none
Interforest migration (trust and UPN suffix)

    Question

  • Hey everyone,

    Here's the scenario: Wanting to migrate users/groups/computers from a current forest named domain1.com to a new forest that I would want to name domain2.com.

    So I'm thinking ok I can create the new forest named domain2.com and set up a forest trust between domain2 and domain1. BUT here's the thing, domain1.com already has an alternate UPN suffix configured named domain2.com in "Active Directory Domains and Trusts" (user accounts are configured to use it and matches their email address).

    Will this present issues with creating the trust or when migrating users? Thanks.

    Friday, March 31, 2017 1:47 AM

All replies

  • Hi

     You can't configure trust with same forest/domain name,AFAIK also you should have issues for conflict UPN's.And you can check this article for details.(the author fix also this kerberos auth,issue,but i have never try this before).

    https://span.eu/en/2016/09/kerberos-conflicting-upns/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, March 31, 2017 12:02 PM
  • Hi,

    So I'm thinking ok I can create the new forest named domain2.com and set up a forest trust between domain2 and domain1. BUT here's the thing, domain1.com already has an alternate UPN suffix configured named domain2.com in "Active Directory Domains and Trusts" (user accounts are configured to use it and matches their email address).

    Will this present issues with creating the trust or when migrating users? Thanks.

    >>>I have tested for this.

    You could create the trust relationship between the two domains, which one domain has the alternative UPN suffix same with the trusting domain name.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 31, 2017 6:21 PM
    Moderator