We have traditionally done a single, full migration - workstations, servers and accounts all at once. It tends to make for long weekends, but you only touch each client machine once.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Ayers, Diane [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 14, 2002 10:40 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD Migration paths (divesting forests) > > > Our company is divesting part of the organization into a > separate company. That means we need to split our AD forest > into two separate forest. We have an sense of how we are > going to do it but one question I have is the sequence. > > We are going to build the new forest (both forests are empty > root, single domain) and set up an external trust between the > two main domains. One plan has us migrating resources such > as workstations, servers, etc to the new forest maintaining > ACLs, etc to the resources and then migrate accounts towards > the end. The second plan has us migrating the accounts first > and using SID history to maintain access to legacy resources > until they are migrated to the new domain. Both plans seem > to work technically but we are not sure of "best practices" > as far as the migration. A recent talk at MEC suggested the > later as opposed to the former. > > Since we have not gone through this before in our > organization, I was hoping that folks that have gone through > this might shed some light... > > Diane > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
