The root domain would be split as well – no issues with RIDs. And as far as moving between companies with laptops, this would be clearly stated to management as not possible. We don’t use X.500 publicly.
We are also looking at using ADMT, which looks like it will work, but with thousands of users and hundreds of severs, it looks like we’d have a prolonged transition period where users would be severely impacted. One problem ADMT doesn’t address is all of the home-grown apps, FTP servers, etc that have have our domain names hard-coded in. From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Monday, February 10, 2014 8:42 PM To: [email protected] Subject: RE: [NTSysADM] Cloning AD forest for company split? I'm thinking "pink slip" [https://a.gfx.ms/Emoji_1F60A.png] , (j/k) I would serioulsy consider rebuilding, especially as others have pointed out, the root, the sids, rids, x.500 adressess, heaven forbid someone has to go to the other site with a portable just my .01 cent j ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Date: Mon, 10 Feb 2014 18:04:29 -0500 Subject: [NTSysADM] Cloning AD forest for company split? I know Microsoft says don’t do this, but I’ve been asked to put together options for the upcoming split of a company, and I’m documenting what would happen if we simply turn one forest into two by cutting the network and having each half go on to run as two independent forests. Here’s the existing setup: 1. A forest with two domains. The root domain is “empty”, and all users and resources exist in the child domain. 2. All DCs run server 2008 R2. 3. Member workstations run XP and up 4. Member servers are 2003 and up (we have a couple of 2000 servers, but we can handle them as needed. 5. Exchange is present. Again, I know that Microsoft says this is not supported, but what are the potential problems that each half may face if we go this route? The caveat presented to management is that there shall NEVER be any network connectivity between the clones after the split. Here’s the general plan 1. Build new DCs on the subnets that will become network “B”. 2. Build new Exchange servers on network “B” and migrate appropriate users to them. 3. Move appropriate windows servers to network “B”. 4. Configure servers on network “B” to use DCs on “B” for DNS/WINS 5. Separate networks. 6. Give DCs on network “B” FSMO roles. 7. Clean up the AD objects for DCs that were yanked out of each half. What’s waiting to bite us by going this route?
