RE: [ActiveDir] Migration between domains with same NetBios name

[Grillenmeier, Guido]

Hey Jorge,   thanks for your thoughts - you missed that I'm not going to register the AD DCs in WINS, so that's not an issue. It's having them in the same subnet is what I'm slightly worried about and need to check if it's even possible.   Messing with the old domain name is not an option either (don't forget it's production until fully migrated...). And not much time to do it either...   The interimdomain scenario was another one going through my head (yes - indeed similar to my DEC session ;-) - but I'm trying to avoid it here as I know what's involved...  And it bugs me that they "just" have the same names - MS definitely needs to come up with something like "domain-name aliases" (and I think they're even working on this). But I'll definitely leave the interimdomain/forest option on my list if I get the deal (still bid phase).  And definitely a good topic for next DEC (just kidding - I'd say migrations are getting somewhat boring... - however, not one is the same as another...)   Cheers, Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Donnerstag, 16. Juni 2005 16:08 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Hi Guido,   NetBIOS based domains/clients find domain controllers through the WINS record 1Ch. If two different domains share the same WINS infrastructure I think both domain's DCs wil register in the same record and then you will have some interesting troubleshooting to do. Don't forget that most migration tools use the browser service to enumerate several objects.. again tricky. As allready said renaming the source domain is a possibility (however I'm not sure if E55 likes domain renames). For this you need to inventory all places that use THE NAME OLDOMAIN in user accounts. One of the examples are the logon account for services. I'm sure there more. To do this you are stuck to a "major step moment"   Another possibility is to use an interim domain which I think gives you the possibility to do a phase migration. You will me migrating twice though.   MIGRATION SCENARIO: * OLDDOMAIN -> INTERIMDOMAIN | NEWDOMAIN * OLDDOMAIN | INTERIMDOMAIN -> NEWDOMAIN   INTERIMDOMAIN migration - quick and dirty steps * Pre-install and configure (isolated) NEWDOMAIN, its DNS, its DHCP, its WINS, etc. and shutdown afterwards * 2 DCs (W2K3 AD) for interim * Exch55. in the same org as exch. in OLDOMAIN * Migrate servers, clients, users, groups, mailboxes,etc. from OLDDOMAIN to INTERIMDOMAIN * Configure INTERIMDOMAIN SERVERS to use WINS infrastructure from OLDDOMAIN * Configure INTERIMDOMAIN CLIENTS to use DHCP infrastructure from OLDDOMAIN * Decommission old exchange in OLDOMAIN * Shutdown old domain * Bring up NEWDOMAIN * Reconfigure servers and clients to use WINS and DHCP from NEWDOMAIN * Install exch2k3 in NEWDOMAIN * Migrate servers, clients, users, groups, mailboxes,etc. from INTERIMDOMAIN to NEWDOMAIN   etc.etc.   What do you think abou this one?   Cheers #JORGE#   I think almost the same scenario as the situation you presented during DEC "Handling_Mergers_and_Acquistions". Let me guess your next presentation at DEC will be "Migrations between domains with the same NetBIOS name"? ;-))   Whatever scenario you choose will be painfull. You must however think about the scenarion to use that is less painfull From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, June 16, 2005 09:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Thanks Eric, renaming the source NT4 domain was on the list of my options and I know that it works as I've done it before in a larger test-environment.  However, I expect many more headaches in a production environment as it's difficult to analyse all the dependencies to existing apps, e.g. Exchange 5.5 and others.   And since you need to re-join all members to the domain anyways, it's almost as much work as just joining them to the target domain...   ...hmm - that just triggered a thought - I guess it would be possible to do just that: rename the source dom (on PDC) + re-join all BDCs, then setup trust to the target domain and join all resources to target domain while accounts & groups are still in (renamed) source domain. [thinking continues]... ofcourse the challenges with the apps and potential dependencies on the old domain name remain and need to be analysed first - so it's really tough to estimate the amount of work involved for this...   Besides, the obvious downside is fallback options => customers usually don't allow any drastic changes in the existing infrastructure, when migrating to another one - which I fully understand.     So I was mainly seeking for other experience and things to look out for, if domain rename is not an option.  E.g. is it really an issue to have a BDC of the NT4 CORP domain in the same subnet as a DC of the AD CORP domain?  I guess I could hinder the AD DC somehow from trying to race against the NT4 BDC to become master browser.  Even when we plan to do a hard-cutover (long weekend), I'll need DCs of both domains available at some point...  And I know I need to test this anyways, but can't do so right now.   I should mention, that I'm talking about roughly 1000 users with clients and servers distributed in a dozen locations. So nothing major - a hard cutover should be doable over a long 4-day weekend (incl. migration of all mailboxes at once) and handling re-ACLing on the FS is no issue.   Accrd. to customer, there are no other apps (other than Exchange) that leverage the NT4 domain for anything (other than running on a memberserver).  My past experience tells me that this is likely not to be true...  I'm sure there are other things that are often overlooked - any ideas?   /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Donnerstag, 16. Juni 2005 07:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Migration between domains with same NetBios name Rename it?   I will admit, I’ve never actually tried this, but I know people who say it works. I think you should try this procedure, on a test box first, and report back. Maybe you should do it to an BDC you bring up just to test, isolated, and see how it goes. http://support.microsoft.com/default.aspx?scid=kb;en-us;169741   If this does work, I’d like to know, so I can recommend it in the future.   The other option is logical data migration but not actual “migration” if you will. IE, ldifde and such. But that comes with the normal “lose the SIDs” type of issues, which I assume to be a major headache for your scenario.   ~Eric   PS: Basically, this mail translates roughly in to me saying, this might or might not work, and I’d like you to be my testing guy to let me know, since I’ve never had occasion to give it a whirl myself.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, June 15, 2005 10:43 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Migration between domains with same NetBios name   Here is a nice one - I've done quite a few migration with all kinds of scenarios, so I hardly ask questions around this topic.   But when migrating from one NT4 domain to an AD domain which both have the same NetBios names, various issues and potential conflicts come to mind and I wonder if others had to do this in the past, who could share their experience.   Think about an existing NT4 domain called CORP and another existing AD domain called CORP (with DNS=copr.company.com). And now you need to migrate all users and resources from the NT4 CORP to the AD CORP and place AD DCs into the same sites as the exising NT4 DCs...   I can imagine various challenges, besides not being able to setup a trust and thus loosing various options for doing a "normal" migration. At least I have no need to register the AD domain in WINS; all clients are XP, but I know for sure that I'm going to run into various other issues (the worst one being that the account activation and the resource migration has to happend instantaneously, since resource access won't be possible accross the domains). But I'm also thinking of networking issues with and NT4 DC of the one and an AD DC of the other domain in the same ip-subnet...   I wonder how others have tackled this challenge and what issues you ran into.   /Guido This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.