Sorry to keep harping- but if you have a trust between a child win2k domain in one forest with a root or child domain in another forest, does this use wins or dns. i know this is not a "real" forest trust and more like an external trust in that its not transitive and uses ntlm and NOT kerberos, but does it also relie on wins/netbios like an old NT-style trust?
thanks On 8/8/05, Tom Kern <[EMAIL PROTECTED]> wrote: > I just started today so what I got was- > they have connectivity to the child dns server but they cut off > connectivity to anything in the root domain. > the firewall is blocking all root traffic. > this has been like this for a week. > nothing is replicating to the root and there is no access to the _msdc > forest zone. > > The forest is win2k native with an empty root and 1 child domain in a > seperate tree. > they have DA access in the child domain but no DA/EA access in the root. > all the exchange servers(about 10) are in the child domain. > the only recipent policy in the root is the default one and the enterprise > RUS. > > > They want to migrate the child domain and all the resources to a new > forest where we have full control of everything. > i assume we do not need connectivity to the _msdc forest dns zone to > create a trust with the old child domain to migrate everything over(or > anything in the root dns zone). > > I'm not 2nd guessing the Quest guys, this is only for my own education. > > Thanks a lot > > > On 8/8/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote: > > I am sure Quest's consultant's knows what they are doing. Didn't you have > > them put a quote and migration plan together prior to the actual migration? > > Or are you asking these questions because you are second guessing them? Or > > is this just for your own knowledge? > > > > My understanding is that both domain names have to be different when using > > ADMT to migrate from a Source Domain to a Target Domain, unless Quest has a > > tool that over comes this that I am not aware of. Are you trying to keep > > the same domain name as the source? Microsoft also has a free tool that > > will allow you to rename the traget 2003 AD domain as after you have > > completed your migration and decommissioned old DC's. > > > > Jose > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Almeida Pinto, > > Jorge de > > Sent: Monday, August 08, 2005 2:46 PM > > To: ActiveDir@mail.activedir.org; activedirectory > > Subject: RE: [ActiveDir] AD migration > > > > > > What do you mean with "In fact, they are cut off from the root domain > > pyhsically. "? Do you mean as in there is not replication between the two > > domains? If yes... dare I ask for how long? > > > > As I know of you can migrate the child domain without the root being > > available because you will be having a trust between the new domain and the > > child domain > > > > I still don't understand what you mean... They are cut off from the root > > and the DNS is avlable in the root. I must be missing something. Can you > > explain a bit more? > > > > Jorge > > > > ________________________________ > > > > From: [EMAIL PROTECTED] on behalf of Tom Kern > > Sent: Mon 8/8/2005 11:08 PM > > To: activedirectory > > Subject: [ActiveDir] AD migration > > > > > > > > I just started working for a company. they used to outsource their > > AD/Exchange but now they're trying to get it back. > > > > Its a 2 tree, 2 domain forest. the root domain is empty. > > this company only has DA access on the child domain. No EA access. In > > fact, they are cut off from the root domain pyhsically. > > > > What they want to do is create a new forest and migrate all > > users,exchange,computers,etc to the new forest and be done with the > > old. > > They are going to use Quest sw and a consultant from Quest for this. > > > > My question is- can this be done without any connectivity to the root? > > both dns zones are in the root so they really don't have any dns > > locally as well(needless to say, you cam imagine what the rep logs > > look like). I'm sure this complicates matters. > > however, the Quest people seem to think this can still work. > > can it? > > > > also, can the new forest have the same domain names as the old one? > > > > Thanks(I'm the guy who posted about his new job jitters about a week > > or 2 ago, and here i am. Their AD is more messed up than I thought :) > > ) > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > This e-mail and any attachment is for authorised use by the intended > > recipient(s) only. It may contain proprietary material, confidential > > information and/or be subject to legal privilege. It should not be copied, > > disclosed to, retained or used by, any other party. If you are not an > > intended recipient then please promptly delete this e-mail and any > > attachment and all copies and inform the sender. Thank you. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
