Re: [NTSysADM] Cloning AD forest for company split?

Mon, 10 Feb 2014 15:20:09 -0800 

*>>The caveat presented to management is that there shall NEVER be any
network connectivity between the clones after the split.*

Make sure that you post that slide throughout the presentation that is
being made.

Even better yet, it should be 3 slides.

Slide 1: *Caveat: There can...*
Slide 2: *NEVER *(in largest font possible)
Slide 3: ...*be any network connectivity between them.*
 Slide 4: *EVER *(in largest font possible)

Do that at the beginning and the end.

Off-hand, that's the real problem that comes to mind.

Will there be a replication of the internal resources as well?

Regards,







*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>
*Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market...*




On Mon, Feb 10, 2014 at 6:04 PM, Ken Cornetet <[email protected]>wrote:

> I know Microsoft says don't do this, but I've been asked to put together
> options for the upcoming split of a company, and I'm documenting what would
> happen if we simply turn one forest into two by cutting the network and
> having each half go on to run as two independent  forests.
>
>
>
> Here's the existing setup:
>
> 1.       A forest with two domains. The root domain is "empty", and all
> users and resources exist in the child domain.
>
> 2.       All DCs run server 2008 R2.
>
> 3.       Member workstations run XP and up
>
> 4.       Member servers are 2003 and up (we have a couple of 2000
> servers, but we can handle them as needed.
>
> 5.       Exchange is present.
>
>
>
> Again, I know that Microsoft says this is not supported, but what are the
> potential problems that each half may face if we go this route? The caveat
> presented to management is that there shall NEVER be any network
> connectivity between the clones after the split.
>
>
>
> Here's the general plan
>
> 1.       Build new DCs on the subnets that will become network "B".
>
> 2.       Build new Exchange servers on network "B"  and migrate
> appropriate users to them.
>
> 3.       Move appropriate windows servers to network "B".
>
> 4.       Configure servers on  network "B" to use DCs on "B" for DNS/WINS
>
> 5.       Separate networks.
>
> 6.       Give DCs on network "B" FSMO roles.
>
> 7.       Clean up the AD objects for DCs that were yanked out of each
> half.
>
>
>
> What's waiting to bite us by going this route?
>
>
>

Reply via email to