|
are you looking for tips on how to achieve this
efficiently?
or are you trying to convince your folks about all the
risks and why you shouldn't to it?
your questions don't really clarify what you're looking for
and we'd need a lot of more input from you to really give good suggestions on
how to achieve your goal.
1) yes, it's possible - the amount of effort really depends
on the details, e.g.
- are your SQL servers using windows
authentication and heavily leveraging permission on different tables (but
most things should continue to work via SIDhistory)
- are you using Exchange 2000 or Exchange 2003 and which
mode is the Exchange Org?
- how much group-nesting have you done?
- do you have duplicate
groups in the target domain?
- are you leveraging
specific scripts which keep are leveraging the name of the old
domain?
- are you using domain-based DFS?
- are you using AD based certificate
services? - which mode is your AD running in (only "native"
allows changing of group-scopes)?- which clients are you using?
- did you upgrade an NT4 domain to join the
forest?
2) are you looking for a reason why you shouldn't do
it? e.g. if you don't have the required know-how, it's not a good idea to
collapse a child domain to the root domain. There are also plenty of
reasons why you should do it (less admin overhead; maybe more
security)
3) best way to do it - know what you have; plan each step
carefully; understand the tools you use; do the testing required; then
consolidate in production. In a collapse scenario (building on the move
object functionality in AD) you can do most things with ADMT (have to understand
limitations and possible user impact, e.g. true undo not possible when moving
objects); can also do a real intra-forest migration, but causes more work in
general (can't be done with ADMT, but with other tools such as Quest Migration
Manager).
"How can we be sure everything is migrated right?" =>
plan, test, test, test and test again, then execute in production. Or get
external help (who will also need to test, but will likely reduce your risk for
failure...).
/Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calders Stijn Sent: Friday, November 19, 2004 12:48 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] migration of domains Dear AD
specialists, At our university, we have three
domains in the same forest: KDG.BE (forest root domain with only two domain
controllers), ADMIN.KDG.BE (child of KDG.BE with a lot of servers (like SQL
server, Exchange server, Terminal Servers, …)) and TEST.KDG.BE (child of KDG.BE
with a few servers (SQL server, file server, … )). We want to migrate everything
from ADMIN.KDG.BE to KDG.BE. Three
questions: 1)
Is this possible? (And doesn’t it
cost too much effort?) 2)
Is there a reason why this isn’t a
good idea? 3)
And what’s the best way to do this?
How can we be sure everything is migrated right? Many thanks in
advance, Stijn. |
