none
Creating a Domain and then making this newly created domain a child of a parent domain? RRS feed

  • Question

  • I will be creating a domain, which will eventually become a child of a Parent Domain.  I am not clear on the steps to do this.  Essentially the plan is create the child domain as a standalone domain.  At a later date the domain computers will be moved to a site where the domain will then be added as a member of the Parent (trust relationship granted)?  Any adivse regarding the correct steps would be appreciated as my expectation is that the standalone domain would be created and at a later time a trust would be applied between the parent and the new child domain?

    Thursday, March 1, 2012 2:38 PM

Answers

  • Hi,

    there is no way to achieve your goal.

    You have to migrate the users, computers and so one via ADMT  or another migration tool to a newly create child domain.

    http://technet.microsoft.com/en-us/library/cc974335(v=ws.10).aspx


    Regards, Martin Forch

    Thursday, March 1, 2012 2:48 PM
  • No this is not possible the domain will be in it's own forest.

    You would have to use ADMT to migrate the Domain into a new domain within your forest if you want the domain to be in the current forest at HQ. 

    You can create Forest Trust as well but the domain will still be in it's own forest.

    Thursday, March 1, 2012 3:37 PM
  • Hello,

    you cannot add a domain as child to another that way. This has to be done either direct at the beginning or you have to migrate them with ADMT or similar tools.

    So according to your description with creating the doamin at the vendor site and then adding to another forest will not work.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, March 1, 2012 8:51 PM
  • Hi,

    Thanks for your posting, but your description makes me confusion.

    > have to create the domain at the vendors shop. I have to create the domain at the vendors shop.

    So you mean the server now is not is your domain network?

    > As such have to build the domain at the vendors shop (thus standalone - only the Domain controller and the domain members are existing and not connect to the WWW).

    When you configure child domain, it will ask account (member of Enterprise Admins group in parent domain) credential for authentication, this need domain network. So you can’t configure the server to someone’s child domain with network connection.

    You may create a new domain in a new forest in isolate environment (vendors’ shop), then create trust relationship when you move it back to your domain network.

    For more information please refer to following MS articles:

    Checklist: Creating a new child domain
    http://technet.microsoft.com/en-us/library/cc779539(v=WS.10).aspx
    Create a new child domain
    http://technet.microsoft.com/en-us/library/cc787706(v=ws.10).aspx

    Lawrence

    TechNet Community Support

    Friday, March 2, 2012 7:39 AM
    Moderator
  • The viable option is to create a new forest/domain in your vendor site and later if you decide to move to existing AD infrastructure, you need some kind of migrations tools like ADMT or Quest tools.

    You will not be able to create a child domain since there is no connectivity between your domain and your vendors place. Also, to configure child domain, you need enterprise admin group membership which only exists in the parent domain and without contacting parent domain, you can't create a child domain. Child domain or additional domain in the forest is impossible without connectivity between root/parent domain.

    If you would like to know more about ADMT migration tool, take a look at below.

    http://awinish.wordpress.com/tag/admt/


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, March 2, 2012 8:47 AM
    Moderator

All replies

  • If you want a child domain then the DC must be connected to the root domain at all times. I'm not sure what you mean by stand alone domain then connecting this domain at a later point to be a child of another domain this can't happen. You can create a new domain that is not part of your current domain forest but you will not be able to connect this domain as a child domain to your current domain forest. You can however setup Domain trusts between the two domains but this is not consider a child domain instead consider two root domains connected with Forest\domain trusts.

    So, you need to make a decision if you want a child domain or a new forest. If you go with a child domain then you would be able to keep the same namespace for example, child.yourcurrentdomain.com. Now if you decide to create a new forest (domain) you would have to create a new namespace newdomainname.com

    Thursday, March 1, 2012 2:46 PM
  • Hi,

    there is no way to achieve your goal.

    You have to migrate the users, computers and so one via ADMT  or another migration tool to a newly create child domain.

    http://technet.microsoft.com/en-us/library/cc974335(v=ws.10).aspx


    Regards, Martin Forch

    Thursday, March 1, 2012 2:48 PM
  • Thanks for the reply guys.   I probably stated it incorrectly.  Essentially the domain I will be creating will be part of a forest structure.  However; the domain I am creating is at a vendors shop, so have to create the domain at the vendors shop.  I have no ability while at the vendors shop to see the forest, as our corporate practices do not permit this.  As such have to build the domain at the vendors shop (thus standalone - only the Domain controller and the domain members are existing and not connect to the WWW).  At a later date, will be moving the DC and associated computers to a location where the Forest structure exist.  Intention was to bring the newly created DC to the location and then provide trust relationship, but intention was to have the newly created domain as part of the forest tree.  Is this possible?
    Thursday, March 1, 2012 3:28 PM
  • No this is not possible the domain will be in it's own forest.

    You would have to use ADMT to migrate the Domain into a new domain within your forest if you want the domain to be in the current forest at HQ. 

    You can create Forest Trust as well but the domain will still be in it's own forest.

    Thursday, March 1, 2012 3:37 PM
  • Thanks guys - that helps
    Thursday, March 1, 2012 3:52 PM
  • Hello,

    you cannot add a domain as child to another that way. This has to be done either direct at the beginning or you have to migrate them with ADMT or similar tools.

    So according to your description with creating the doamin at the vendor site and then adding to another forest will not work.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, March 1, 2012 8:51 PM
  • Hi,

    Thanks for your posting, but your description makes me confusion.

    > have to create the domain at the vendors shop. I have to create the domain at the vendors shop.

    So you mean the server now is not is your domain network?

    > As such have to build the domain at the vendors shop (thus standalone - only the Domain controller and the domain members are existing and not connect to the WWW).

    When you configure child domain, it will ask account (member of Enterprise Admins group in parent domain) credential for authentication, this need domain network. So you can’t configure the server to someone’s child domain with network connection.

    You may create a new domain in a new forest in isolate environment (vendors’ shop), then create trust relationship when you move it back to your domain network.

    For more information please refer to following MS articles:

    Checklist: Creating a new child domain
    http://technet.microsoft.com/en-us/library/cc779539(v=WS.10).aspx
    Create a new child domain
    http://technet.microsoft.com/en-us/library/cc787706(v=ws.10).aspx

    Lawrence

    TechNet Community Support

    Friday, March 2, 2012 7:39 AM
    Moderator
  • The viable option is to create a new forest/domain in your vendor site and later if you decide to move to existing AD infrastructure, you need some kind of migrations tools like ADMT or Quest tools.

    You will not be able to create a child domain since there is no connectivity between your domain and your vendors place. Also, to configure child domain, you need enterprise admin group membership which only exists in the parent domain and without contacting parent domain, you can't create a child domain. Child domain or additional domain in the forest is impossible without connectivity between root/parent domain.

    If you would like to know more about ADMT migration tool, take a look at below.

    http://awinish.wordpress.com/tag/admt/


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, March 2, 2012 8:47 AM
    Moderator