Interforest migration (trust and UPN suffix)

All replies

• 

  

  0

  Sign in to vote

  Hi

   You can't configure trust with same forest/domain name,AFAIK also you should have issues for conflict UPN's.And you can check this article for details.(the author fix also this kerberos auth,issue,but i have never try this before).

  https://span.eu/en/2016/09/kerberos-conflicting-upns/

  ---

  This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

  Friday, March 31, 2017 12:02 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  Hi,

  So I'm thinking ok I can create the new forest named domain2.com and set up a forest trust between domain2 and domain1. BUT here's the thing, domain1.com already has an alternate UPN suffix configured named domain2.com in "Active Directory Domains and Trusts" (user accounts are configured to use it and matches their email address).

  Will this present issues with creating the trust or when migrating users? Thanks.

  >>>I have tested for this.

  You could create the trust relationship between the two domains, which one domain has the alternative UPN suffix same with the trusting domain name.

  

  Best Regards,

  Jay

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Proposed as answer by Jay GuModerator Sunday, April 9, 2017 6:54 AM

  Friday, March 31, 2017 6:21 PM

  Reply

  |

  Quote

  Moderator