Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Windows Server 2003 DC transfer from one forest to other

Answered Windows Server 2003 DC transfer from one forest to other

  • Friday, May 11, 2012 2:04 PM
     
     
    Sign In to Vote
    0

    Dear All,

    Please help me for the below scenario.

    I am a child domain in the worldwide forest of my company. i have 2 DC in my domain. I have multiple users in my domain and i am using Exchange Server 2003 for the email. And the main Exchange server is also on co-location of our company.

    Now our parent company management is changed, so i have to separate my domain and exchange from the existing company's forest. there are two possible scenario's:

    1. i will transfer my domain from this forest to New company forest. Is it possible through ADMT? And how please refer me to some detail step by step procedure.
    2. I will make my DC the first DC in the forest(i mean i will create my own forest using my existing DC's and same domain name). For this purpose i dont know the way to go through,how can i achieve this please help?

    Also please tell me if there are any other possible problems i can face after getting separate from the forest.

    Best Regards,

    Rashid Ali

     

    • Changed Type Rashid.Ali Friday, May 11, 2012 2:04 PM
    •  
     

All Replies

  • Friday, May 11, 2012 2:17 PM
     
     Proposed
    Sign In to Vote
    0

    Hello,

    i will transfer my domain from this forest to New company forest. Is it possible through ADMT? And how please refer me to some detail step by step procedure.

    You can create a new domain in a new forest and then migrate your AD resources using ADMT to the new domain.

    Note that the new domain should have:

    • Different SID
    • Different DNS name
    • Different NetBIOS name

    You have to prepare a migration plan. Details in the official guide: http://www.microsoft.com/en-us/download/details.aspx?id=19188

    I will make my DC the first DC in the forest(i mean i will create my own forest using my existing DC's and same domain name). For this purpose i dont know the way to go through,how can i achieve this please help?

    If you want to use an existing DC then you will have to demote it and then to create a new domain in a new AD forest on it.

    Before demoting it, you will need:

    • To transfer FSMO roles to another DC if it is an FSMO holder. Run netdom query fsmo to get the list of FSMO holders
    • Check that there is at least a healthy DC / DNS / GC server in your actual AD domain. For diagnosis, you can run dcdiag /v /e on DCs you have

    There is no issue by having a new AD forest. Just see if you will need migrating applications and if they support interaction with users in a separate AD forest.

    Don't forget to create the trust relationship between forests! You can create a Forest trust relationship if your FFL is Windows Server 2003 or higher.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    • Proposed As Answer by Sachin Gadhave Friday, May 11, 2012 4:20 PM
    •  
     
  • Friday, May 11, 2012 2:33 PM
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for the prompt reply. i understood the first of the solution and i believe i am loosing non of my user of AD objects in scenario1.

    In the second solution u have provided me is also understood, but i think i will loose all the AD user and settings in this procedure. is it so?

    Please note that i don't want to loose any AD object, specially the users because i am running the email as well. and also want to give minimum down time to my users.

    Please also refer to any of the KB articles for ADMT migration and New forest creation if there are any.

    Thank you.

    Rashid

     
  • Friday, May 11, 2012 2:44 PM
     
     
    Sign In to Vote
    0

    There is AD object loss when migrating using ADMT.

    You asked if you were able to use an existing DC for the new forest. I said no since it is already a DC for a domain. So, if this is your question then you will need to demote it. If this is the only DC that you have in this domain then of course you will lose your AD domain.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

     
  • Friday, May 11, 2012 3:16 PM
     
     
    Sign In to Vote
    0

    i have 2 DC's in my domain as i have already mentioned in above post.

    Is there any way not to loose my AD objects specially users.

    Regards,

     
  • Friday, May 11, 2012 3:22 PM
     
     
    Sign In to Vote
    0

    i have 2 DC's in my domain as i have already mentioned in above post.

    Is there any way not to loose my AD objects specially users.

    Regards,

    Since you don't demote the two DCs, there is no issue with your current AD objects.

    If you want to demote a DC then please check that the other is a DC / DNS / GC server and run dcdiag /v against them to check if there is any problem before demoting.

    For ADMT, it will not delete your users since it creates copies of them.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

     
  • Friday, May 11, 2012 4:37 PM
     
     
    Sign In to Vote
    0

    Objective-

    1. Create new domain with same name in new/separate forest
    2. Retain AD objects from existing domain.

    Solution-

    1. Create new domain
    2. Establish trust with existing domain/forest
    3. Use ADMT to migrate AD objects to new domain

    Problems-

    1. To use ADMT to migrate AD objects to another domain, the 2 domain names CAN'T be same.
    2. You have 2 DCs, which cannot be used for new domain as one DC won’t work with 2 domains.

    Workaround-

    1. Create new domain with a different name. e.g. if your existing domain name is abc.contoso.com, you can create new domain with name abc.com or abc.net etc. This way you will be able to migrate the AD objects to new domain without issues.
    2. Your existing domain can work with single DC as well hence you can demote the second DC, remove it from the domain and promote it for new domain, once ADMT AD object migration is done you can use both DCs in the new domain as old domain wont be used.

    -
     Sachin Gadhave
    MCP, MCSA, MCTS


     
  • Monday, May 14, 2012 8:24 AM
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the feedback.

    Sachin: can you please suggest that is it possible that i simply disconnect my existing domain abc.com from the forest (the connectivity with the co-location is through a firewall that is making a VPN with my co-location. to disconnect i simply bypass the firewall.)

    If i disconnect as i mentioned. will my domain abc.com operate separately? can i make my domain abc.com a first domain in the forest/ (i mean can i make the forest on this existing domain)

    Please suggest.

    Regards,

    Rashid Ali 

     
  • Monday, May 14, 2012 8:34 AM
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the feedback.

    Sachin: can you please suggest that is it possible that i simply disconnect my existing domain abc.com from the forest (the connectivity with the co-location is through a firewall that is making a VPN with my co-location. to disconnect i simply bypass the firewall.)

    If i disconnect as i mentioned. will my domain abc.com operate separately? can i make my domain abc.com a first domain in the forest/ (i mean can i make the forest on this existing domain)

    Please suggest.

    Regards,

    Rashid Ali 

    No!

    Domain is AD logical structure which is reliant part of AD forest that it was created in. You cannot simply detach it. It cannot work separately, the only way is to migrate it as described in my earlier reply.

    Sachin Gadhave
    MCP, MCSA, MCTS

     
  • Monday, May 14, 2012 12:16 PM
     
     
    Sign In to Vote
    0

    Thank you again sachin,

    i understood what you said. but the problem is i want to use the same domain name that is my registered domain name. so i demote one of my DC that is BDC and dcpromo it for the new forest but is it possible i give it to the same abc.com domain name (as it is registered from us)?

    As simultaneously my PDC is running already with the same domain name.:-( how i will manage this conflict?

    Regards,

    Rashid

     
  • Monday, May 14, 2012 12:25 PM
     
     
    Sign In to Vote
    0

    You said your domain is the child domain in worldwide company forest, so for example- if your forest root domain is contoso.com then your child domain is pakistan.contoso.com. So what you can do is promote your new DC with root domain name as pakistan.com, then the old domain FQDN i.e. pakistan.contoso.com and the new domain FQDN i.e. pakistan.com will be different. Then the migration should work.

    Hope you got my point.

    Sachin Gadhave
    MCP, MCSA, MCTS

     
  • Tuesday, May 15, 2012 8:05 AM
     
     
    Sign In to Vote
    0

    Hi sachin,

    you are absolutely right but in our company each of the country has a separate domain name as i have pakistan.com same as india.com and so on. but we all are connected via VPN at our co-location netherlands.com

    will my domain Pakistan.com work separately if i bypass the firewall connecting me to netherlands.com?

    Regards,

     
  • Tuesday, May 15, 2012 8:15 AM
     
     
    Sign In to Vote
    0
    Yes after migrating to seperate Pakistan.com domain you can establish active directory trust with netherlands.com domain to connect and share resources. For this, as you said you will need to setup physical connectivity, DNS name resoultion and open firewall for your domain.

    Sachin Gadhave
    MCP, MCSA, MCTS

     
  • Tuesday, May 15, 2012 12:40 PM
     
     
    Sign In to Vote
    0

    i am sorry to say but u might not understand my last question.

    Well i have already have a trust between my domain abpakistan.com and ab.com(mother domain of our company).

    Now i will simply going to disconnected with ab.com (my question is that abpakistan.com will work properly?)

    if it does't work i will surly transfer my ADS to another DC. for this purpose i will demote one of my DC in abpakistan.com and make a new installation on this machine. then i will promote it as a new domain e.g. xypakistan.com. now i want to transfer the object of abpakistan.com to xypakistan.com. how these two different domains communicate?

    1. do i plug the xypakistan.com in the same LAN of abpakistan.com? and they will start communicating?


     
  • Tuesday, May 15, 2012 1:11 PM
     
     Answered
    Sign In to Vote
    0

    Now i will simply going to disconnected with ab.com (my question is that abpakistan.com will work properly?)

    We never said this is possible, this is not an option. Read my previous posts. You cannot disconnect a domain from it's forest.

    if it does't work i will surly transfer my ADS to another DC. for this purpose i will demote one of my DC in abpakistan.com and make a new installation on this machine. then i will promote it as a new domain e.g. xypakistan.com. now i want to transfer the object of abpakistan.com to xypakistan.com. how these two different domains communicate?

    This is what you have to!!!!

    1. do i plug the xypakistan.com in the same LAN of abpakistan.com? and they will start communicating?

    Yes as I said you need to have network connectivity between both domains, you can promote the new DC/domain in the same LAN also. Then you would need to establish trust between the old and new domain in order to migrate the AD objects.

    Look at these links for migartion help-

    http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx

    http://technet.microsoft.com/en-us/library/cc974412(v=ws.10).aspx

    Sachin Gadhave
    MCP, MCSA, MCTS

    • Marked As Answer by Rashid.Ali Tuesday, May 15, 2012 2:50 PM
    •  
     
  • Tuesday, May 15, 2012 2:56 PM
     
     
    Sign In to Vote
    0

    Thank you very much for the confirmation sachin :-)

    let me add a test server in my domain before they get me out from the existing forest.....just tell me two last thing.

    1. if i add a test server in existing environment with the same domain name ab.com will it work or i have to use any other domain name (i am asking this because i have the hosting of ab.com)
    2. In AD objects migration it will create a copy of the objects in the new server or IT WILL MOVE THE OBJECTS FROM EXISTING? (or ADMT gives both options)

    Regards,

    Rashid

     
  • Tuesday, May 15, 2012 4:19 PM
     
     
    Sign In to Vote
    0
    Thanks for the advice guys!

    Art Market

     
  • Tuesday, May 15, 2012 4:51 PM
     
     
    Sign In to Vote
    0

    You can create a new domain with any other name than the source domain for ADMT migration as i said earlier. You can create it within the same network but it has to be a new domain in new forest with separate DNS, later you will enable setup trust between the old and new domain.

    My understanding is that for intraforest (domains within the same forest) migration objects are moved , you cannot create a copy. In interforest (domains from separate forests) migration you can migrate copies of the object keeping the exisitng object intact.

    I suggest you spend some time planning the entire process because it tends to get complicated as there are many things in consideration here- go through all these articles to plan the migratin -

    Download ADMT 3.2 here - http://www.microsoft.com/downloads/en/details.aspx?familyid=6D710919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en

    Best Practices for Active Directory Migration - http://technet.microsoft.com/pt-pt/library/cc974412%28WS.10%29.aspx

    Checklist: Performing an Interforest Migration - http://technet.microsoft.com/pt-pt/library/cc974327%28WS.10%29.aspx

    ADMT Guide: Migrating and Restructuring Active Directory Domains - http://technet.microsoft.com/en-us/library/cc974332%28WS.10%29.aspx

    Sachin Gadhave
    MCP, MCSA, MCTS