My company is merging with another that already has an existing AD domain

All replies

• 

  

  1

  Sign in to vote

  You have few options to accomplish that. One of them is Forest trust between those 2 forests and you don't have to migrate anything. You would be able to grant access to resources in both forests (if you set up two-way transitive trust).

  The second option is to migrate one forest to another using ADMT. More about using that at
  http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188

  then all users/groups/computers/server will be migrated to new domain with SID History saved.

  and the last option is to decommission the old forest and create those users from the beginning in this second forest (a lot of work and I do not recommedn that)

  ---

  Regards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

  • Proposed as answer by pbbergs [MSFT] Tuesday, October 25, 2011 1:03 PM

  Tuesday, October 25, 2011 12:37 PM
• 

  

  0

  Sign in to vote

   

  You can make domain\forest trust two-way but first check forest function level, to know if you can make trust or need to make some changes.

   

  Also if you need to migrate users use ADMT, and you also can migrate file server so permission on files gone stay like they are on old domain\forest.

   

  If you care only for the users best way is to create all users from scratch, you can export data from active directory, users in .csv file and then use scripts to make users with same data in the new forest.

  Tuesday, October 25, 2011 12:47 PM
• 

  

  1

  Sign in to vote

  In addition see this for ADMT service account permission.

  http://portal.sivarajan.com/2010/04/admt-service-account-permission-and.html

  In addition,

  See the below links.

  http://www.sivarajan.com/admt.html

  http://www.sivarajan.com/cm.html

  http://portal.sivarajan.com/2011/05/user-account-migration-and-merging-part.html

  For creating the trust you have to configure your DNS, you can go with Conditional forwarder or stub zone.

  See the difference between Conditional forwarder or stub zone.

  http://social.technet.microsoft.com/wiki/contents/articles/difference-between-forwarder-and-stub-zone.aspx

   

  ---

  Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
  

  • Edited by bshwjt Tuesday, October 25, 2011 1:11 PM

  Tuesday, October 25, 2011 1:05 PM
• 

  

  0

  Sign in to vote

  I think what we have decided to do is to create this two way trust and test to make sure it is working and then we are going to build a new Server 2008 domain in the future to move everyone into.  However, I know there is more to this process than just creating the trust between the two domains there is also a DNS component isn't there? 

   

  Does anyone have any step by step tutorials on how to do this? 

  Thursday, October 27, 2011 7:29 PM
• 

  

  0

  Sign in to vote

  Well documented at http://technet.microsoft.com/en-us/library/ee307976(WS.10).aspx

  http://www.windowsnetworking.com/articles_tutorials/dns_conditional_forwarding_in_windows_server_2003.html

  hth
  Marcin

  
  

  • Edited by Marcin PolichtMVP Thursday, October 27, 2011 7:41 PM
  • Marked as answer by El Dab Friday, October 28, 2011 7:30 PM

  Thursday, October 27, 2011 7:40 PM
• 

  

  0

  Sign in to vote

  Thank you very much.  I have attempted to set up the two-way transitive trust but when I look in the Domains and Trusts it shows "Transitive: NO" for both relationships.  Is there an AD sync window that has to pass before this turns to Yes or did I do it wrong?

  Friday, October 28, 2011 7:30 PM