Re: Merge networks

that beer thing..... THAT is ALWAYS a good idea! ;-)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uw%23MVn7YGHA.4836@xxxxxxxxxxxxxxxxxxxxxxx
Ok, I was going to offer you a beer. Figured you might be helping
(Speaking possibly).

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:OXZYXpyYGHA.4432@xxxxxxxxxxxxxxxxxxxxxxx
I wish... ;-)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:Og0E4gyYGHA.3868@xxxxxxxxxxxxxxxxxxxxxxx
jorge,
Are you going to be at TechEd in Boston?

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:uMDGnUiYGHA.508@xxxxxxxxxxxxxxxxxxxxxxx
Migration high level steps are:
* Make sure the AD has been configured (sites, subnets, replication,
OUs,
GPOs, delegations, DNS, WINS, DHCP, etc.)
* Setup name resolution (WINS or DNS) between source and target
domain/forest
* Setup trusts (if an external trust is configured and sidhistory is
used,
disable sid filtering)
* Install and configure migration tooling
* Migrate groups, user accounts with passwords and group memberships
(with
sidhistory)
* Migrate clients from the source domain to the target domain,
translate
security on the client, and translate profiles (at this moment users
start
logging on with their new AD account on the migrated clients that have
been
migrated previously to the w2k3 domain)
* Migrate mailboxes if needed
* Migrate servers to the new domain or migrate data to new servers
* Translate security (Re-ACL) of the data/resources from source
security
principals to target security principals (replace the security
descriptors
from the old domain with the security descriptors from the new domain )
* Cleanup temporary configurations
* Cleanup sidhistory (recommended!). sIDHistory is used to access
resources
while those resources still have security descriptors from the old
domain.
As soon as all data (file, folders, mailboxes, etc.) have been
re-ACL-ed
sIDHistory can be cleaned. Sidhistory should only be used temporary for
migration purposes!
* Remove trusts
* Decommission old domain(s)


For more info on migrating to an AD domain also see:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/default.mspx

ADMTv3 has been out for a while, so be sure to use that version.
(http://www.microsoft.com/downloads/details.aspx?familyid=6F86937B-533A-466D-A8E8-AFF85AD3D212&displaylang=en)

DOMAIN A ------------------> DOMAIN B
^ ^ ^
| | |
| trust |
| |
| incoming
outgoing



SID filtering is ALWAYS configured on the outgoing part of a trust!
(not
saying now if it is disabled or not!!!)
On the outgoing trust (source --> target) sidfiltering is enabled by
default
if the trusts was created on a W2KSP4 DC or higher (it is disabled by
default if the trust was created on a W2KSP3 DC or earlier(and thus NT4
also!). This TRUE for external trusts, but not for forest trusts (only
possible between W2K3 forests with both Forest functional level Windows
Server 2003) (what the document says about forest trust and SID
filtering
being enabled is WRONG!)
For more info see:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/31915de7-ff58-4f26-a8ec-450ffca75912.mspx


If you want to use sidhistory then sid filtering will have impact on
that if
SID filtering is enabled on the outgoing side of the trust. Disable it
for
the moment you use sidhistory if it is enabled

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Daniel" <Daniel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5ACE8612-0C4A-43D5-8A05-9984623C9DC2@xxxxxxxxxxxxxxxx
I have 2 x Win 2003 networks that I wish to "merge". I am aware that I
will
need to migrate one network onto the other. Can anyone advise where I
could
find some good resources to do this?










.

Relevant Pages

  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ...
    (microsoft.public.windows.server.migration)
  • Re: Merge networks
    ... This posting is provided "AS IS" with no warranties, ... Setup trusts (if an external trust is configured and sidhistory is ... Translate security of the data/resources from source security ... SID filtering is ALWAYS configured on the outgoing part of a trust! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Merge networks
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... Setup trusts (if an external trust is configured and sidhistory is ... Translate security of the data/resources from source security ... SID filtering is ALWAYS configured on the outgoing part of a trust! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Merge networks
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ... SID filtering is ALWAYS configured on the outgoing part of a trust! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Least User Priviledges for Network Administrators
    ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ...
    (microsoft.public.windowsxp.security_admin)