First impression: Yuck.
The main thing that caught my attention is the "migrate
into a corporate domain at a later time". I assume you mean both of these
"separated" domains would be migrated? If so, how do you plan to do the
migration? You won't be able to have name res for the trusts, even if you could
you would most likely run into SID issues if you maintained SID History.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Friday, September 15, 2006 4:57 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] splitting a domain into two
Scenario :
Single regional domain , two sites , both sites having separate links to Internet and direct WAN connectivity with each other.
AD Integrated DNS
site1: 300 users
site2: 400 users
Now, due to restructuring, they have decided to get rid of WAN link joining the two sites immediately, as both sites will have separate individual WAN connectivity with some corporate hub site. And this domain will be migrated to corporate domain in due course.
Problem here is the WAN connectivity to hub site will be commissioned at different times (one month apart) and they want to get rid of WAN link joining site1 with site2 NOW. Other problems like mail access and stuff will be handled thru' Internet link.
Now issue is, what to do about AD Domain? as DCs will lose the direct network connectivity.
Solution we are looking at is
1) Migrate one of the locations into separate domain, and thus break the dependence of both sites on single domain.
2) Just break the network link as requested and here comes the crummy part :)
instead of migrating one of the site to new domain, you just split the domain into two isolated networks, where each site DC will think it is the only DC handling all the stuff for that domain.
Basically, 1) break the link 2) Point DC to themselves for DNS 3) seize all the roles 4) do meta data & DNS cleanup of other DC
net result : each DC believes they own the domain. Just make sure they don't talk to each other directly ever.
Now, Any foreseeable issues with 2nd approach.
Please don't include layer 8 issues ;), I am purely looking at technical feasibility and precautions if we go ahead.
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Short-term actions X time = long-term accomplishments.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
