locked
join an existing domain to a new forest RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    We have a number of domains in their own forests. We want to consolidate to a single forest. Is there a non-destructive way to join an existing domain to a new forest?
     
    Thanks in Advance
    Monday, August 8, 2011 5:43 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello,

    joining is not possible.

    You have to migrate your AD objects to domains of the wanted forest using ADMT. There is no other way to proceed.

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 8, 2011 7:01 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    The most undestructive way to make resourees available across several ad forests is using trusts.

    By using trusts nothing changes, except for the ability to configure access to resources in another domain. However, using trusts is not the same as migrating to a single forest. It adds complexity and is more difficult to manage. Moreover it is less efficient in crossdomain authentication (think about what happens if a user of abc.corp logs on to a domlain abq.com). An it makes it much more difficult to manage traffic between sites.

    You should consider it anyway, all be it as a temporary transient solutuion

    MCP/MCSA/MCTS/MCITP
    Monday, August 8, 2011 8:33 AM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello,

    joining is not possible.

    You have to migrate your AD objects to domains of the wanted forest using ADMT. There is no other way to proceed.

     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 8, 2011 7:01 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    The most undestructive way to make resourees available across several ad forests is using trusts.

    By using trusts nothing changes, except for the ability to configure access to resources in another domain. However, using trusts is not the same as migrating to a single forest. It adds complexity and is more difficult to manage. Moreover it is less efficient in crossdomain authentication (think about what happens if a user of abc.corp logs on to a domlain abq.com). An it makes it much more difficult to manage traffic between sites.

    You should consider it anyway, all be it as a temporary transient solutuion

    MCP/MCSA/MCTS/MCITP
    Monday, August 8, 2011 8:33 AM