I'm thinking "pink slip" 😊, (j/k) I would serioulsy consider rebuilding, especially as others have pointed out, the root, the sids, rids, x.500 adressess, heaven forbid someone has to go to the other site with a portable
just my .01 cent j From: [email protected] To: [email protected] Date: Mon, 10 Feb 2014 18:04:29 -0500 Subject: [NTSysADM] Cloning AD forest for company split? I know Microsoft says don’t do this, but I’ve been asked to put together options for the upcoming split of a company, and I’m documenting what would happen if we simply turn one forest into two by cutting the network and having each half go on to run as two independent forests. Here’s the existing setup:1. A forest with two domains. The root domain is “empty”, and all users and resources exist in the child domain.2. All DCs run server 2008 R2.3. Member workstations run XP and up4. Member servers are 2003 and up (we have a couple of 2000 servers, but we can handle them as needed.5. Exchange is present. Again, I know that Microsoft says this is not supported, but what are the potential problems that each half may face if we go this route? The caveat presented to management is that there shall NEVER be any network connectivity between the clones after the split. Here’s the general plan 1. Build new DCs on the subnets that will become network “B”.2. Build new Exchange servers on network “B” and migrate appropriate users to them.3. Move appropriate windows servers to network “B”.4. Configure servers on network “B” to use DCs on “B” for DNS/WINS5. Separate networks.6. Give DCs on network “B” FSMO roles.7. Clean up the AD objects for DCs that were yanked out of each half. What’s waiting to bite us by going this route?
