Al, > Tom, are you saying it over and over again and expecting > a different response? I believe there's a definition for > that behavior if so ;)
That's the definition of marketing isn't it? Tom, I would say the one lone 2k3 DC needs a partner before you start this. I would agree with Al that what is mentioned should work but it implementation of it and things you don't mention that will probably stick you so you do want to dry run this in a lab to get a good feel of it. I also agree that you shouldn't keep the SID History around very long. In fact unless things are ACLed directly to user objects you should be able to move users without using much sid history at all if you repopulate the groups the users are in (and assuming not global groups) with the new userids. That may be a lot of work but it also indicates you know for sure what you are moving. Sometimes people just start picking up things and slapping them around with out any strong understanding of everything involved and just hope that MS covers the bases for them and in many cases this works fine but if it breaks, people are then learning how it all works while being shot at which isn't a fun place to be. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, July 13, 2004 9:34 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DeForestation Tom, are you saying it over and over again and expecting a different response? I believe there's a definition for that behavior if so ;) As for the tools, it is possible to do this with the Microsoft tools. The reference for this is the migration cookbook. will this work? am i insane? >>>see above for that question; I think you might have answered that (lol) will sid history feature allow my users to still access the shares in the old forest during the migration? >>>that's a question. Why not test it early and find out? I would suspect that you will have some trust issues but otherwise it's possible (you didn't mention a trust or not; see the documentation for migrations and sIDHistory usage). is miis feature pack enough(with mssql and win2k3) to share the GAL?>>>>to share the GAL? Yep, it'll do that. is subinacl enough to re-acl all the shares and printes in my new forest?>>>Can't see any reason why not. Not to say in your organization there won't be a few issues. Usually there are a few "bumps". what issues can i expectt? is this doable? >>>>issues? There'll be a few issues that you'll have to work through. Practice makes perfect and there is no other way to really know what the issues will be in your environment specifically until you go through it. Using sIDHistory is probably not something you want to use long-term (i.e. any longer than you have to) since you won't have control of the central forest. -al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, July 13, 2004 8:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DeForestation wow, i'm replying to my own posts. now its offical, i'm a loser... can you guys direct me to a good reference for what i'm asking(not the loser bit). anything that overs hitches in cross forest coexistance or migration? thanks again and sorry for beating a dead horse. -----Original Message----- From: Kern, Tom Sent: Friday, July 09, 2004 8:36 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DeForestation I'm migrating a child domain from one win2k forest to a new one. the source forest is running win2k3 in the root and i have a destination forest with one empty winn2k3 dc. i'm using admt, miis feature pack and exchange migration wizard(both forests will have exchange2k in native mode). i'm also using subinacls to re-acl everything. all my source dc's in the child domain are winsk though i have some NT member servers. my clients are all win2k pro and winXP. i have one brand new server that is running the win2k3 root in the dest. forest. will this work? am i insane? will sid history feature allow my users to still access the shares in the old forest during the migration? is miis feature pack enough(with mssql and win2k3) to share the GAL? is subinacl enough to re-acl all the shares and printes in my new forest? what issues can i expectt? is this doable? I apologize for all the questions but my cio wants to leave our current forest for polotical reasons in 2 weeks and i'm the only one doing this migration and i thought you guys could help me even see if this is feasible(he doesn't want to spend the money for Alieta or any other third party apps!!??). the only AD aware or dependent app we have is exchange2k(the root domain is using SAP but i don't know if this will affect it). i'd just like some input. i know this si a broad and big topic but just any advice or war stories or even "no don;t do this, are you insane!", would be great. thanks alot and again, my apologies for throwing such a big diverse topic out there. i know it can't be resolved in a simple forum.... List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
