Windows Server 2003 DC transfer from one forest to other
Dear All, Please help me for the below scenario. I am a child domain in the worldwide forest of my company. i have 2 DC in my domain. I have multiple users in my domain and i am using Exchange Server 2003 for the email. And the main Exchange server is also on co-location of our company. Now our parent company management is changed, so i have to separate my domain and exchange from the existing company's forest. there are two possible scenario's: i will transfer my domain from this forest to New company forest. Is it possible through ADMT? And how please refer me to some detail step by step procedure.I will make my DC the first DC in the forest(i mean i will create my own forest using my existing DC's and same domain name). For this purpose i dont know the way to go through,how can i achieve this please help? Also please tell me if there are any other possible problems i can face after getting separate from the forest. Best Regards, Rashid Ali
May 11th, 2012 10:04am

Hello, i will transfer my domain from this forest to New company forest. Is it possible through ADMT? And how please refer me to some detail step by step procedure. You can create a new domain in a new forest and then migrate your AD resources using ADMT to the new domain. Note that the new domain should have: Different SIDDifferent DNS nameDifferent NetBIOS name You have to prepare a migration plan. Details in the official guide: http://www.microsoft.com/en-us/download/details.aspx?id=19188 I will make my DC the first DC in the forest(i mean i will create my own forest using my existing DC's and same domain name). For this purpose i dont know the way to go through,how can i achieve this please help? If you want to use an existing DC then you will have to demote it and then to create a new domain in a new AD forest on it. Before demoting it, you will need: To transfer FSMO roles to another DC if it is an FSMO holder. Run netdom query fsmo to get the list of FSMO holdersCheck that there is at least a healthy DC / DNS / GC server in your actual AD domain. For diagnosis, you can run dcdiag /v /e on DCs you have There is no issue by having a new AD forest. Just see if you will need migrating applications and if they support interaction with users in a separate AD forest. Don't forget to create the trust relationship between forests! You can create a Forest trust relationship if your FFL is Windows Server 2003 or higher. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 11th, 2012 10:17am

Hi, Thanks for the prompt reply. i understood the first of the solution and i believe i am loosing non of my user of AD objects in scenario1. In the second solution u have provided me is also understood, but i think i will loose all the AD user and settings in this procedure. is it so? Please note that i don't want to loose any AD object, specially the users because i am running the email as well. and also want to give minimum down time to my users. Please also refer to any of the KB articles for ADMT migration and New forest creation if there are any. Thank you. Rashid
May 11th, 2012 10:33am

There is AD object loss when migrating using ADMT. You asked if you were able to use an existing DC for the new forest. I said no since it is already a DC for a domain. So, if this is your question then you will need to demote it. If this is the only DC that you have in this domain then of course you will lose your AD domain. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 11th, 2012 10:44am

i have 2 DC's in my domain as i have already mentioned in above post. Is there any way not to loose my AD objects specially users. Regards,
May 11th, 2012 11:16am

i have 2 DC's in my domain as i have already mentioned in above post. Is there any way not to loose my AD objects specially users. Regards, Since you don't demote the two DCs, there is no issue with your current AD objects. If you want to demote a DC then please check that the other is a DC / DNS / GC server and run dcdiag /v against them to check if there is any problem before demoting. For ADMT, it will not delete your users since it creates copies of them. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 11th, 2012 11:22am

Objective- Create new domain with same name in new/separate forest Retain AD objects from existing domain. Solution- Create new domain Establish trust with existing domain/forestUse ADMT to migrate AD objects to new domain Problems- To use ADMT to migrate AD objects to another domain, the 2 domain names CAN'T be same. You have 2 DCs, which cannot be used for new domain as one DC wont work with 2 domains. Workaround- Create new domain with a different name. e.g. if your existing domain name is abc.contoso.com, you can create new domain with name abc.com or abc.net etc. This way you will be able to migrate the AD objects to new domain without issues.Your existing domain can work with single DC as well hence you can demote the second DC, remove it from the domain and promote it for new domain, once ADMT AD object migration is done you can use both DCs in the new domain as old domain wont be used. - Sachin Gadhave MCP, MCSA, MCTS
May 11th, 2012 12:37pm

Hi, Thank you for the feedback. Sachin: can you please suggest that is it possible that i simply disconnect my existing domain abc.com from the forest (the connectivity with the co-location is through a firewall that is making a VPN with my co-location. to disconnect i simply bypass the firewall.) If i disconnect as i mentioned. will my domain abc.com operate separately? can i make my domain abc.com a first domain in the forest/ (i mean can i make the forest on this existing domain) Please suggest. Regards, Rashid Ali
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2012 4:24am

Hi, Thank you for the feedback. Sachin: can you please suggest that is it possible that i simply disconnect my existing domain abc.com from the forest (the connectivity with the co-location is through a firewall that is making a VPN with my co-location. to disconnect i simply bypass the firewall.) If i disconnect as i mentioned. will my domain abc.com operate separately? can i make my domain abc.com a first domain in the forest/ (i mean can i make the forest on this existing domain) Please suggest. Regards, Rashid Ali No! Domain is AD logical structure which is reliant part of AD forest that it was created in. You cannot simply detach it. It cannot work separately, the only way is to migrate it as described in my earlier reply. Sachin Gadhave MCP, MCSA, MCTS
May 14th, 2012 4:34am

Thank you again sachin, i understood what you said. but the problem is i want to use the same domain name that is my registered domain name. so i demote one of my DC that is BDC and dcpromo it for the new forest but is it possible i give it to the same abc.com domain name (as it is registered from us)? As simultaneously my PDC is running already with the same domain name.:-( how i will manage this conflict? Regards, Rashid
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2012 8:16am

You said your domain is the child domain in worldwide company forest, so for example- if your forest root domain is contoso.com then your child domain is pakistan.contoso.com. So what you can do is promote your new DC with root domain name as pakistan.com, then the old domain FQDN i.e. pakistan.contoso.com and the new domain FQDN i.e. pakistan.com will be different. Then the migration should work. Hope you got my point.Sachin Gadhave MCP, MCSA, MCTS
May 14th, 2012 8:25am

Hi sachin, you are absolutely right but in our company each of the country has a separate domain name as i have pakistan.com same as india.com and so on. but we all are connected via VPN at our co-location netherlands.com will my domain Pakistan.com work separately if i bypass the firewall connecting me to netherlands.com? Regards,
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 4:05am

Yes after migrating to seperate Pakistan.com domain you can establish active directory trust with netherlands.com domain to connect and share resources. For this, as you said you will need to setup physical connectivity, DNS name resoultion and open firewall for your domain.Sachin Gadhave MCP, MCSA, MCTS
May 15th, 2012 4:15am

i am sorry to say but u might not understand my last question. Well i have already have a trust between my domain abpakistan.com and ab.com(mother domain of our company). Now i will simply going to disconnected with ab.com (my question is that abpakistan.com will work properly?) if it does't work i will surly transfer my ADS to another DC. for this purpose i will demote one of my DC in abpakistan.com and make a new installation on this machine. then i will promote it as a new domain e.g. xypakistan.com. now i want to transfer the object of abpakistan.com to xypakistan.com. how these two different domains communicate? do i plug the xypakistan.com in the same LAN of abpakistan.com? and they will start communicating?
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 8:40am

Now i will simply going to disconnected with ab.com (my question is that abpakistan.com will work properly?) We never said this is possible, this is not an option. Read my previous posts. You cannot disconnect a domain from it's forest. if it does't work i will surly transfer my ADS to another DC. for this purpose i will demote one of my DC in abpakistan.com and make a new installation on this machine. then i will promote it as a new domain e.g. xypakistan.com. now i want to transfer the object of abpakistan.com to xypakistan.com. how these two different domains communicate? This is what you have to!!!! do i plug the xypakistan.com in the same LAN of abpakistan.com? and they will start communicating? Yes as I said you need to have network connectivity between both domains, you can promote the new DC/domain in the same LAN also. Then you would need to establish trust between the old and new domain in order to migrate the AD objects. Look at these links for migartion help- http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc974412(v=ws.10).aspx Sachin Gadhave MCP, MCSA, MCTS
May 15th, 2012 9:11am

Thank you very much for the confirmation sachin :-) let me add a test server in my domain before they get me out from the existing forest.....just tell me two last thing. if i add a test server in existing environment with the same domain name ab.com will it work or i have to use any other domain name (i am asking this because i have the hosting of ab.com)In AD objects migration it will create a copy of the objects in the new server or IT WILL MOVE THE OBJECTS FROM EXISTING? (or ADMT gives both options) Regards, Rashid
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 10:56am

Thanks for the advice guys!Art Market
May 15th, 2012 12:19pm

You can create a new domain with any other name than the source domain for ADMT migration as i said earlier. You can create it within the same network but it has to be a new domain in new forest with separate DNS, later you will enable setup trust between the old and new domain. My understanding is that for intraforest (domains within the same forest) migration objects are moved , you cannot create a copy. In interforest (domains from separate forests) migration you can migrate copies of the object keeping the exisitng object intact. I suggest you spend some time planning the entire process because it tends to get complicated as there are many things in consideration here- go through all these articles to plan the migratin - Download ADMT 3.2 here - http://www.microsoft.com/downloads/en/details.aspx?familyid=6D710919-1BA5-41CA-B2F3-C11BCB4857AF&displaylang=en Best Practices for Active Directory Migration - http://technet.microsoft.com/pt-pt/library/cc974412%28WS.10%29.aspx Checklist: Performing an Interforest Migration - http://technet.microsoft.com/pt-pt/library/cc974327%28WS.10%29.aspx ADMT Guide: Migrating and Restructuring Active Directory Domains - http://technet.microsoft.com/en-us/library/cc974332%28WS.10%29.aspx Sachin Gadhave MCP, MCSA, MCTS
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 12:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics