have a new AD, I would create a new forest.
Every scenario is slightly different and you need to test your plan, regardless of how you decide to move forward. Try to recreate the basics of your production environment in a virtual lab and check your plan works, and that you can roll back in the event of an issue.
You must be logged in to reply to this topic.