We are trying to figure out how to clone all the admins, but that seems a bit tougher than cloning a domain :)
What do mean "resources"? file/print/app/web servers? They already are pretty well easy to divvy up. Our company has consisted of two different divisions for quite some time. Each tends to have their own servers. From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Monday, February 10, 2014 6:16 PM To: ntsysadm Subject: Re: [NTSysADM] Cloning AD forest for company split? >>The caveat presented to management is that there shall NEVER be any network >>connectivity between the clones after the split. Make sure that you post that slide throughout the presentation that is being made. Even better yet, it should be 3 slides. Slide 1: Caveat: There can... Slide 2: NEVER (in largest font possible) Slide 3: ...be any network connectivity between them. Slide 4: EVER (in largest font possible) Do that at the beginning and the end. Off-hand, that's the real problem that comes to mind. Will there be a replication of the internal resources as well? Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Mon, Feb 10, 2014 at 6:04 PM, Ken Cornetet <[email protected]<mailto:[email protected]>> wrote: I know Microsoft says don't do this, but I've been asked to put together options for the upcoming split of a company, and I'm documenting what would happen if we simply turn one forest into two by cutting the network and having each half go on to run as two independent forests. Here's the existing setup: 1. A forest with two domains. The root domain is "empty", and all users and resources exist in the child domain. 2. All DCs run server 2008 R2. 3. Member workstations run XP and up 4. Member servers are 2003 and up (we have a couple of 2000 servers, but we can handle them as needed. 5. Exchange is present. Again, I know that Microsoft says this is not supported, but what are the potential problems that each half may face if we go this route? The caveat presented to management is that there shall NEVER be any network connectivity between the clones after the split. Here's the general plan 1. Build new DCs on the subnets that will become network "B". 2. Build new Exchange servers on network "B" and migrate appropriate users to them. 3. Move appropriate windows servers to network "B". 4. Configure servers on network "B" to use DCs on "B" for DNS/WINS 5. Separate networks. 6. Give DCs on network "B" FSMO roles. 7. Clean up the AD objects for DCs that were yanked out of each half. What's waiting to bite us by going this route?
