locked
join an existing domain to a new forest RRS feed

  • Question

  • We have a number of domains in their own forests. We want to consolidate to a single forest. Is there a non-destructive way to join an existing domain to a new forest?
     
    Thanks in Advance
    Monday, August 8, 2011 5:43 AM

Answers

  • Hello,

    joining is not possible.

    You have to migrate your AD objects to domains of the wanted forest using ADMT. There is no other way to proceed.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 8, 2011 7:01 AM
  • The most undestructive way to make resourees available across several ad forests is using trusts.

    By using trusts nothing changes, except for the ability to configure access to resources in another domain. However, using trusts is not the same as migrating to a single forest. It adds complexity and is more difficult to manage. Moreover it is less efficient in crossdomain authentication (think about what happens if a user of abc.corp logs on to a domlain abq.com). An it makes it much more difficult to manage traffic between sites.

    You should consider it anyway, all be it as a temporary transient solutuion


    MCP/MCSA/MCTS/MCITP
    Monday, August 8, 2011 8:33 AM

All replies

  • Hello,

    joining is not possible.

    You have to migrate your AD objects to domains of the wanted forest using ADMT. There is no other way to proceed.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 8, 2011 7:01 AM
  • The most undestructive way to make resourees available across several ad forests is using trusts.

    By using trusts nothing changes, except for the ability to configure access to resources in another domain. However, using trusts is not the same as migrating to a single forest. It adds complexity and is more difficult to manage. Moreover it is less efficient in crossdomain authentication (think about what happens if a user of abc.corp logs on to a domlain abq.com). An it makes it much more difficult to manage traffic between sites.

    You should consider it anyway, all be it as a temporary transient solutuion


    MCP/MCSA/MCTS/MCITP
    Monday, August 8, 2011 8:33 AM