Tree Domain Isolation in Windows Server 2012

Hi Mates,

I hope you all good and doing great. I had a scenario in which i want to isolate my tree from forest. I had a forest abc.com and and subdomain tree called xyz.com and def.com in windows server 2012. Now i want to separate my xyz.com from forest abc.com. Is there any possiblity to do that without any impact on user and group policies of xyz.com in windows server 2012 environment. In-short i do not wanna any cross forest migration. I googled but found nothing :(. Any help related to this would be highly appreciated.

Regards,

Mohsin 


June 16th, 2014 10:44am

No this is not possible, the first domain created in the forest is and will always be the root domain, only supported solution is to build a new forest and migrate objects and resources over.
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2014 11:24am

Depending on your goals, you might be able to accomplish SOME of this with domain isolation with IPSEC: http://www.microsoft.com/en-us/download/details.aspx?id=18358. But it is not an easy thing to set up and it may not meet all your goals. But it would not require rebuilding the domain.

Otherwise as Christoffer said, there is little you can do to isolate a tree within a forest.

June 16th, 2014 1:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics