Do you mean check off "associate with external account" on the user attrib?
Also, how do they see the GAL in the old forest? How does outlook in the new domain find the gc's in the old domain(i think the answer to this is when it points to the exchange server in the old forest, dsproxy will direct them to a gc in the exchange server's site?) also, i tought a lot of things would break when disabling netbios/tcp, like ESM,outlook pre 2003,exmerge,etc. Thanks On 8/9/05, Bernard, Aric <[EMAIL PROTECTED]> wrote: > Don't worry Kingslan, I won't hold anything against you! ;) LOL > > > > "Aric" Bernard > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, August 09, 2005 2:52 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] AD migration > > Ummmm.... Well, one - I like simplicity. Two, I'm not a big fan of > WINS. > If all we're trying to do is to establish trust for a migration... > > Besides, Bernard has already been here to show me the error of my ways, > Thank you. > > ;o) > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Tuesday, August 09, 2005 4:40 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] AD migration > > I didn't read the entire thread so maybe this is answered but this stuck > out > to me, why isn't WINS going to work? > > WINS replication nor name resolution doesn't require any trusts nor even > authentication. It is all entirely unauthenticated with replication > being > handled through IP address based "connection agreements" between the > source > and destination targets. > > WINS is entirely name resolution, no worries with trusts or anything > else in > terms of that name resolution. > > When you register in WINS, it is anonymous. When you query WINS it is > anonymous. Only when you use the admin interfaces to say look at the > database or modify the connection agreements, etc does any form of > authentication come into play. > > > When playing across subnets like this with netbios functionality, WINS > is > generally the best way to go, certainly it is one of the least complex. > The > only time I would really look at using LMHOSTS is if there was a > requirement > not to use WINS or you don't want the names to be resolveable to anyone > that > asks. > > > joe > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan > Sent: Tuesday, August 09, 2005 12:07 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] AD migration > > Really, it uses neither. The NetBT is involved, but because we are on > (at > present) untrusted domains and forests, WINS isn't going to work. > > Typically, this is done with an LMHosts file in the \Drivers\ETC > directory. > The records are going to be very specific, as they will define the > domain of > the target domain, as well as (typically) the PDC for the target. A > 'mirror' LMHosts will be set up on the other trusting side. > > As noted, the format of the records is specific, and can be found here: > > http://support.microsoft.com/kb/180094/ > > And take SPECIAL NOTE that the DOMAIN-NAME records must be EXACTLY as > defined, otherwise they will not work. > > Good luck - it's not daunting, but can be tedious to get working the > first > time. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Tuesday, August 09, 2005 5:58 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] AD migration > > Sorry to keep harping- but if you have a trust between a child win2k > domain > in one forest with a root or child domain in another forest, does this > use > wins or dns. > i know this is not a "real" forest trust and more like an external trust > in > that its not transitive and uses ntlm and NOT kerberos, but does it also > relie on wins/netbios like an old NT-style trust? > > thanks > > On 8/8/05, Tom Kern <[EMAIL PROTECTED]> wrote: > > I just started today so what I got was- they have connectivity to the > > child dns server but they cut off connectivity to anything in the root > > > domain. > > the firewall is blocking all root traffic. > > this has been like this for a week. > > nothing is replicating to the root and there is no access to the _msdc > > > forest zone. > > > > The forest is win2k native with an empty root and 1 child domain in a > > seperate tree. > > they have DA access in the child domain but no DA/EA access in the > root. > > all the exchange servers(about 10) are in the child domain. > > the only recipent policy in the root is the default one and the > > enterprise > RUS. > > > > > > They want to migrate the child domain and all the resources to a new > > forest where we have full control of everything. > > i assume we do not need connectivity to the _msdc forest dns zone to > > create a trust with the old child domain to migrate everything over(or > > > anything in the root dns zone). > > > > I'm not 2nd guessing the Quest guys, this is only for my own > education. > > > > Thanks a lot > > > > > > On 8/8/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote: > > > I am sure Quest's consultant's knows what they are doing. Didn't you > have them put a quote and migration plan together prior to the actual > migration? Or are you asking these questions because you are second > guessing > them? Or is this just for your own knowledge? > > > > > > My understanding is that both domain names have to be different when > using ADMT to migrate from a Source Domain to a Target Domain, unless > Quest > has a tool that over comes this that I am not aware of. Are you trying > to > keep the same domain name as the source? Microsoft also has a free tool > that > will allow you to rename the traget 2003 AD domain as after you have > completed your migration and decommissioned old DC's. > > > > > > Jose > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Almeida > > > Pinto, Jorge de > > > Sent: Monday, August 08, 2005 2:46 PM > > > To: ActiveDir@mail.activedir.org; activedirectory > > > Subject: RE: [ActiveDir] AD migration > > > > > > > > > What do you mean with "In fact, they are cut off from the root > > > domain > pyhsically. "? Do you mean as in there is not replication between the > two > domains? If yes... dare I ask for how long? > > > > > > As I know of you can migrate the child domain without the root being > available because you will be having a trust between the new domain and > the > child domain > > > > > > I still don't understand what you mean... They are cut off from the > > > root > and the DNS is avlable in the root. I must be missing something. Can you > explain a bit more? > > > > > > Jorge > > > > > > ________________________________ > > > > > > From: [EMAIL PROTECTED] on behalf of Tom Kern > > > Sent: Mon 8/8/2005 11:08 PM > > > To: activedirectory > > > Subject: [ActiveDir] AD migration > > > > > > > > > > > > I just started working for a company. they used to outsource their > > > AD/Exchange but now they're trying to get it back. > > > > > > Its a 2 tree, 2 domain forest. the root domain is empty. > > > this company only has DA access on the child domain. No EA access. > > > In fact, they are cut off from the root domain pyhsically. > > > > > > What they want to do is create a new forest and migrate all > > > users,exchange,computers,etc to the new forest and be done with the > > > old. > > > They are going to use Quest sw and a consultant from Quest for this. > > > > > > My question is- can this be done without any connectivity to the > root? > > > both dns zones are in the root so they really don't have any dns > > > locally as well(needless to say, you cam imagine what the rep logs > > > look like). I'm sure this complicates matters. > > > however, the Quest people seem to think this can still work. > > > can it? > > > > > > also, can the new forest have the same domain names as the old one? > > > > > > Thanks(I'm the guy who posted about his new job jitters about a week > > > > or 2 ago, and here i am. Their AD is more messed up than I thought > > > :) > > > ) > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
