Hi Guys, I have finally got a working production domain (hooray!!), and now need to start migrating users into it. The plan is as follows:
Create users with LDIFDE Establish 1 way trust so that legacy NT4 domains trust new AD Populate appropriate local groups in legacy domains with globals from AD Migrate users to XP in new domain, allowing them to continue accessing resources in legacy domain Migrate servers, dev, then test, then production into AD (servers will all be Win2K) The bit I'm most worried about is how the trusts will work. I have about 16 offices with varying numbers of users, each with their own NT4 domain. I am deploying a single global AD domain, with DC's in each office. I had assumed that if I point regional AD controllers to the local legacy WINS servers, then each NT4 domain would end up with a 1c record for the new domain, consisting of the DC's that are nearest. Can I establish trusts between AD and multiple regional domains like this, and have each NT4 domain connect to the nearest AD controllers without trying to establish sessions to all worldwide DCs? Comments/advice gratefully received! Cheers, Paul List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/