RE: [ActiveDir] migration of domains
are you looking for tips on how to achieve this efficiently? or are you trying to convince your folks about all the risks and why you shouldn't to it? your questions don't really clarify what you're looking for and we'd need a lot of more input from you to really give good suggestions on how to achieve your goal. 1) yes, it's possible - the amount of effort really depends on the details, e.g. - are your SQL servers using windows authentication and heavily leveraging permission on different tables (but most things should continue to work via SIDhistory) - are you using Exchange 2000 or Exchange 2003 and which mode is the Exchange Org? - how much group-nesting have you done? - do you have duplicate groups in the target domain? - are you leveraging specific scripts which keep are leveraging the name of the old domain? - are you using domain-based DFS? - are you using AD based certificate services?- which mode is your AD running in (only "native" allows changing of group-scopes)? - which clients are you using? - did you upgrade an NT4 domain to join the forest? 2) are you looking for a reason why you shouldn't do it? e.g. if you don't have the required know-how, it's not a good idea to collapse a child domain to the root domain. There are also plenty of reasons why you should do it (less admin overhead; maybe more security) 3) best way to do it - know what you have; plan each step carefully; understand the tools you use; do the testing required; then consolidate in production. In a collapse scenario (building on the move object functionality in AD) you can do most things with ADMT (have to understand limitations and possible user impact, e.g. true undo not possible when moving objects); can also do a real intra-forest migration, but causes more work in general (can't be done with ADMT, but with other tools such as Quest Migration Manager). "How can we be sure everything is migrated right?" => plan, test, test, test and test again, then execute in production. Or get external help (who will also need to test, but will likely reduce your risk for failure...). /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calders StijnSent: Friday, November 19, 2004 12:48 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] migration of domains Dear AD specialists, At our university, we have three domains in the same forest: KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a few servers (SQL server, file server, … )). We want to migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions: 1) Is this possible? (And doesn’t it cost too much effort?) 2) Is there a reason why this isn’t a good idea? 3) And what’s the best way to do this? How can we be sure everything is migrated right? Many thanks in advance, Stijn.
RE: [ActiveDir] migration of domains
Definitely true. If you are looking at migrating SQL or Exchange then using a 3rd party migration tool from Quest or NetIQ is probably a good idea. Specificly Quests tool would be preferred as it handles SQL servers better than NetIQ. It is a good idea to figure out why you want to make this change (as Peter points out) because with Exchange and SQL this can be a pretty serious task requiring quite a bit of testing and preparation. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Friday, November 19, 2004 8:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] migration of domains Migrating complete servers such as SQL/Exchange is not the easiest thing in the world. What do you wish to gain out of the exercise i.e. is it worth the effort/cost/time etc Regards Peter Johnson From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calders Stijn Sent: 19 November 2004 13:48 To: [EMAIL PROTECTED] Subject: [ActiveDir] migration of domains Dear AD specialists, At our university, we have three domains in the same forest: KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL server, Exchange server, Terminal Servers, ...)) and TEST.KDG.BE (child of KDG.BE with a few servers (SQL server, file server, ... )). We want to migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions: 1) Is this possible? (And doesn't it cost too much effort?) 2) Is there a reason why this isn't a good idea? 3) And what's the best way to do this? How can we be sure everything is migrated right? Many thanks in advance, Stijn. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] migration of domains
Migrating complete servers such as SQL/Exchange is not the easiest thing in the world. What do you wish to gain out of the exercise i.e. is it worth the effort/cost/time etc Regards Peter Johnson From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calders Stijn Sent: 19 November 2004 13:48 To: [EMAIL PROTECTED] Subject: [ActiveDir] migration of domains Dear AD specialists, At our university, we have three domains in the same forest: KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a few servers (SQL server, file server, … )). We want to migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions: 1) Is this possible? (And doesn’t it cost too much effort?) 2) Is there a reason why this isn’t a good idea? 3) And what’s the best way to do this? How can we be sure everything is migrated right? Many thanks in advance, Stijn.
Re: [ActiveDir] migration of domains
I believe you can use the Active Directory Migration Tool (ADMT) to do domain consolidations. A search on Microsoft's website for ADMT should bring up many references to it. It is a free program. - Robbie Calders Stijn wrote: Dear AD specialists, At our university, we have three domains in the same forest: KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a few servers (SQL server, file server, … )). We want to migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions: 1) Is this possible? (And doesn’t it cost too much effort?) 2) Is there a reason why this isn’t a good idea? 3) And what’s the best way to do this? How can we be sure everything is migrated right? Many thanks in advance, Stijn. -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] migration of domains
Dear AD specialists, At our university, we have three domains in the same forest: KDG.BE (forest root domain with only two domain controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE with a few servers (SQL server, file server, … )). We want to migrate everything from ADMIN.KDG.BE to KDG.BE. Three questions: 1) Is this possible? (And doesn’t it cost too much effort?) 2) Is there a reason why this isn’t a good idea? 3) And what’s the best way to do this? How can we be sure everything is migrated right? Many thanks in advance, Stijn.
